diff --git a/2024/23xxx/CVE-2024-23563.json b/2024/23xxx/CVE-2024-23563.json index 3690a9aae00..cc01a952076 100644 --- a/2024/23xxx/CVE-2024-23563.json +++ b/2024/23xxx/CVE-2024-23563.json @@ -1,17 +1,87 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-23563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", + "cweId": "CWE-200" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HCL Software", + "product": { + "product_data": [ + { + "product_name": "Connections Docs", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "2.0.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119097", + "refsource": "MISC", + "name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119097" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2024/57xxx/CVE-2024-57952.json b/2024/57xxx/CVE-2024-57952.json index c5686fcd2cc..bafe22ce9f5 100644 --- a/2024/57xxx/CVE-2024-57952.json +++ b/2024/57xxx/CVE-2024-57952.json @@ -1,18 +1,103 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-57952", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"libfs: fix infinite directory reads for offset dir\"\n\nThe current directory offset allocator (based on mtree_alloc_cyclic)\nstores the next offset value to return in octx->next_offset. This\nmechanism typically returns values that increase monotonically over\ntime. Eventually, though, the newly allocated offset value wraps\nback to a low number (say, 2) which is smaller than other already-\nallocated offset values.\n\nYu Kuai reports that, after commit 64a7ce76fb90\n(\"libfs: fix infinite directory reads for offset dir\"), if a\ndirectory's offset allocator wraps, existing entries are no longer\nvisible via readdir/getdents because offset_readdir() stops listing\nentries once an entry's offset is larger than octx->next_offset.\nThese entries vanish persistently -- they can be looked up, but will\nnever again appear in readdir(3) output.\n\nThe reason for this is that the commit treats directory offsets as\nmonotonically increasing integer values rather than opaque cookies,\nand introduces this comparison:\n\n\tif (dentry2offset(dentry) >= last_index) {\n\nOn 64-bit platforms, the directory offset value upper bound is\n2^63 - 1. Directory offsets will monotonically increase for millions\nof years without wrapping.\n\nOn 32-bit platforms, however, LONG_MAX is 2^31 - 1. The allocator\ncan wrap after only a few weeks (at worst).\n\nRevert commit 64a7ce76fb90 (\"libfs: fix infinite directory reads for\noffset dir\") to prepare for a fix that can work properly on 32-bit\nsystems and might apply to recent LTS kernels where shmem employs\nthe simple_offset mechanism." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "version_value": "9e9e710f68bac49bd9b587823c077d06363440e0" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "6.12.12", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.1", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/9e9e710f68bac49bd9b587823c077d06363440e0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/9e9e710f68bac49bd9b587823c077d06363440e0" + }, + { + "url": "https://git.kernel.org/stable/c/3f250b82040a72b0059ae00855a74d8570ad2147", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3f250b82040a72b0059ae00855a74d8570ad2147" + }, + { + "url": "https://git.kernel.org/stable/c/b662d858131da9a8a14e68661656989b14dbf113", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/b662d858131da9a8a14e68661656989b14dbf113" + } + ] + }, + "generator": { + "engine": "bippy-5f407fcff5a0" } } \ No newline at end of file diff --git a/2025/1xxx/CVE-2025-1200.json b/2025/1xxx/CVE-2025-1200.json index a7eb2ffa38c..1f64894da03 100644 --- a/2025/1xxx/CVE-2025-1200.json +++ b/2025/1xxx/CVE-2025-1200.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1200", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/app/slider_crud.php. The manipulation of the argument del_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In SourceCodester Best Church Management Software 1.1 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/app/slider_crud.php. Dank der Manipulation des Arguments del_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Best Church Management Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.295108", + "refsource": "MISC", + "name": "https://vuldb.com/?id.295108" + }, + { + "url": "https://vuldb.com/?ctiid.295108", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.295108" + }, + { + "url": "https://vuldb.com/?submit.496950", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.496950" + }, + { + "url": "https://github.com/Yesec/Best-church-management-software/blob/main/slider_crud.php_SQLi.md", + "refsource": "MISC", + "name": "https://github.com/Yesec/Best-church-management-software/blob/main/slider_crud.php_SQLi.md" + }, + { + "url": "https://www.sourcecodester.com/", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "YeSec (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/1xxx/CVE-2025-1249.json b/2025/1xxx/CVE-2025-1249.json new file mode 100644 index 00000000000..fe1f79f22d8 --- /dev/null +++ b/2025/1xxx/CVE-2025-1249.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1249", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/21xxx/CVE-2025-21698.json b/2025/21xxx/CVE-2025-21698.json index 3d0457d767c..eaa73ce4090 100644 --- a/2025/21xxx/CVE-2025-21698.json +++ b/2025/21xxx/CVE-2025-21698.json @@ -1,18 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null\"\n\nThis reverts commit 13014969cbf07f18d62ceea40bd8ca8ec9d36cec.