admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-02 03:32:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-20 15:00:33 +00:00
parent ccef0e1abc
commit 47f12b3005
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 1007 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
2023/33xxx/CVE-2023-33861.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33861",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295 Improper Certificate Validation",
"cweId": "CWE-295"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "Security ReaQta EDR",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ibm.com/support/pages/node/7233972",
"refsource": "MISC",
"name": "https://www.ibm.com/support/pages/node/7233972"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p></p>IBM encourages customers to update their systems promptly.&nbsp;<br>IBM Security QRadar EDR 3.12.17<br><div><table><tbody><tr><td></td></tr></tbody></table></div>\n\n<br>"
}
],
"value": "IBM encourages customers to update their systems promptly.\u00a0\nIBM Security QRadar EDR 3.12.17"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

56
2025/26xxx/CVE-2025-26086.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-26086",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-26086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction of sensitive database contents without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2025/May/21",
"url": "https://seclists.org/fulldisclosure/2025/May/21"
}
]
}

117
2025/41xxx/CVE-2025-41225.json
View File

@ -1,17 +1,126 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-41225",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The vCenter Server contains an authenticated command-execution vulnerability.\u00a0A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.0",
"version_value": "8.0 U3e"
},
{
"version_affected": "<",
"version_name": "7.0",
"version_value": "7.0 U3v"
}
]
}
},
{
"product_name": "VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x, 4.5.x"
}
]
}
},
{
"product_name": "VMware Telco Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x, 4.x, 3.x, 2.x"
}
]
}
},
{
"product_name": "VMware Telco Cloud Infrastructure",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.x, 2.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717",
"refsource": "MISC",
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

117
2025/41xxx/CVE-2025-41226.json
View File

@ -1,17 +1,126 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-41226",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware\u00a0ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation.\u00a0A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.0",
"version_value": "ESXi80U3se-24659227"
},
{
"version_affected": "<",
"version_name": "7.0",
"version_value": "ESXi70U3sv-24723868"
}
]
}
},
{
"product_name": "VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x, 4.5.x"
}
]
}
},
{
"product_name": "VMware Telco Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x, 4.x, 3.x, 2.x"
}
]
}
},
{
"product_name": "VMware Telco Cloud Infrastructure",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.x, 2.x"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717",
"refsource": "MISC",
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
}

141
2025/41xxx/CVE-2025-41227.json
View File

@ -1,17 +1,150 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-41227",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware ESXi,\u00a0Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options.\u00a0A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.0",
"version_value": "ESXi80U3se-24659227"
},
{
"version_affected": "<",
"version_name": "7.0",
"version_value": "ESXi70U3sv-24723868"
}
]
}
},
{
"product_name": "VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x, 4.5.x"
}
]
}
},
{
"product_name": "VMware Telco Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x, 4.x, 3.x, 2.x"
}
]
}
},
{
"product_name": "VMware Telco Cloud Infrastructure",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.x, 2.x"
}
]
}
},
{
"product_name": "VMware Workstation",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "17.x",
"version_value": "17.6.3"
}
]
}
},
{
"product_name": "VMware Fusion",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.x",
"version_value": "13.6.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717",
"refsource": "MISC",
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

129
2025/41xxx/CVE-2025-41228.json
View File

@ -1,17 +1,138 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-41228",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation.\u00a0A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "VMware vCenter Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.0",
"version_value": "8.0 U3e"
}
]
}
},
{
"product_name": "VMware Cloud Foundation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x, 4.5.x"
}
]
}
},
{
"product_name": "VMware Telco Cloud Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x, 4.x, 3.x, 2.x"
}
]
}
},
{
"product_name": "VMware Telco Cloud Infrastructure",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.x,2.x"
}
]
}
},
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "8.0",
"version_value": "ESXi80U3se-24659227"
},
{
"version_affected": "<",
"version_name": "7.0",
"version_value": "ESXi70U3sv-24723868"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717",
"refsource": "MISC",
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

