admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-03 17:00:32 +00:00
parent ef17e8f37b
commit 49090a1f29
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 505 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2023/47xxx/CVE-2023-47639.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47639",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209: Generation of Error Message Containing Sensitive Information",
"cweId": "CWE-209"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "api-platform",
"product": {
"product_data": [
{
"product_name": "core",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.2.0, < 3.2.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r",
"refsource": "MISC",
"name": "https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r"
},
{
"url": "https://github.com/api-platform/core/pull/5823",
"refsource": "MISC",
"name": "https://github.com/api-platform/core/pull/5823"
},
{
"url": "https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201",
"refsource": "MISC",
"name": "https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201"
}
]
},
"source": {
"advisory": "GHSA-rfw5-cqjj-7v9r",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

35
2024/10xxx/CVE-2024-10628.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the \u2018id\u2019 parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
"value": "The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the \u2018id\u2019 parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: The three variations of this software (Business, Developer, and Agency) share the same plugin slug, so you may get an alert even if you are running the latest version of any of the pieces of software. In these cases it is safe to dismiss the notice once you've confirmed your site is on a patched version of the applicable software."
}
]
},
@ -35,13 +35,25 @@
"vendor_name": "AYS Pro Plugins",
"product": {
"product_data": [
{
"product_name": "Quiz Maker Business",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "8.8.0"
}
]
}
},
{
"product_name": "Quiz Maker Developer",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_name": "20.0.0",
"version_value": "21.8.0"
}
]
@ -53,23 +65,11 @@
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_name": "30.0.0",
"version_value": "31.8.0"
}
]
}
},
{
"product_name": "Quiz Maker Business",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "8.8.0"
}
]
}
}
]
}
@ -93,6 +93,11 @@
"url": "https://ays-pro.com/changelog-for-quiz-maker-pro",
"refsource": "MISC",
"name": "https://ays-pro.com/changelog-for-quiz-maker-pro"
},
{
"url": "https://abrahack.com/posts/quiz-maker-sqli/",
"refsource": "MISC",
"name": "https://abrahack.com/posts/quiz-maker-sqli/"
}
]
},

73
2025/32xxx/CVE-2025-32054.json
View File

@ -1,17 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32054",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@jetbrains.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532",
"cweId": "CWE-532"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JetBrains",
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2024.3, 2024.2.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"refsource": "MISC",
"name": "https://www.jetbrains.com/privacy-security/issues-fixed/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}

109
2025/3xxx/CVE-2025-3165.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckpt_path/quant_ckpt_dir leads to deserialization. An attack has to be approached locally."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in thu-pacman chitu 0.1.0 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion torch.load der Datei chitu/chitu/backend.py. Mittels Manipulieren des Arguments ckpt_path/quant_ckpt_dir mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization",
"cweId": "CWE-502"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "thu-pacman",
"product": {
"product_data": [
{
"product_name": "chitu",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.303111",
"refsource": "MISC",
"name": "https://vuldb.com/?id.303111"
},
{
"url": "https://vuldb.com/?ctiid.303111",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.303111"
},
{
"url": "https://vuldb.com/?submit.542529",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.542529"
},
{
"url": "https://github.com/thu-pacman/chitu/issues/32",
"refsource": "MISC",
"name": "https://github.com/thu-pacman/chitu/issues/32"
}
]
},
"credits": [
{
"lang": "en",
"value": "ybdesire (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

114
2025/3xxx/CVE-2025-3166.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in code-projects Product Management System 1.0. This vulnerability affects the function search_item of the component Search Product Menu. The manipulation of the argument target leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In code-projects Product Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion search_item der Komponente Search Product Menu. Durch das Manipulieren des Arguments target mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "code-projects",
"product": {
"product_data": [
{
"product_name": "Product Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.303112",
"refsource": "MISC",
"name": "https://vuldb.com/?id.303112"
},
{
"url": "https://vuldb.com/?ctiid.303112",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.303112"
},
{
"url": "https://vuldb.com/?submit.542668",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.542668"
},
{
"url": "https://github.com/zzzxc643/cve_Product-Management-System/blob/main/cve.md",
"refsource": "MISC",
"name": "https://github.com/zzzxc643/cve_Product-Management-System/blob/main/cve.md"
},
{
"url": "https://code-projects.org/",
"refsource": "MISC",
"name": "https://code-projects.org/"
}
]
},
"credits": [
{
"lang": "en",
"value": "zzzxc (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

105
2025/3xxx/CVE-2025-3167.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3167",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in Tenda AC23 16.03.07.52 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /goform/VerAPIMant der Komponente API Interface. Durch Manipulieren des Arguments getuid mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service",
"cweId": "CWE-404"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenda",
"product": {
"product_data": [
{
"product_name": "AC23",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "16.03.07.52"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.303113",
"refsource": "MISC",
"name": "https://vuldb.com/?id.303113"
},
{
"url": "https://vuldb.com/?ctiid.303113",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.303113"
},
{
"url": "https://vuldb.com/?submit.543150",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.543150"
},
{
"url": "https://github.com/LZY0522/CVE/blob/main/CVE_1.md",
"refsource": "MISC",
"name": "https://github.com/LZY0522/CVE/blob/main/CVE_1.md"
},
{
"url": "https://www.tenda.com.cn/",
"refsource": "MISC",
"name": "https://www.tenda.com.cn/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Li Zhiyang (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C"
}
]
}

18
2025/3xxx/CVE-2025-3232.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3232",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}