\n\nIt is reported to cause crashes on Tegra systems, so revert it for now." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "version_value": "76e7577bb89b327abdf72d4c0d486074a17f712a" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.4.290", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.234", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.178", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.128", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.75", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.12", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.1", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/76e7577bb89b327abdf72d4c0d486074a17f712a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/76e7577bb89b327abdf72d4c0d486074a17f712a" + }, + { + "url": "https://git.kernel.org/stable/c/99c866bea85efdebfb6953a8a305f21ef5ca4991", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/99c866bea85efdebfb6953a8a305f21ef5ca4991" + }, + { + "url": "https://git.kernel.org/stable/c/20ce02f2f73af331dec76d3b8b78b18f4699db05", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/20ce02f2f73af331dec76d3b8b78b18f4699db05" + }, + { + "url": "https://git.kernel.org/stable/c/33233b06ad15730d0463e8f152db2eca15c7f498", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/33233b06ad15730d0463e8f152db2eca15c7f498" + }, + { + "url": "https://git.kernel.org/stable/c/3d8f4dc8c78ffd77a4106614977c1e51531690f7", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/3d8f4dc8c78ffd77a4106614977c1e51531690f7" + }, + { + "url": "https://git.kernel.org/stable/c/bb50dc2aa49dcb5cc81205d814c08337b5da28ac", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/bb50dc2aa49dcb5cc81205d814c08337b5da28ac" + }, + { + "url": "https://git.kernel.org/stable/c/f8b8883ad76d36ee890b18311096af7af7d7a921", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f8b8883ad76d36ee890b18311096af7af7d7a921" + }, + { + "url": "https://git.kernel.org/stable/c/086fd062bc3883ae1ce4166cff5355db315ad879", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/086fd062bc3883ae1ce4166cff5355db315ad879" + } + ] + }, + "generator": { + "engine": "bippy-5f407fcff5a0" } } \ No newline at end of file diff --git a/2025/21xxx/CVE-2025-21699.json b/2025/21xxx/CVE-2025-21699.json index cc80c4947a6..60713f66777 100644 --- a/2025/21xxx/CVE-2025-21699.json +++ b/2025/21xxx/CVE-2025-21699.json @@ -1,18 +1,158 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-21699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@kernel.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Truncate address space when flipping GFS2_DIF_JDATA flag\n\nTruncate an inode's address space when flipping the GFS2_DIF_JDATA flag:\ndepending on that flag, the pages in the address space will either use\nbuffer heads or iomap_folio_state structs, and we cannot mix the two." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Linux", + "product": { + "product_data": [ + { + "product_name": "Linux", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", + "version_value": "2b0bd5051ad1c1e9ef4879f18e15a7712c974f3e" + }, + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "5.4.290", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.10.234", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "5.15.178", + "lessThanOrEqual": "5.15.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.1.128", + "lessThanOrEqual": "6.1.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.6.75", + "lessThanOrEqual": "6.6.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.12.12", + "lessThanOrEqual": "6.12.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.13.1", + "lessThanOrEqual": "6.13.*", + "status": "unaffected", + "versionType": "semver" + }, + { + "version": "6.14-rc1", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/2b0bd5051ad1c1e9ef4879f18e15a7712c974f3e", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2b0bd5051ad1c1e9ef4879f18e15a7712c974f3e" + }, + { + "url": "https://git.kernel.org/stable/c/8c41abc11aa8438c9ed2d973f97e66674c0355df", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/8c41abc11aa8438c9ed2d973f97e66674c0355df" + }, + { + "url": "https://git.kernel.org/stable/c/4e3ded34f3f3c9d7ed2aac7be8cf51153646574a", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4e3ded34f3f3c9d7ed2aac7be8cf51153646574a" + }, + { + "url": "https://git.kernel.org/stable/c/2a40a140e11fec699e128170ccaa98b6b82cb503", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/2a40a140e11fec699e128170ccaa98b6b82cb503" + }, + { + "url": "https://git.kernel.org/stable/c/4dd57d1f0e9844311c635a7fb39abce4f2ac5a61", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4dd57d1f0e9844311c635a7fb39abce4f2ac5a61" + }, + { + "url": "https://git.kernel.org/stable/c/4516febe325342555bb09ca5b396fb816d655821", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/4516febe325342555bb09ca5b396fb816d655821" + }, + { + "url": "https://git.kernel.org/stable/c/5bb1fd0855bb0abc7d97e44758d6ffed7882d2d0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/5bb1fd0855bb0abc7d97e44758d6ffed7882d2d0" + }, + { + "url": "https://git.kernel.org/stable/c/7c9d9223802fbed4dee1ae301661bf346964c9d2", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/7c9d9223802fbed4dee1ae301661bf346964c9d2" + } + ] + }, + "generator": { + "engine": "bippy-5f407fcff5a0" } } \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26349.json b/2025/26xxx/CVE-2025-26349.json index 5a7ab1341a7..85cf14d8102 100644 --- a/2025/26xxx/CVE-2025-26349.json +++ b/2025/26xxx/CVE-2025-26349.