From 25eafacad44bfbeaa1d2d61849008222fedb843d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 30 Apr 2025 09:00:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/2xxx/CVE-2025-2890.json | 86 ++++++++++++++++++++++++++++-- 2025/36xxx/CVE-2025-36537.json | 18 +++++++ 2025/41xxx/CVE-2025-41421.json | 18 +++++++ 2025/44xxx/CVE-2025-44002.json | 18 +++++++ 2025/44xxx/CVE-2025-44016.json | 18 +++++++ 2025/46xxx/CVE-2025-46266.json | 18 +++++++ 2025/46xxx/CVE-2025-46801.json | 18 +++++++ 2025/4xxx/CVE-2025-4124.json | 95 ++++++++++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4125.json | 95 ++++++++++++++++++++++++++++++++-- 2025/4xxx/CVE-2025-4129.json | 18 +++++++ 2025/4xxx/CVE-2025-4130.json | 18 +++++++ 2025/4xxx/CVE-2025-4131.json | 18 +++++++ 12 files changed, 426 insertions(+), 12 deletions(-) create mode 100644 2025/36xxx/CVE-2025-36537.json create mode 100644 2025/41xxx/CVE-2025-41421.json create mode 100644 2025/44xxx/CVE-2025-44002.json create mode 100644 2025/44xxx/CVE-2025-44016.json create mode 100644 2025/46xxx/CVE-2025-46266.json create mode 100644 2025/46xxx/CVE-2025-46801.json create mode 100644 2025/4xxx/CVE-2025-4129.json create mode 100644 2025/4xxx/CVE-2025-4130.json create mode 100644 2025/4xxx/CVE-2025-4131.json diff --git a/2025/2xxx/CVE-2025-2890.json b/2025/2xxx/CVE-2025-2890.json index 70068e6e01a..eb5e74fdbce 100644 --- a/2025/2xxx/CVE-2025-2890.json +++ b/2025/2xxx/CVE-2025-2890.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2890", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018subscriptionCouponId\u2019 parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "TagDiv", + "product": { + "product_data": [ + { + "product_name": "tagDiv Opt-In Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fff1cff1-6745-4124-ba93-8b0749eae61a?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fff1cff1-6745-4124-ba93-8b0749eae61a?source=cve" + }, + { + "url": "https://tagdiv.com/newspaper-changelog/", + "refsource": "MISC", + "name": "https://tagdiv.com/newspaper-changelog/" + }, + { + "url": "https://themeforest.net/item/newspaper/5489609", + "refsource": "MISC", + "name": "https://themeforest.net/item/newspaper/5489609" + }, + { + "url": "https://tagdiv.com/tagdiv-opt-in-builder/", + "refsource": "MISC", + "name": "https://tagdiv.com/tagdiv-opt-in-builder/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Truoc Phan" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" } ] } diff --git a/2025/36xxx/CVE-2025-36537.json b/2025/36xxx/CVE-2025-36537.json new file mode 100644 index 00000000000..05b7c1e8732 --- /dev/null +++ b/2025/36xxx/CVE-2025-36537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-36537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/41xxx/CVE-2025-41421.json b/2025/41xxx/CVE-2025-41421.json new file mode 100644 index 00000000000..285e72af84e --- /dev/null +++ b/2025/41xxx/CVE-2025-41421.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-41421", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/44xxx/CVE-2025-44002.json b/2025/44xxx/CVE-2025-44002.json new file mode 100644 index 00000000000..91affe86468 --- /dev/null +++ b/2025/44xxx/CVE-2025-44002.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-44002", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/44xxx/CVE-2025-44016.json b/2025/44xxx/CVE-2025-44016.json new file mode 100644 index 00000000000..53f32b11d3d --- /dev/null +++ b/2025/44xxx/CVE-2025-44016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-44016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46266.json b/2025/46xxx/CVE-2025-46266.json new file mode 100644 index 00000000000..461ad92a21d --- /dev/null +++ b/2025/46xxx/CVE-2025-46266.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-46266", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/46xxx/CVE-2025-46801.json b/2025/46xxx/CVE-2025-46801.json new file mode 100644 index 00000000000..6bbb8c8a9b4 --- /dev/null +++ b/2025/46xxx/CVE-2025-46801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-46801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/4xxx/CVE-2025-4124.json b/2025/4xxx/CVE-2025-4124.json index 2c478b9d59f..c827059f253 100644 --- a/2025/4xxx/CVE-2025-4124.json +++ b/2025/4xxx/CVE-2025-4124.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Delta.PSIRT@deltaww.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delta Electronics", + "product": { + "product_data": [ + { + "product_name": "ISPSoft", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf", + "refsource": "MISC", + "name": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "defect": [ + "CISA" + ], + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Download and update to: v3.21 or later" + } + ], + "value": "Download and update to: v3.21 or later" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/4xxx/CVE-2025-4125.json b/2025/4xxx/CVE-2025-4125.json index 2ec6ddd45bc..33e4a5846d6 100644 --- a/2025/4xxx/CVE-2025-4125.json +++ b/2025/4xxx/CVE-2025-4125.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-4125", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "Delta.PSIRT@deltaww.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write", + "cweId": "CWE-787" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Delta Electronics", + "product": { + "product_data": [ + { + "product_name": "ISPSoft", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "3.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf", + "refsource": "MISC", + "name": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "defect": [ + "CISA" + ], + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Download and update to: v3.21 or later" + } + ], + "value": "Download and update to: v3.21 or later" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/4xxx/CVE-2025-4129.json b/2025/4xxx/CVE-2025-4129.json new file mode 100644 index 00000000000..1521f6c264c --- /dev/null +++ b/2025/4xxx/CVE-2025-4129.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-4129", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/4xxx/CVE-2025-4130.json b/2025/4xxx/CVE-2025-4130.json new file mode 100644 index 00000000000..4e2705b0d83 --- /dev/null +++ b/2025/4xxx/CVE-2025-4130.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-4130", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/4xxx/CVE-2025-4131.json b/2025/4xxx/CVE-2025-4131.json new file mode 100644 index 00000000000..4082f1f0870 --- /dev/null +++ b/2025/4xxx/CVE-2025-4131.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-4131", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file