diff --git a/2021/4xxx/CVE-2021-4455.json b/2021/4xxx/CVE-2021-4455.json
new file mode 100644
index 00000000000..fb036f2d378
--- /dev/null
+++ b/2021/4xxx/CVE-2021-4455.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2021-4455",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/24xxx/CVE-2025-24914.json b/2025/24xxx/CVE-2025-24914.json
index dff3c9b007e..83b543940c1 100644
--- a/2025/24xxx/CVE-2025-24914.json
+++ b/2025/24xxx/CVE-2025-24914.json
@@ -1,17 +1,111 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24914",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vulnreport@tenable.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-276 Incorrect Default Permissions",
+ "cweId": "CWE-276"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Tenable",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Nessus",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "10.8.4",
+ "status": "affected",
+ "version": "0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.tenable.com/security/tns-2025-05",
+ "refsource": "MISC",
+ "name": "https://www.tenable.com/security/tns-2025-05"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "tns-2025-05",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Tenable has released Nessus 10.8.4 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/nessus\n\n
"
+ }
+ ],
+ "value": "Tenable has released Nessus 10.8.4 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/nessus https://www.tenable.com/downloads/nessus"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/28xxx/CVE-2025-28355.json b/2025/28xxx/CVE-2025-28355.json
index 8fded6a6aad..4108059b3e3 100644
--- a/2025/28xxx/CVE-2025-28355.json
+++ b/2025/28xxx/CVE-2025-28355.json
@@ -1,17 +1,71 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2025-28355",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2025-28355",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/Volmarg/personal-management-system",
+ "refsource": "MISC",
+ "name": "https://github.com/Volmarg/personal-management-system"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/abbisQQ/CVE-2025-28355/tree/main",
+ "url": "https://github.com/abbisQQ/CVE-2025-28355/tree/main"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/Volmarg/personal-management-system/issues/149",
+ "url": "https://github.com/Volmarg/personal-management-system/issues/149"
}
]
}
diff --git a/2025/30xxx/CVE-2025-30287.json b/2025/30xxx/CVE-2025-30287.json
index afe2bb60e8a..408373a5fe7 100644
--- a/2025/30xxx/CVE-2025-30287.json
+++ b/2025/30xxx/CVE-2025-30287.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application."
+ "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed."
}
]
},
diff --git a/2025/30xxx/CVE-2025-30288.json b/2025/30xxx/CVE-2025-30288.json
index 5dace0dfee3..4140b162d18 100644
--- a/2025/30xxx/CVE-2025-30288.json
+++ b/2025/30xxx/CVE-2025-30288.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction."
+ "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed."
}
]
},
@@ -77,35 +77,35 @@
"impact": {
"cvss": [
{
- "attackComplexity": "HIGH",
+ "attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
- "baseScore": 7.8,
+ "baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 7.9,
+ "environmentalScore": 8.3,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
- "modifiedAttackComplexity": "HIGH",
+ "modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "LOW",
"modifiedScope": "CHANGED",
- "modifiedUserInteraction": "NONE",
+ "modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
- "temporalScore": 7.8,
+ "temporalScore": 8.2,
"temporalSeverity": "HIGH",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
diff --git a/2025/30xxx/CVE-2025-30289.json b/2025/30xxx/CVE-2025-30289.json
index 3c3e3f92c5d..b1232bcadc2 100644
--- a/2025/30xxx/CVE-2025-30289.json
+++ b/2025/30xxx/CVE-2025-30289.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction."
+ "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application."
}
]
},
@@ -77,35 +77,35 @@
"impact": {
"cvss": [
{
- "attackComplexity": "HIGH",
+ "attackComplexity": "LOW",
"attackVector": "LOCAL",
- "availabilityImpact": "NONE",
+ "availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
- "baseScore": 7.5,
+ "baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 7.5,
+ "environmentalScore": 8.3,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
- "modifiedAttackComplexity": "HIGH",
+ "modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
- "modifiedAvailabilityImpact": "NONE",
+ "modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "LOW",
"modifiedScope": "CHANGED",
- "modifiedUserInteraction": "NONE",
+ "modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
- "temporalScore": 7.5,
+ "temporalScore": 8.2,
"temporalSeverity": "HIGH",
- "userInteraction": "NONE",
- "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
diff --git a/2025/30xxx/CVE-2025-30291.json b/2025/30xxx/CVE-2025-30291.json
index 23782735985..00482ba7084 100644
--- a/2025/30xxx/CVE-2025-30291.json
+++ b/2025/30xxx/CVE-2025-30291.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to gain access to sensitive information which could be used to further compromise the system or bypass security mechanisms. Exploitation of this issue does not require user interaction."
+ "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. A low privileged attacker with local access could leverage this vulnerability to gain access to sensitive information which could be used to further compromise the system or bypass security mechanisms. Exploitation of this issue does not require user interaction."
}
]
},
@@ -81,11 +81,11 @@
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
- "baseScore": 6.2,
+ "baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 6.2,
+ "environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
@@ -95,17 +95,17 @@
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
- "modifiedPrivilegesRequired": "NONE",
+ "modifiedPrivilegesRequired": "LOW",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "NONE",
- "privilegesRequired": "NONE",
+ "privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
- "temporalScore": 6.2,
+ "temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
diff --git a/2025/30xxx/CVE-2025-30293.json b/2025/30xxx/CVE-2025-30293.json
index 0a103f845c2..214ebca64a3 100644
--- a/2025/30xxx/CVE-2025-30293.json
+++ b/2025/30xxx/CVE-2025-30293.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+ "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized write access. Exploitation of this issue does not require user interaction and scope is changed."
}
]
},
diff --git a/2025/30xxx/CVE-2025-30294.json b/2025/30xxx/CVE-2025-30294.json
index 346a0371915..67f501ff14b 100644
--- a/2025/30xxx/CVE-2025-30294.json
+++ b/2025/30xxx/CVE-2025-30294.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+ "value": "ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security protections and gain unauthorized read access. Exploitation of this issue does not require user interaction and scope is changed."
}
]
},
@@ -81,12 +81,12 @@
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
- "baseScore": 6.5,
- "baseSeverity": "MEDIUM",
+ "baseScore": 7.7,
+ "baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
- "environmentalScore": 6.5,
- "environmentalSeverity": "MEDIUM",
+ "environmentalScore": 7.7,
+ "environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
@@ -96,16 +96,16 @@
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "LOW",
- "modifiedScope": "UNCHANGED",
+ "modifiedScope": "CHANGED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
- "scope": "UNCHANGED",
- "temporalScore": 6.5,
- "temporalSeverity": "MEDIUM",
+ "scope": "CHANGED",
+ "temporalScore": 7.7,
+ "temporalSeverity": "HIGH",
"userInteraction": "NONE",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
diff --git a/2025/3xxx/CVE-2025-3810.json b/2025/3xxx/CVE-2025-3810.json
new file mode 100644
index 00000000000..b151215196a
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3810.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3810",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3811.json b/2025/3xxx/CVE-2025-3811.json
new file mode 100644
index 00000000000..042d7c87c5a
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3811.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3811",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3812.json b/2025/3xxx/CVE-2025-3812.json
new file mode 100644
index 00000000000..e937f1ad001
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3812.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3812",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file