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26349", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-23 \"Relative Path Traversal\" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23 Relative Path Traversal", + "cweId": "CWE-23" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26349", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26349" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26350.json b/2025/26xxx/CVE-2025-26350.json index fe4bb79802b..b1928743840 100644 --- a/2025/26xxx/CVE-2025-26350.json +++ b/2025/26xxx/CVE-2025-26350.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26350", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-434 \"Unrestricted Upload of File with Dangerous Type\" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload malicious files via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26350", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26350" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26351.json b/2025/26xxx/CVE-2025-26351.json index a952883e5cd..2d82427073a 100644 --- a/2025/26xxx/CVE-2025-26351.json +++ b/2025/26xxx/CVE-2025-26351.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26351", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-35 \"Path Traversal\" in the template download mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-35 Path Traversal", + "cweId": "CWE-35" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26351", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26351" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26352.json b/2025/26xxx/CVE-2025-26352.json index 4c21c227687..94d9cbaef13 100644 --- a/2025/26xxx/CVE-2025-26352.json +++ b/2025/26xxx/CVE-2025-26352.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26352", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-35 \"Path Traversal\" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-35 Path Traversal", + "cweId": "CWE-35" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26352", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26352" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26353.json b/2025/26xxx/CVE-2025-26353.json index e0eeff87646..e5f5b0c29b9 100644 --- a/2025/26xxx/CVE-2025-26353.json +++ b/2025/26xxx/CVE-2025-26353.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26353", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-35 \"Path Traversal\" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-35 Path Traversal", + "cweId": "CWE-35" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26353", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26353" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26354.json b/2025/26xxx/CVE-2025-26354.json index 0ff3b2b774b..0e11457f251 100644 --- a/2025/26xxx/CVE-2025-26354.json +++ b/2025/26xxx/CVE-2025-26354.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26354", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-35 \"Path Traversal\" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-35 Path Traversal", + "cweId": "CWE-35" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26354", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26354" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26355.json b/2025/26xxx/CVE-2025-26355.json index 6eb507145f0..d7f2c5a1cc8 100644 --- a/2025/26xxx/CVE-2025-26355.json +++ b/2025/26xxx/CVE-2025-26355.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26355", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-35 \"Path Traversal\" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-35 Path Traversal", + "cweId": "CWE-35" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26355", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26355" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26356.json b/2025/26xxx/CVE-2025-26356.json index 5127f09b2fc..fdb6fbaccbd 100644 --- a/2025/26xxx/CVE-2025-26356.json +++ b/2025/26xxx/CVE-2025-26356.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26356", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-35 \"Path Traversal\" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-35 Path Traversal", + "cweId": "CWE-35" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26356", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26356" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26357.json b/2025/26xxx/CVE-2025-26357.json index 6dbeec32997..7af624b6fff 100644 --- a/2025/26xxx/CVE-2025-26357.json +++ b/2025/26xxx/CVE-2025-26357.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26357", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-35 \"Path Traversal\" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-35 Path Traversal", + "cweId": "CWE-35" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26357", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26357" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26358.json b/2025/26xxx/CVE-2025-26358.json index e8730f5181b..d649e4b90cc 100644 --- a/2025/26xxx/CVE-2025-26358.json +++ b/2025/26xxx/CVE-2025-26358.