diff --git a/2025/0xxx/CVE-2025-0632.json b/2025/0xxx/CVE-2025-0632.json
index 1dd77b870da..45b209ba60b 100644
--- a/2025/0xxx/CVE-2025-0632.json
+++ b/2025/0xxx/CVE-2025-0632.json
@@ -49,8 +49,9 @@
"version": {
"version_data": [
{
- "version_affected": "=",
- "version_value": "3.2.1.1 and later"
+ "version_affected": "<=",
+ "version_name": "3.2.1.1",
+ "version_value": "3.18.3.2"
}
]
}
@@ -67,6 +68,16 @@
"url": "https://www.formulatrix.com/downloads/apps/repository/rockmaker/",
"refsource": "MISC",
"name": "https://www.formulatrix.com/downloads/apps/repository/rockmaker/"
+ },
+ {
+ "url": "https://formulatrix.com/downloads/apps/repository/rockmaker/RockMaker%20V3/3.18/3.18.4.7/RockMakerWeb_3.18.4.7_setup.exe",
+ "refsource": "MISC",
+ "name": "https://formulatrix.com/downloads/apps/repository/rockmaker/RockMaker%20V3/3.18/3.18.4.7/RockMakerWeb_3.18.4.7_setup.exe"
+ },
+ {
+ "url": "https://formulatrix.com/downloads/docs/cve/RockMaker/CVE-2025-0632_Security_Bulletin.pdf",
+ "refsource": "MISC",
+ "name": "https://formulatrix.com/downloads/docs/cve/RockMaker/CVE-2025-0632_Security_Bulletin.pdf"
}
]
},
@@ -83,10 +94,10 @@
{
"base64": false,
"type": "text/html",
- "value": "Apply the official security patch or update provided by Formulatrix. If immediate patching is not feasible:
- Restrict external access to RMW from the public internet via firewall rules
- Use network segmentation to limit RMW access only to internal trusted users
- Monitor access logs for suspicious URL patterns such as ../ or unusual GET requests.
"
+ "value": "Apply the official security patch provided by Rock Maker or update provided by Formulatrix. If immediate patching is not feasible:
- Restrict external access to RMW from the public internet via firewall rules
- Use network segmentation to limit RMW access only to internal trusted users
- Monitor access logs for suspicious URL patterns such as ../ or unusual GET requests.
"
}
],
- "value": "Apply the official security patch or update provided by Formulatrix.\u00a0If immediate patching is not feasible:\n * Restrict external access to RMW from the public internet via firewall rules\n * Use network segmentation to limit RMW access only to internal trusted users\n * Monitor access logs for suspicious URL patterns such as ../ or unusual GET requests."
+ "value": "Apply the official security patch\u00a0provided by Rock Maker or update provided by Formulatrix.\u00a0If immediate patching is not feasible:\n * Restrict external access to RMW from the public internet via firewall rules\n * Use network segmentation to limit RMW access only to internal trusted users\n * Monitor access logs for suspicious URL patterns such as ../ or unusual GET requests."
}
],
"credits": [
diff --git a/2025/3xxx/CVE-2025-3706.json b/2025/3xxx/CVE-2025-3706.json
index a767e617ffd..cf277772d0b 100644
--- a/2025/3xxx/CVE-2025-3706.json
+++ b/2025/3xxx/CVE-2025-3706.json
@@ -1,17 +1,107 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3706",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@cert.org.tw",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "104 Corporation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "eHRMS",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "V202412"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.twcert.org.tw/tw/cp-132-10079-f0958-1.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/tw/cp-132-10079-f0958-1.html"
+ },
+ {
+ "url": "https://www.twcert.org.tw/en/cp-139-10080-31e4b-2.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/en/cp-139-10080-31e4b-2.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "TVN-202504006",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Please update to version V202412_Z02 or later. For detailed update instructions, please contact 104."
+ }
+ ],
+ "value": "Please update to version V202412_Z02 or later. For detailed update instructions, please contact 104."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/3xxx/CVE-2025-3996.json b/2025/3xxx/CVE-2025-3996.json
index c959eda1736..f63b2541bc3 100644
--- a/2025/3xxx/CVE-2025-3996.json
+++ b/2025/3xxx/CVE-2025-3996.json
@@ -1,17 +1,123 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3996",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine problematische Schwachstelle wurde in TOTOLINK N150RT 3.4.0-B20190525 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /home.htm der Komponente MAC Filtering Page. Durch Manipulation des Arguments Comment mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Cross Site Scripting",
+ "cweId": "CWE-79"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Code Injection",
+ "cweId": "CWE-94"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "TOTOLINK",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "N150RT",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.4.0-B20190525"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.306332",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.306332"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.306332",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.306332"
+ },
+ {
+ "url": "https://vuldb.com/?submit.557947",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.557947"
+ },
+ {
+ "url": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_MAC_filering",
+ "refsource": "MISC",
+ "name": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/N150RT/XSS_MAC_filering"
+ },
+ {
+ "url": "https://www.totolink.net/",
+ "refsource": "MISC",
+ "name": "https://www.totolink.net/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "lcyf-fizz (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 2.4,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 2.4,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 3.3,
+ "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}
diff --git a/2025/3xxx/CVE-2025-3997.json b/2025/3xxx/CVE-2025-3997.json
index ae7738b8679..22a503bd894 100644
--- a/2025/3xxx/CVE-2025-3997.json
+++ b/2025/3xxx/CVE-2025-3997.json
@@ -1,17 +1,118 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3997",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine Schwachstelle in dazhouda lecms 3.0.3 entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /index.php?my-profile-ajax-1 der Komponente Personal Information Page. Mittels dem Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Cross-Site Request Forgery",
+ "cweId": "CWE-352"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Missing Authorization",
+ "cweId": "CWE-862"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "dazhouda",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "lecms",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "3.0.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.306333",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.306333"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.306333",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.306333"
+ },
+ {
+ "url": "https://vuldb.com/?submit.557956",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.557956"
+ },
+ {
+ "url": "https://github.com/dtwin88/cve-md/blob/main/lecms%20V3.0.3/lecms_4.md",
+ "refsource": "MISC",
+ "name": "https://github.com/dtwin88/cve-md/blob/main/lecms%20V3.0.3/lecms_4.md"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "dtwin (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 5,
+ "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}
diff --git a/2025/3xxx/CVE-2025-3998.json b/2025/3xxx/CVE-2025-3998.json
index b16fb42162a..e0fbc004f78 100644
--- a/2025/3xxx/CVE-2025-3998.json
+++ b/2025/3xxx/CVE-2025-3998.json
@@ -1,17 +1,123 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3998",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "In CodeAstro Membership Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei renew.php?id=6. Mittels Manipulieren des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "CodeAstro",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Membership Management System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.306334",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.306334"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.306334",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.306334"
+ },
+ {
+ "url": "https://vuldb.com/?submit.557972",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.557972"
+ },
+ {
+ "url": "https://github.com/lyg986443/cve/issues/4",
+ "refsource": "MISC",
+ "name": "https://github.com/lyg986443/cve/issues/4"
+ },
+ {
+ "url": "https://codeastro.com/",
+ "refsource": "MISC",
+ "name": "https://codeastro.com/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "bjbzbj (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}