diff --git a/2023/47xxx/CVE-2023-47639.json b/2023/47xxx/CVE-2023-47639.json index bda1c2cdd31..7dbb1e7f5fb 100644 --- a/2023/47xxx/CVE-2023-47639.json +++ b/2023/47xxx/CVE-2023-47639.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-47639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209: Generation of Error Message Containing Sensitive Information", + "cweId": "CWE-209" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "api-platform", + "product": { + "product_data": [ + { + "product_name": "core", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.2.0, < 3.2.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r", + "refsource": "MISC", + "name": "https://github.com/api-platform/core/security/advisories/GHSA-rfw5-cqjj-7v9r" + }, + { + "url": "https://github.com/api-platform/core/pull/5823", + "refsource": "MISC", + "name": "https://github.com/api-platform/core/pull/5823" + }, + { + "url": "https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201", + "refsource": "MISC", + "name": "https://github.com/api-platform/core/commit/ba8a7e6538bccebf14c228e43a9339214c4d9201" + } + ] + }, + "source": { + "advisory": "GHSA-rfw5-cqjj-7v9r", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/10xxx/CVE-2024-10628.json b/2024/10xxx/CVE-2024-10628.json index b9789b0b87e..e0953024b49 100644 --- a/2024/10xxx/CVE-2024-10628.json +++ b/2024/10xxx/CVE-2024-10628.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the \u2018id\u2019 parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + "value": "The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the \u2018id\u2019 parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: The three variations of this software (Business, Developer, and Agency) share the same plugin slug, so you may get an alert even if you are running the latest version of any of the pieces of software. In these cases it is safe to dismiss the notice once you've confirmed your site is on a patched version of the applicable software." } ] }, @@ -35,13 +35,25 @@ "vendor_name": "AYS Pro Plugins", "product": { "product_data": [ + { + "product_name": "Quiz Maker Business", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "7.0.0", + "version_value": "8.8.0" + } + ] + } + }, { "product_name": "Quiz Maker Developer", "version": { "version_data": [ { "version_affected": "<=", - "version_name": "*", + "version_name": "20.0.0", "version_value": "21.8.0" } ] @@ -53,23 +65,11 @@ "version_data": [ { "version_affected": "<=", - "version_name": "*", + "version_name": "30.0.0", "version_value": "31.8.0" } ] } - }, - { - "product_name": "Quiz Maker Business", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "*", - "version_value": "8.8.0" - } - ] - } } ] } @@ -93,6 +93,11 @@ "url": "https://ays-pro.com/changelog-for-quiz-maker-pro", "refsource": "MISC", "name": "https://ays-pro.com/changelog-for-quiz-maker-pro" + }, + { + "url": "https://abrahack.com/posts/quiz-maker-sqli/", + "refsource": "MISC", + "name": "https://abrahack.com/posts/quiz-maker-sqli/" } ] }, diff --git a/2025/32xxx/CVE-2025-32054.json b/2025/32xxx/CVE-2025-32054.json index cac6de4522a..4c30a3c7e64 100644 --- a/2025/32xxx/CVE-2025-32054.json +++ b/2025/32xxx/CVE-2025-32054.json @@ -1,17 +1,82 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-32054", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@jetbrains.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532", + "cweId": "CWE-532" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "JetBrains", + "product": { + "product_data": [ + { + "product_name": "IntelliJ IDEA", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2024.3, 2024.2.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "refsource": "MISC", + "name": "https://www.jetbrains.com/privacy-security/issues-fixed/" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2025/3xxx/CVE-2025-3165.json b/2025/3xxx/CVE-2025-3165.json index 067158e9ee2..54e7eebb671 100644 --- a/2025/3xxx/CVE-2025-3165.json +++ b/2025/3xxx/CVE-2025-3165.json @@ -1,17 +1,118 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3165", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckpt_path/quant_ckpt_dir leads to deserialization. An attack has to be approached locally." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in thu-pacman chitu 0.1.0 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion torch.load der Datei chitu/chitu/backend.py. Mittels Manipulieren des Arguments ckpt_path/quant_ckpt_dir mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization", + "cweId": "CWE-502" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "thu-pacman", + "product": { + "product_data": [ + { + "product_name": "chitu", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303111", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303111" + }, + { + "url": "https://vuldb.com/?ctiid.303111", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303111" + }, + { + "url": "https://vuldb.com/?submit.542529", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.542529" + }, + { + "url": "https://github.com/thu-pacman/chitu/issues/32", + "refsource": "MISC", + "name": "https://github.com/thu-pacman/chitu/issues/32" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "ybdesire (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.3, + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3166.json b/2025/3xxx/CVE-2025-3166.json index 33af434a101..862b4b25e3a 100644 --- a/2025/3xxx/CVE-2025-3166.json +++ b/2025/3xxx/CVE-2025-3166.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3166", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in code-projects Product Management System 1.0. This vulnerability affects the function search_item of the component Search Product Menu. The manipulation of the argument target leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "In code-projects Product Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion search_item der Komponente Search Product Menu. Durch das Manipulieren des Arguments target mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow", + "cweId": "CWE-121" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Product Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303112", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303112" + }, + { + "url": "https://vuldb.com/?ctiid.303112", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303112" + }, + { + "url": "https://vuldb.com/?submit.542668", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.542668" + }, + { + "url": "https://github.com/zzzxc643/cve_Product-Management-System/blob/main/cve.md", + "refsource": "MISC", + "name": "https://github.com/zzzxc643/cve_Product-Management-System/blob/main/cve.md" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "zzzxc (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4.3, + "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3167.json b/2025/3xxx/CVE-2025-3167.json index bc400c7cb15..fadb1ba468b 100644 --- a/2025/3xxx/CVE-2025-3167.json +++ b/2025/3xxx/CVE-2025-3167.json @@ -1,17 +1,114 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3167", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in Tenda AC23 16.03.07.52. This issue affects some unknown processing of the file /goform/VerAPIMant of the component API Interface. The manipulation of the argument getuid leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Tenda AC23 16.03.07.52 entdeckt. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /goform/VerAPIMant der Komponente API Interface. Durch Manipulieren des Arguments getuid mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service", + "cweId": "CWE-404" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tenda", + "product": { + "product_data": [ + { + "product_name": "AC23", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "16.03.07.52" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.303113", + "refsource": "MISC", + "name": "https://vuldb.com/?id.303113" + }, + { + "url": "https://vuldb.com/?ctiid.303113", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.303113" + }, + { + "url": "https://vuldb.com/?submit.543150", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.543150" + }, + { + "url": "https://github.com/LZY0522/CVE/blob/main/CVE_1.md", + "refsource": "MISC", + "name": "https://github.com/LZY0522/CVE/blob/main/CVE_1.md" + }, + { + "url": "https://www.tenda.com.cn/", + "refsource": "MISC", + "name": "https://www.tenda.com.cn/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Li Zhiyang (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.8, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C" } ] } diff --git a/2025/3xxx/CVE-2025-3232.json b/2025/3xxx/CVE-2025-3232.json new file mode 100644 index 00000000000..7ef4b71f04e --- /dev/null +++ b/2025/3xxx/CVE-2025-3232.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3232", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file