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26358", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-20 \"Improper Input Validation\" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26358", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26358" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26359.json b/2025/26xxx/CVE-2025-26359.json index 6161c777a67..2b9dd84615d 100644 --- a/2025/26xxx/CVE-2025-26359.json +++ b/2025/26xxx/CVE-2025-26359.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26359", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306 \"Missing Authentication for Critical Function\" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26359", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26359" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26360.json b/2025/26xxx/CVE-2025-26360.json index 2772edc5ef6..7ed6ece05a7 100644 --- a/2025/26xxx/CVE-2025-26360.json +++ b/2025/26xxx/CVE-2025-26360.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26360", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306 \"Missing Authentication for Critical Function\" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26360", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26360" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26361.json b/2025/26xxx/CVE-2025-26361.json index 964c4e84a66..50332f1f212 100644 --- a/2025/26xxx/CVE-2025-26361.json +++ b/2025/26xxx/CVE-2025-26361.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26361", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306 \"Missing Authentication for Critical Function\" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26361", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26361" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26362.json b/2025/26xxx/CVE-2025-26362.json index b32fb92f368..7aeed8c4708 100644 --- a/2025/26xxx/CVE-2025-26362.json +++ b/2025/26xxx/CVE-2025-26362.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26362", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306 \"Missing Authentication for Critical Function\" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26362", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26362" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26363.json b/2025/26xxx/CVE-2025-26363.json index 9d5df1640a5..d4386547dd3 100644 --- a/2025/26xxx/CVE-2025-26363.json +++ b/2025/26xxx/CVE-2025-26363.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26363", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306 \"Missing Authentication for Critical Function\" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26363", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26363" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26364.json b/2025/26xxx/CVE-2025-26364.json index 6922df26bae..7f225998d17 100644 --- a/2025/26xxx/CVE-2025-26364.json +++ b/2025/26xxx/CVE-2025-26364.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26364", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306 \"Missing Authentication for Critical Function\" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26364", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26364" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26365.json b/2025/26xxx/CVE-2025-26365.json index 64e013ba4db..91cb11e7e18 100644 --- a/2025/26xxx/CVE-2025-26365.json +++ b/2025/26xxx/CVE-2025-26365.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26365", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306 \"Missing Authentication for Critical Function\" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26365", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26365" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26366.json b/2025/26xxx/CVE-2025-26366.json index 6e538a547ad..f5fbc4409f5 100644 --- a/2025/26xxx/CVE-2025-26366.json +++ b/2025/26xxx/CVE-2025-26366.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26366", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-306 \"Missing Authentication for Critical Function\" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306 Missing Authentication for Critical Function", + "cweId": "CWE-306" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26366", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26366" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26367.json b/2025/26xxx/CVE-2025-26367.json index f6fa90a5fee..25efef3ea10 100644 --- a/2025/26xxx/CVE-2025-26367.json +++ b/2025/26xxx/CVE-2025-26367.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26367", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862 \"Missing Authorization\" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user groups via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26367", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26367" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26368.json b/2025/26xxx/CVE-2025-26368.json index 38b89c16189..57c5c9de2d3 100644 --- a/2025/26xxx/CVE-2025-26368.json +++ b/2025/26xxx/CVE-2025-26368.