diff --git a/2024/13xxx/CVE-2024-13217.json b/2024/13xxx/CVE-2024-13217.json new file mode 100644 index 00000000000..5f17ef8574b --- /dev/null +++ b/2024/13xxx/CVE-2024-13217.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13217", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/53xxx/CVE-2024-53526.json b/2024/53xxx/CVE-2024-53526.json index a3dafa3b4f0..1d3cf2a44ab 100644 --- a/2024/53xxx/CVE-2024-53526.json +++ b/2024/53xxx/CVE-2024-53526.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-53526", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-53526", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/openai/composio_openai/toolset.py#L184", + "refsource": "MISC", + "name": "https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/openai/composio_openai/toolset.py#L184" + }, + { + "url": "https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/claude/composio_claude/toolset.py#L156", + "refsource": "MISC", + "name": "https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/claude/composio_claude/toolset.py#L156" + }, + { + "url": "https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/julep/composio_julep/toolset.py#L21", + "refsource": "MISC", + "name": "https://github.com/ComposioHQ/composio/blob/11ee7470aa6543097ee30bb036af8e9726dc7a85/python/plugins/julep/composio_julep/toolset.py#L21" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ComposioHQ/composio/issues/1073", + "url": "https://github.com/ComposioHQ/composio/issues/1073" } ] } diff --git a/2024/53xxx/CVE-2024-53564.json b/2024/53xxx/CVE-2024-53564.json index 93796ab7afc..4a905002b75 100644 --- a/2024/53xxx/CVE-2024-53564.json +++ b/2024/53xxx/CVE-2024-53564.json @@ -1,9 +1,32 @@ { + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", "ID": "CVE-2024-53564", + "ASSIGNER": "cve@mitre.org", "STATE": "PUBLIC" }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX does not verify the type of uploaded files and does not restrict user access paths, allowing attackers to remotely control the FreePBX server by uploading malicious files with malicious content and accessing the default directory where the files are uploaded. This will result in particularly serious consequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, "affects": { "vendor": { "vendor_data": [ @@ -27,40 +50,30 @@ ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX does not verify the type of uploaded files and does not restrict user access paths, allowing attackers to remotely control the FreePBX server by uploading malicious files with malicious content and accessing the default directory where the files are uploaded. This will result in particularly serious consequences." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, "references": { "reference_data": [ { + "url": "https://gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903", "refsource": "MISC", - "name": "https://gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903", - "url": "https://gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903" + "name": "https://gist.github.com/hyp164D1/490732de230edf97423f6d95b0d2f903" }, { + "url": "https://gist.github.com/hyp164D1/d419bdf3e7e352088a21631d0f452a8c", "refsource": "MISC", - "name": "https://gist.github.com/hyp164D1/d419bdf3e7e352088a21631d0f452a8c", - "url": "https://gist.github.com/hyp164D1/d419bdf3e7e352088a21631d0f452a8c" + "name": "https://gist.github.com/hyp164D1/d419bdf3e7e352088a21631d0f452a8c" + } + ] + }, + "generator": { + "engine": "enrichogram 0.0.1" + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.2, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N" } ] } diff --git a/2024/54xxx/CVE-2024-54818.json b/2024/54xxx/CVE-2024-54818.json index 5504b8175cc..fb848d69426 100644 --- a/2024/54xxx/CVE-2024-54818.json +++ b/2024/54xxx/CVE-2024-54818.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-54818", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-54818", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portswigger.net/web-security/access-control#how-to-prevent-access-control-vulnerabilities", + "refsource": "MISC", + "name": "https://portswigger.net/web-security/access-control#how-to-prevent-access-control-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/CloseC4ll/vulnerability-research/tree/main/CVE-2024-54818", + "url": "https://github.com/CloseC4ll/vulnerability-research/tree/main/CVE-2024-54818" } ] } diff --git a/2025/0xxx/CVE-2025-0291.json b/2025/0xxx/CVE-2025-0291.json index e486861b1a1..5ffe1864051 100644 --- a/2025/0xxx/CVE-2025-0291.json +++ b/2025/0xxx/CVE-2025-0291.json @@ -1,17 +1,69 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0291", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "chrome-cve-admin@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion", + "cweId": "CWE-843" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "131.0.6778.264", + "version_value": "131.0.6778.264" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html" + }, + { + "url": "https://issues.chromium.org/issues/383356864", + "refsource": "MISC", + "name": "https://issues.chromium.org/issues/383356864" } ] } diff --git a/2025/0xxx/CVE-2025-0343.json b/2025/0xxx/CVE-2025-0343.json new file mode 100644 index 00000000000..6c5293b96d8 --- /dev/null +++ b/2025/0xxx/CVE-2025-0343.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-0343", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22139.json b/2025/22xxx/CVE-2025-22139.json index 916b15e8ad6..14119da0bef 100644 --- a/2025/22xxx/CVE-2025-22139.json +++ b/2025/22xxx/CVE-2025-22139.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22139", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_geral.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nilsonLazarin", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-xrjq-57mq-4hf8", + "refsource": "MISC", + "name": "https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-xrjq-57mq-4hf8" + } + ] + }, + "source": { + "advisory": "GHSA-xrjq-57mq-4hf8", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22140.json b/2025/22xxx/CVE-2025-22140.json index e91660ba779..8505a49c057 100644 --- a/2025/22xxx/CVE-2025-22140.json +++ b/2025/22xxx/CVE-2025-22140.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22140", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nilsonLazarin", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-mrhp-wfp2-59h5", + "refsource": "MISC", + "name": "https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-mrhp-wfp2-59h5" + } + ] + }, + "source": { + "advisory": "GHSA-mrhp-wfp2-59h5", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/22xxx/CVE-2025-22141.json b/2025/22xxx/CVE-2025-22141.json index 6128b41cad5..0e5aef2c7d3 100644 --- a/2025/22xxx/CVE-2025-22141.json +++ b/2025/22xxx/CVE-2025-22141.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-22141", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nilsonLazarin", + "product": { + "product_data": [ + { + "product_name": "WeGIA", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 3.2.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-w7hp-2w2c-p636", + "refsource": "MISC", + "name": "https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-w7hp-2w2c-p636" + } + ] + }, + "source": { + "advisory": "GHSA-w7hp-2w2c-p636", + "discovery": "UNKNOWN" } } \ No newline at end of file