admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-08 12:00:37 +00:00
parent 472baaff1b
commit 23fdaf1bcb
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 297 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2025/27xxx/CVE-2025-27936.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27936",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

96
2025/2xxx/CVE-2025-2568.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2568",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' function in versions 1.0.4 to 1.2.1. This makes it possible for unauthenticated attackers to read plugin options and update any option with a key name ending in '_value'."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "themehunk",
"product": {
"product_data": [
{
"product_name": "Vayu Blocks \u2013 Gutenberg Blocks for WordPress & WooCommerce",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0.4",
"version_value": "1.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27ca93a1-3dfc-4bbd-834a-1c04d9e22ebf?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/27ca93a1-3dfc-4bbd-834a-1c04d9e22ebf?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/function.php#L126",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/function.php#L126"
},
{
"url": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/function.php#L133",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/function.php#L133"
},
{
"url": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/function.php#L139",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/function.php#L139"
},
{
"url": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/function.php#L182",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/vayu-blocks/trunk/inc/function.php#L182"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3263702/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3263702/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Kenneth Dunn"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

96
2025/2xxx/CVE-2025-2876.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2876",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The MelaPress Login Security and MelaPress Login Security Premium plugins for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'monitor_admin_actions' function in version 2.1.0. This makes it possible for unauthenticated attackers to delete any user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "melapress",
"product": {
"product_data": [
{
"product_name": "MelaPress Login Security Premium",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.1.0"
}
]
}
},
{
"product_name": "MelaPress Login Security",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/559cbc69-85b6-4bad-9bb2-26d64195ba7e?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/559cbc69-85b6-4bad-9bb2-26d64195ba7e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/melapress-login-security/trunk/app/modules/temporary-logins/class-temporary-logins.php#L71",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/melapress-login-security/trunk/app/modules/temporary-logins/class-temporary-logins.php#L71"
},
{
"url": "https://melapress.com/wordpress-login-security/releases/",
"refsource": "MISC",
"name": "https://melapress.com/wordpress-login-security/releases/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3267748/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3267748/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Michelle Porter"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

63
2025/30xxx/CVE-2025-30166.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. The vulnerability was discovered in the /admin/email/send-test-email endpoint using the POST method. The vulnerable parameter is content, which permits the injection of arbitrary HTML code during the email sending process. While JavaScript code injection is blocked through filtering, HTML code injection remains possible. This vulnerability is fixed in 1.7.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pimcore",
"product": {
"product_data": [
{
"product_name": "admin-ui-classic-bundle",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.7.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg",
"refsource": "MISC",
"name": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-x82r-6j37-vrgg"
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e",
"refsource": "MISC",
"name": "https://github.com/pimcore/admin-ui-classic-bundle/commit/76b690d4f8fcd9c9d41766bc5238c2513242e60e"
}
]
},
"source": {
"advisory": "GHSA-x82r-6j37-vrgg",
"discovery": "UNKNOWN"
}
}

18
2025/31xxx/CVE-2025-31947.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31947",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/3xxx/CVE-2025-3446.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3446",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}