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26368", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862 \"Missing Authorization\" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove user groups via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26368", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26368" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26369.json b/2025/26xxx/CVE-2025-26369.json index ecd6c787442..af4b79b05d2 100644 --- a/2025/26xxx/CVE-2025-26369.json +++ b/2025/26xxx/CVE-2025-26369.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26369", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862 \"Missing Authorization\" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add privileges to user groups via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26369", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26369" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26370.json b/2025/26xxx/CVE-2025-26370.json index efaa1c99e7b..5f65f2461ef 100644 --- a/2025/26xxx/CVE-2025-26370.json +++ b/2025/26xxx/CVE-2025-26370.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26370", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862 \"Missing Authorization\" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove privileges from user groups via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26370", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26370" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26371.json b/2025/26xxx/CVE-2025-26371.json index 9f5b2316445..7f481f7840c 100644 --- a/2025/26xxx/CVE-2025-26371.json +++ b/2025/26xxx/CVE-2025-26371.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26371", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862 \"Missing Authorization\" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to add users to groups via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26371", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26371" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26372.json b/2025/26xxx/CVE-2025-26372.json index ca85fadec43..c3005e4ba20 100644 --- a/2025/26xxx/CVE-2025-26372.json +++ b/2025/26xxx/CVE-2025-26372.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26372", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862 \"Missing Authorization\" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users from groups via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26372", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26372" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26373.json b/2025/26xxx/CVE-2025-26373.json index b11d90494fb..3ca9e27eb8c 100644 --- a/2025/26xxx/CVE-2025-26373.json +++ b/2025/26xxx/CVE-2025-26373.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26373", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862 \"Missing Authorization\" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26373", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26373" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26374.json b/2025/26xxx/CVE-2025-26374.json index 0da1f7c6c6d..9b53c2145c7 100644 --- a/2025/26xxx/CVE-2025-26374.json +++ b/2025/26xxx/CVE-2025-26374.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26374", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862 \"Missing Authorization\" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate users via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26374", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26374" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26375.json b/2025/26xxx/CVE-2025-26375.json index e91740f93ff..abd811f32fc 100644 --- a/2025/26xxx/CVE-2025-26375.json +++ b/2025/26xxx/CVE-2025-26375.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26375", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862 \"Missing Authorization\" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create users with arbitrary privileges via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26375", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26375" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26376.json b/2025/26xxx/CVE-2025-26376.json index 79fc9648480..17b78e84771 100644 --- a/2025/26xxx/CVE-2025-26376.json +++ b/2025/26xxx/CVE-2025-26376.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26376", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862 \"Missing Authorization\" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26376", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26376" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26377.json b/2025/26xxx/CVE-2025-26377.json index f51b0fbc0da..d8bdd63a92f 100644 --- a/2025/26xxx/CVE-2025-26377.json +++ b/2025/26xxx/CVE-2025-26377.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26377", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862 \"Missing Authorization\" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to remove users via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26377", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26377" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26378.json b/2025/26xxx/CVE-2025-26378.json index 48aeb823cbb..63bc15e649c 100644 --- a/2025/26xxx/CVE-2025-26378.json +++ b/2025/26xxx/CVE-2025-26378.