diff --git a/2024/53xxx/CVE-2024-53568.json b/2024/53xxx/CVE-2024-53568.json index 8456e91c2ff..fc2433aa665 100644 --- a/2024/53xxx/CVE-2024-53568.json +++ b/2024/53xxx/CVE-2024-53568.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53568", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53568", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://medium.com/@rudranshsinghrajpurohit/cve-2024-53568-stored-cross-site-scripting-xss-vulnerability-in-volmarg-personal-management-cfbaec55046f", + "url": "https://medium.com/@rudranshsinghrajpurohit/cve-2024-53568-stored-cross-site-scripting-xss-vulnerability-in-volmarg-personal-management-cfbaec55046f" + }, + { + "refsource": "MISC", + "name": "https://www.getastra.com/blog/vulnerability/cve-2024-53568stored-cross-site-scripting-xss-vulnerability-in-volmarg-personal-management-system/", + "url": "https://www.getastra.com/blog/vulnerability/cve-2024-53568stored-cross-site-scripting-xss-vulnerability-in-volmarg-personal-management-system/" } ] } diff --git a/2024/53xxx/CVE-2024-53569.json b/2024/53xxx/CVE-2024-53569.json index 47aeb70f9b1..fe18a2796e0 100644 --- a/2024/53xxx/CVE-2024-53569.json +++ b/2024/53xxx/CVE-2024-53569.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53569", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53569", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the description parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://medium.com/@rudranshsinghrajpurohit/cve-2024-53569-stored-cross-site-scripting-xss-in-volmarg-personal-management-system-6cb0b9d6fe88", + "url": "https://medium.com/@rudranshsinghrajpurohit/cve-2024-53569-stored-cross-site-scripting-xss-in-volmarg-personal-management-system-6cb0b9d6fe88" + }, + { + "refsource": "MISC", + "name": "https://www.getastra.com/blog/vulnerability/cve-2024-53569stored-cross-site-scripting-xss-in-volmarg-personal-management-system/", + "url": "https://www.getastra.com/blog/vulnerability/cve-2024-53569stored-cross-site-scripting-xss-in-volmarg-personal-management-system/" } ] } diff --git a/2025/23xxx/CVE-2025-23253.json b/2025/23xxx/CVE-2025-23253.json index 32ec9fcba33..73fd0dc5458 100644 --- a/2025/23xxx/CVE-2025-23253.json +++ b/2025/23xxx/CVE-2025-23253.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-23253", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-547 Use of Hard-coded, Security-relevant Constants", + "cweId": "CWE-547" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "NVIDIA App", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions up to and including 11.0.2.337 (prod2 hotfix)" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5644", + "refsource": "MISC", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5644" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 2.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2025/29xxx/CVE-2025-29621.json b/2025/29xxx/CVE-2025-29621.json index d53ba2511e3..a4a72f1edc7 100644 --- a/2025/29xxx/CVE-2025-29621.json +++ b/2025/29xxx/CVE-2025-29621.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29621", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29621", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Francois Jacquet RosarioSIS v12.0.0 was discovered to contain a content spoofing vulnerability in the Theme configuration under the My Preferences module. This vulnerability allows attackers to manipulate application settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://medium.com/@rudranshsinghrajpurohit/content-spoofing-vulnerability-in-rosariosis-student-information-system-f6101e1ff84d", + "url": "https://medium.com/@rudranshsinghrajpurohit/content-spoofing-vulnerability-in-rosariosis-student-information-system-f6101e1ff84d" + }, + { + "refsource": "MISC", + "name": "https://www.getastra.com/blog/vulnerability/content-spoofing-vulnerability-in-rosariosis-student-information-system/", + "url": "https://www.getastra.com/blog/vulnerability/content-spoofing-vulnerability-in-rosariosis-student-information-system/" } ] } diff --git a/2025/31xxx/CVE-2025-31327.json b/2025/31xxx/CVE-2025-31327.json index b7ffc2f96d6..2138135d9d2 100644 --- a/2025/31xxx/CVE-2025-31327.json +++ b/2025/31xxx/CVE-2025-31327.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31327", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-472: External Control of Assumed-Immutable Web Parameter", + "cweId": "CWE-472" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP Field Logistics", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "S4CORE 107" + }, + { + "version_affected": "=", + "version_value": "108" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3359825", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3359825" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31328.json b/2025/31xxx/CVE-2025-31328.json index 4a84b321696..e9fca5d3e97 100644 --- a/2025/31xxx/CVE-2025-31328.json +++ b/2025/31xxx/CVE-2025-31328.json @@ -1,17 +1,96 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31328", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP_SE", + "product": { + "product_data": [ + { + "product_name": "SAP S/4 HANA (Learning Solution)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "S4HCMGXX 100" + }, + { + "version_affected": "=", + "version_value": "101" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://me.sap.com/notes/3446649", + "refsource": "MISC", + "name": "https://me.sap.com/notes/3446649" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "refsource": "MISC", + "name": "https://url.sap/sapsecuritypatchday" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] }