admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-03-28 09:00:33 +00:00
parent a2ef37c840
commit 1ff2266797
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 526 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2025/1xxx/CVE-2025-1705.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1705",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The tagDiv Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation within the td_ajax_get_views AJAX action. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "tagDiv",
"product": {
"product_data": [
{
"product_name": "tagDiv Composer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "5.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2aaa8c34-cf7b-4630-adc8-cbb534deff89?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2aaa8c34-cf7b-4630-adc8-cbb534deff89?source=cve"
},
{
"url": "https://tagdiv.com/tagdiv-composer-page-builder-basics/",
"refsource": "MISC",
"name": "https://tagdiv.com/tagdiv-composer-page-builder-basics/"
},
{
"url": "https://themeforest.net/item/newspaper/5489609",
"refsource": "MISC",
"name": "https://themeforest.net/item/newspaper/5489609"
},
{
"url": "https://tagdiv.com/newspaper-changelog/",
"refsource": "MISC",
"name": "https://tagdiv.com/newspaper-changelog/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Truoc Phan"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}
]
}

18
2025/27xxx/CVE-2025-27130.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27130",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

69
2025/27xxx/CVE-2025-27567.json
View File

@ -1,17 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27567",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KDDI CORPORATION",
"product": {
"product_data": [
{
"product_name": "HGW-BL1500HM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver 002.002.003 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5",
"refsource": "MISC",
"name": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5"
},
{
"url": "https://jvn.jp/en/jp/JVN04278547/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN04278547/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseSeverity": "MEDIUM",
"baseScore": 5.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
}
]
}

69
2025/27xxx/CVE-2025-27574.json
View File

@ -1,17 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27574",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KDDI CORPORATION",
"product": {
"product_data": [
{
"product_name": "HGW-BL1500HM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver 002.002.003 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5",
"refsource": "MISC",
"name": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5"
},
{
"url": "https://jvn.jp/en/jp/JVN04278547/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN04278547/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseSeverity": "LOW",
"baseScore": 3.6,
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
}
]
}

69
2025/27xxx/CVE-2025-27716.json
View File

@ -1,17 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27716",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper limitation of a pathname to a restricted directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KDDI CORPORATION",
"product": {
"product_data": [
{
"product_name": "HGW-BL1500HM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver 002.002.003 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5",
"refsource": "MISC",
"name": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5"
},
{
"url": "https://jvn.jp/en/jp/JVN04278547/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN04278547/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseSeverity": "MEDIUM",
"baseScore": 6.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
]
}

69
2025/27xxx/CVE-2025-27718.json
View File

@ -1,17 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27718",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or arbitrary code may be executed by a crafted HTTP request to specific functions of the product from a device connected to the LAN side."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper limitation of a pathname to a restricted directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KDDI CORPORATION",
"product": {
"product_data": [
{
"product_name": "HGW-BL1500HM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver 002.002.003 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5",
"refsource": "MISC",
"name": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5"
},
{
"url": "https://jvn.jp/en/jp/JVN04278547/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN04278547/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseSeverity": "HIGH",
"baseScore": 8.8,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
]
}

69
2025/27xxx/CVE-2025-27726.json
View File

@ -1,17 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27726",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper limitation of a pathname to a restricted directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KDDI CORPORATION",
"product": {
"product_data": [
{
"product_name": "HGW-BL1500HM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver 002.002.003 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5",
"refsource": "MISC",
"name": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5"
},
{
"url": "https://jvn.jp/en/jp/JVN04278547/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN04278547/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseSeverity": "LOW",
"baseScore": 2.1,
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}

69
2025/27xxx/CVE-2025-27932.json
View File

@ -1,17 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27932",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the device or cause a denial of service (DoS) condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper limitation of a pathname to a restricted directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "KDDI CORPORATION",
"product": {
"product_data": [
{
"product_name": "HGW-BL1500HM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Ver 002.002.003 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5",
"refsource": "MISC",
"name": "https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5"
},
{
"url": "https://jvn.jp/en/jp/JVN04278547/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN04278547/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseSeverity": "HIGH",
"baseScore": 8.1,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"
}
]
}

18
2025/2xxx/CVE-2025-2904.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2904",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/2xxx/CVE-2025-2905.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2905",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}