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26378", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "prodsec@nozominetworks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-862 \"Missing Authorization\" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to reset passwords, including the ones of administrator accounts, via crafted HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862 Missing Authorization", + "cweId": "CWE-862" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Q-Free", + "product": { + "product_data": [ + { + "product_name": "MaxTime", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26378", + "refsource": "MISC", + "name": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26378" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Diego Giubertoni of Nozomi Networks found this bug during a security research activity." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26534.json b/2025/26xxx/CVE-2025-26534.json new file mode 100644 index 00000000000..93ddd3a42bb --- /dev/null +++ b/2025/26xxx/CVE-2025-26534.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26534", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26535.json b/2025/26xxx/CVE-2025-26535.json new file mode 100644 index 00000000000..01270175d61 --- /dev/null +++ b/2025/26xxx/CVE-2025-26535.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26535", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26536.json b/2025/26xxx/CVE-2025-26536.json new file mode 100644 index 00000000000..7feb77c3ce3 --- /dev/null +++ b/2025/26xxx/CVE-2025-26536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26536", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26537.json b/2025/26xxx/CVE-2025-26537.json new file mode 100644 index 00000000000..6a47b4cda53 --- /dev/null +++ b/2025/26xxx/CVE-2025-26537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26538.json b/2025/26xxx/CVE-2025-26538.json new file mode 100644 index 00000000000..da803771ee9 --- /dev/null +++ b/2025/26xxx/CVE-2025-26538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26538", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26539.json b/2025/26xxx/CVE-2025-26539.json new file mode 100644 index 00000000000..777b72090f7 --- /dev/null +++ b/2025/26xxx/CVE-2025-26539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26539", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26540.json b/2025/26xxx/CVE-2025-26540.json new file mode 100644 index 00000000000..0fc51637e5f --- /dev/null +++ b/2025/26xxx/CVE-2025-26540.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26540", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26541.json b/2025/26xxx/CVE-2025-26541.json new file mode 100644 index 00000000000..fbcf51a5cb2 --- /dev/null +++ b/2025/26xxx/CVE-2025-26541.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26541", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26542.json b/2025/26xxx/CVE-2025-26542.json new file mode 100644 index 00000000000..d6de6af7f9f --- /dev/null +++ b/2025/26xxx/CVE-2025-26542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26542", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26543.json b/2025/26xxx/CVE-2025-26543.json new file mode 100644 index 00000000000..fd91f9e428e --- /dev/null +++ b/2025/26xxx/CVE-2025-26543.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26543", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26544.json b/2025/26xxx/CVE-2025-26544.json new file mode 100644 index 00000000000..c6ce52dc1d1 --- /dev/null +++ b/2025/26xxx/CVE-2025-26544.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26544", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26545.json b/2025/26xxx/CVE-2025-26545.json new file mode 100644 index 00000000000..7e8d4a72bdf --- /dev/null +++ b/2025/26xxx/CVE-2025-26545.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26545", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26546.json b/2025/26xxx/CVE-2025-26546.json new file mode 100644 index 00000000000..b41b9b4bc2b --- /dev/null +++ b/2025/26xxx/CVE-2025-26546.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26546", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26547.json b/2025/26xxx/CVE-2025-26547.json new file mode 100644 index 00000000000..df4c056ee32 --- /dev/null +++ b/2025/26xxx/CVE-2025-26547.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26547", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26548.json b/2025/26xxx/CVE-2025-26548.json new file mode 100644 index 00000000000..38aed30e2e8 --- /dev/null +++ b/2025/26xxx/CVE-2025-26548.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26548", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26549.json b/2025/26xxx/CVE-2025-26549.json new file mode 100644 index 00000000000..6d4fb0792ba --- /dev/null +++ b/2025/26xxx/CVE-2025-26549.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26549", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26550.json b/2025/26xxx/CVE-2025-26550.json new file mode 100644 index 00000000000..f0df24cd170 --- /dev/null +++ b/2025/26xxx/CVE-2025-26550.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26550", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26551.json b/2025/26xxx/CVE-2025-26551.json new file mode 100644 index 00000000000..1c3ad1869a4 --- /dev/null +++ b/2025/26xxx/CVE-2025-26551.