106
2025/47xxx/CVE-2025-47939.json
View File

@ -1,17 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3\u2019s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be considered potentially harmful, such as executable binaries (e.g., `.exe` files), or files with inconsistent file extensions and MIME types (for example, a file incorrectly named with a `.png` extension but actually carrying the MIME type `application/zip`) starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS. Although such files are not directly executable through the web server, their presence can introduce indirect risks. For example, third-party services such as antivirus scanners or malware detection systems might flag or block access to the website for end users if suspicious files are found. This could negatively affect the availability or reputation of the site. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-351: Insufficient Type Distinction",
"cweId": "CWE-351"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TYPO3",
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 9.0.0, < 9.5.51"
},
{
"version_affected": "=",
"version_value": ">= 10.0.0, < 10.4.50"
},
{
"version_affected": "=",
"version_value": ">= 11.0.0, < 11.5.44"
},
{
"version_affected": "=",
"version_value": ">= 12.0.0, < 12.4.31"
},
{
"version_affected": "=",
"version_value": ">= 13.0.0, < 13.4.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9hq9-cr36-4wpj",
"refsource": "MISC",
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9hq9-cr36-4wpj"
},
{
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-014",
"refsource": "MISC",
"name": "https://typo3.org/security/advisory/typo3-core-sa-2025-014"
}
]
},
"source": {
"advisory": "GHSA-9hq9-cr36-4wpj",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

93
2025/47xxx/CVE-2025-47940.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47940",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Users should update to TYPO3 version 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-283: Unverified Ownership",
"cweId": "CWE-283"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TYPO3",
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 10.0.0, < 10.4.50"
},
{
"version_affected": "=",
"version_value": ">= 11.0.0, < 11.5.44"
},
{
"version_affected": "=",
"version_value": ">= 12.0.0, < 12.4.31"
},
{
"version_affected": "=",
"version_value": ">= 13.0.0, < 13.4.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844",
"refsource": "MISC",
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844"
},
{
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-016",
"refsource": "MISC",
"name": "https://typo3.org/security/advisory/typo3-core-sa-2025-016"
}
]
},
"source": {
"advisory": "GHSA-6frx-j292-c844",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

85
2025/47xxx/CVE-2025-47941.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47941",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication. Users should update to TYPO3 version 12.4.31 LTS or 13.4.12 LTS to fix the problem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"cweId": "CWE-288"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "TYPO3",
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 12.0.0, < 12.4.31"
},
{
"version_affected": "=",
"version_value": ">= 13.0.0, < 13.4.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-744g-7qm9-hjh9",
"refsource": "MISC",
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-744g-7qm9-hjh9"
},
{
"url": "https://typo3.org/security/advisory/typo3-core-sa-2025-015",
"refsource": "MISC",
"name": "https://typo3.org/security/advisory/typo3-core-sa-2025-015"
}
]
},
"source": {
"advisory": "GHSA-744g-7qm9-hjh9",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

114
2025/4xxx/CVE-2025-4980.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4980",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure."
},
{
"lang": "deu",
"value": "In Netgear DGND3700 1.1.00.15_1.00.15NA wurde eine problematische Schwachstelle gefunden. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /currentsetting.htm der Komponente mini_http. Dank Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure",
"cweId": "CWE-200"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Access Controls",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Netgear",
"product": {
"product_data": [
{
"product_name": "DGND3700",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.1.00.15_1.00.15NA"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.309640",
"refsource": "MISC",
"name": "https://vuldb.com/?id.309640"
},
{
"url": "https://vuldb.com/?ctiid.309640",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.309640"
},
{
"url": "https://vuldb.com/?submit.564714",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.564714"
},
{
"url": "https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/currentsetting.md",
"refsource": "MISC",
"name": "https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/currentsetting.md"
},
{
"url": "https://www.netgear.com/",
"refsource": "MISC",
"name": "https://www.netgear.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "153528990 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
}
]
}