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26551", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26552.json b/2025/26xxx/CVE-2025-26552.json new file mode 100644 index 00000000000..5700ba5f9c7 --- /dev/null +++ b/2025/26xxx/CVE-2025-26552.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26552", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26553.json b/2025/26xxx/CVE-2025-26553.json new file mode 100644 index 00000000000..a0c7cff0076 --- /dev/null +++ b/2025/26xxx/CVE-2025-26553.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26553", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26554.json b/2025/26xxx/CVE-2025-26554.json new file mode 100644 index 00000000000..db5d01e3d04 --- /dev/null +++ b/2025/26xxx/CVE-2025-26554.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26554", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26555.json b/2025/26xxx/CVE-2025-26555.json new file mode 100644 index 00000000000..eba9a6789d3 --- /dev/null +++ b/2025/26xxx/CVE-2025-26555.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26555", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26556.json b/2025/26xxx/CVE-2025-26556.json new file mode 100644 index 00000000000..85a0f4e8415 --- /dev/null +++ b/2025/26xxx/CVE-2025-26556.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26556", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26557.json b/2025/26xxx/CVE-2025-26557.json new file mode 100644 index 00000000000..97f1951d85c --- /dev/null +++ b/2025/26xxx/CVE-2025-26557.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26557", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26558.json b/2025/26xxx/CVE-2025-26558.json new file mode 100644 index 00000000000..9a382a692a8 --- /dev/null +++ b/2025/26xxx/CVE-2025-26558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26558", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26559.json b/2025/26xxx/CVE-2025-26559.json new file mode 100644 index 00000000000..3857bab3ea0 --- /dev/null +++ b/2025/26xxx/CVE-2025-26559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26559", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26560.json b/2025/26xxx/CVE-2025-26560.json new file mode 100644 index 00000000000..ff84b947d24 --- /dev/null +++ b/2025/26xxx/CVE-2025-26560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26561.json b/2025/26xxx/CVE-2025-26561.json new file mode 100644 index 00000000000..83e2af314c3 --- /dev/null +++ b/2025/26xxx/CVE-2025-26561.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26561", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26562.json b/2025/26xxx/CVE-2025-26562.json new file mode 100644 index 00000000000..ab19398a92a --- /dev/null +++ b/2025/26xxx/CVE-2025-26562.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26562", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26563.json b/2025/26xxx/CVE-2025-26563.json new file mode 100644 index 00000000000..bbf2a2cac3a --- /dev/null +++ b/2025/26xxx/CVE-2025-26563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26563", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26564.json b/2025/26xxx/CVE-2025-26564.json new file mode 100644 index 00000000000..f119f155335 --- /dev/null +++ b/2025/26xxx/CVE-2025-26564.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26564", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26565.json b/2025/26xxx/CVE-2025-26565.json new file mode 100644 index 00000000000..000f301ac60 --- /dev/null +++ b/2025/26xxx/CVE-2025-26565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26565", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26566.json b/2025/26xxx/CVE-2025-26566.json new file mode 100644 index 00000000000..e4f75bf972f --- /dev/null +++ b/2025/26xxx/CVE-2025-26566.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26566", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26567.json b/2025/26xxx/CVE-2025-26567.json new file mode 100644 index 00000000000..c7266f7376d --- /dev/null +++ b/2025/26xxx/CVE-2025-26567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26568.json b/2025/26xxx/CVE-2025-26568.json new file mode 100644 index 00000000000..22fa1b9345b --- /dev/null +++ b/2025/26xxx/CVE-2025-26568.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26568", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26569.json b/2025/26xxx/CVE-2025-26569.json new file mode 100644 index 00000000000..ecc2834d9d8 --- /dev/null +++ b/2025/26xxx/CVE-2025-26569.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26569", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26570.json b/2025/26xxx/CVE-2025-26570.json new file mode 100644 index 00000000000..5b3a5e8aa3c --- /dev/null +++ b/2025/26xxx/CVE-2025-26570.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26570", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26571.json b/2025/26xxx/CVE-2025-26571.json new file mode 100644 index 00000000000..3e9cc95d58d --- /dev/null +++ b/2025/26xxx/CVE-2025-26571.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26571", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26572.json b/2025/26xxx/CVE-2025-26572.json new file mode 100644 index 00000000000..1ea4a73b9bd --- /dev/null +++ b/2025/26xxx/CVE-2025-26572.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26572", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26573.json b/2025/26xxx/CVE-2025-26573.json new file mode 100644 index 00000000000..25c26f21181 --- /dev/null +++ b/2025/26xxx/CVE-2025-26573.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26573", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26574.json b/2025/26xxx/CVE-2025-26574.json new file mode 100644 index 00000000000..5e50247331d --- /dev/null +++ b/2025/26xxx/CVE-2025-26574.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26574", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26575.json b/2025/26xxx/CVE-2025-26575.json new file mode 100644 index 00000000000..bd6c294fe61 --- /dev/null +++ b/2025/26xxx/CVE-2025-26575.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26575", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26576.json b/2025/26xxx/CVE-2025-26576.json new file mode 100644 index 00000000000..3ca7ffbb2ad --- /dev/null +++ b/2025/26xxx/CVE-2025-26576.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26576", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26577.json b/2025/26xxx/CVE-2025-26577.json new file mode 100644 index 00000000000..3e04173c7c6 --- /dev/null +++ b/2025/26xxx/CVE-2025-26577.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26577", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26578.json b/2025/26xxx/CVE-2025-26578.json new file mode 100644 index 00000000000..9a95052e34a --- /dev/null +++ b/2025/26xxx/CVE-2025-26578.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26578", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26579.json b/2025/26xxx/CVE-2025-26579.json new file mode 100644 index 00000000000..61a01b60e0e --- /dev/null +++ b/2025/26xxx/CVE-2025-26579.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26579", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26580.json b/2025/26xxx/CVE-2025-26580.json new file mode 100644 index 00000000000..8ba44ce2c26 --- /dev/null +++ b/2025/26xxx/CVE-2025-26580.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26580", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26581.json b/2025/26xxx/CVE-2025-26581.json new file mode 100644 index 00000000000..081ad6b0f42 --- /dev/null +++ b/2025/26xxx/CVE-2025-26581.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26581", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26582.json b/2025/26xxx/CVE-2025-26582.json new file mode 100644 index 00000000000..ace852b48ba --- /dev/null +++ b/2025/26xxx/CVE-2025-26582.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26582", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26583.json b/2025/26xxx/CVE-2025-26583.json new file mode 100644 index 00000000000..400b75ac4ea --- /dev/null +++ b/2025/26xxx/CVE-2025-26583.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26583", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26584.json b/2025/26xxx/CVE-2025-26584.json new file mode 100644 index 00000000000..41c07a31a09 --- /dev/null +++ b/2025/26xxx/CVE-2025-26584.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26584", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26585.json b/2025/26xxx/CVE-2025-26585.json new file mode 100644 index 00000000000..40f5e4cb0ba --- /dev/null +++ b/2025/26xxx/CVE-2025-26585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26585", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26586.json b/2025/26xxx/CVE-2025-26586.json new file mode 100644 index 00000000000..8c90979573c --- /dev/null +++ b/2025/26xxx/CVE-2025-26586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26586", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26587.json b/2025/26xxx/CVE-2025-26587.json new file mode 100644 index 00000000000..593e72e7a4d --- /dev/null +++ b/2025/26xxx/CVE-2025-26587.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26587", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26588.json b/2025/26xxx/CVE-2025-26588.json new file mode 100644 index 00000000000..5ba17c3bcfd --- /dev/null +++ b/2025/26xxx/CVE-2025-26588.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26588", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26589.json b/2025/26xxx/CVE-2025-26589.json new file mode 100644 index 00000000000..5447c1a892b --- /dev/null +++ b/2025/26xxx/CVE-2025-26589.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26589", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26590.json b/2025/26xxx/CVE-2025-26590.json new file mode 100644 index 00000000000..6b59b428eda --- /dev/null +++ b/2025/26xxx/CVE-2025-26590.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26590", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26591.json b/2025/26xxx/CVE-2025-26591.json new file mode 100644 index 00000000000..b80d1a3e8a4 --- /dev/null +++ b/2025/26xxx/CVE-2025-26591.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26591", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26592.json b/2025/26xxx/CVE-2025-26592.json new file mode 100644 index 00000000000..474060c9dbf --- /dev/null +++ b/2025/26xxx/CVE-2025-26592.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26592", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26593.json b/2025/26xxx/CVE-2025-26593.json new file mode 100644 index 00000000000..fd425da4022 --- /dev/null +++ b/2025/26xxx/CVE-2025-26593.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-26593", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file