admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-18 21:00:32 +00:00
parent f6bd3fa702
commit 7810b433b5
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 505 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
2024/53xxx/CVE-2024-53591.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-53591",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-53591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/aljoharasubaie/CVE-2024-53591",
"url": "https://github.com/aljoharasubaie/CVE-2024-53591"
}
]
}

61
2025/25xxx/CVE-2025-25983.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25983",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/vladko312/Research_v380_IP_camera",
"url": "https://github.com/vladko312/Research_v380_IP_camera"
},
{
"refsource": "MISC",
"name": "https://github.com/vladko312/Research_v380_IP_camera/blob/main/CVE-2025-25983.md",
"url": "https://github.com/vladko312/Research_v380_IP_camera/blob/main/CVE-2025-25983.md"
}
]
}

61
2025/25xxx/CVE-2025-25984.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25984",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/vladko312/Research_v380_IP_camera",
"url": "https://github.com/vladko312/Research_v380_IP_camera"
},
{
"refsource": "MISC",
"name": "https://github.com/vladko312/Research_v380_IP_camera/blob/main/CVE-2025-25984.md",
"url": "https://github.com/vladko312/Research_v380_IP_camera/blob/main/CVE-2025-25984.md"
}
]
}

61
2025/25xxx/CVE-2025-25985.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25985",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-25985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/vladko312/Research_v380_IP_camera",
"url": "https://github.com/vladko312/Research_v380_IP_camera"
},
{
"refsource": "MISC",
"name": "https://github.com/vladko312/Research_v380_IP_camera/blob/main/CVE-2025-25985.md",
"url": "https://github.com/vladko312/Research_v380_IP_camera/blob/main/CVE-2025-25985.md"
}
]
}

56
2025/29xxx/CVE-2025-29058.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29058",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-29058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cdn.wjlin0.com/halo-img/74CMSv3.34.0%E5%AD%98%E5%9C%A8%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.zip",
"refsource": "MISC",
"name": "https://cdn.wjlin0.com/halo-img/74CMSv3.34.0%E5%AD%98%E5%9C%A8%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.zip"
}
]
}

9
2025/32xxx/CVE-2025-32442.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_ content type such as with different casing or altered whitespacing before `;`. This issue has been patched in version 5.3.1. A workaround involves not specifying individual content types in the schema."
"value": "Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_ content type such as with different casing or altered whitespacing before `;`. This was patched in v5.3.1, but the initial patch did not cover all problems. This has been fully patched in v5.3.2. A workaround involves not specifying individual content types in the schema."
}
]
},
@ -41,7 +41,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": ">= 5.0.0, < 5.3.1"
"version_value": ">= 5.0.0, < 5.3.2"
}
]
}
@ -64,6 +64,11 @@
"refsource": "MISC",
"name": "https://github.com/fastify/fastify/commit/436da4c06dfbbb8c24adee3a64de0c51e4f47418"
},
{
"url": "https://github.com/fastify/fastify/commit/f3d2bcb3963cd570a582e5d39aab01a9ae692fe4",
"refsource": "MISC",
"name": "https://github.com/fastify/fastify/commit/f3d2bcb3963cd570a582e5d39aab01a9ae692fe4"
},
{
"url": "https://hackerone.com/reports/3087928",
"refsource": "MISC",

96
2025/32xxx/CVE-2025-32953.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes the automatically generated `.git/config` file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in your repository. This issue has been fixed in commit bd95916."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "udo-munk",
"product": {
"product_data": [
{
"product_name": "z80pack",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< bd95916"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/udo-munk/z80pack/security/advisories/GHSA-gpjj-f76m-9x3q",
"refsource": "MISC",
"name": "https://github.com/udo-munk/z80pack/security/advisories/GHSA-gpjj-f76m-9x3q"
},
{
"url": "https://github.com/udo-munk/z80pack/commit/1e06c2fe498ca772002b5c4f6f9e3085061e47da",
"refsource": "MISC",
"name": "https://github.com/udo-munk/z80pack/commit/1e06c2fe498ca772002b5c4f6f9e3085061e47da"
},
{
"url": "https://github.com/udo-munk/z80pack/commit/836c2e37b54f86bb4bed9e1406b67e52aa52308d",
"refsource": "MISC",
"name": "https://github.com/udo-munk/z80pack/commit/836c2e37b54f86bb4bed9e1406b67e52aa52308d"
},
{
"url": "https://github.com/udo-munk/z80pack/commit/95535987d690bd20849fbf143f267283f0e2db91",
"refsource": "MISC",
"name": "https://github.com/udo-munk/z80pack/commit/95535987d690bd20849fbf143f267283f0e2db91"
},
{
"url": "https://github.com/udo-munk/z80pack/commit/bd9591615ae7b1e6229aa60a485447441c4a0c15",
"refsource": "MISC",
"name": "https://github.com/udo-munk/z80pack/commit/bd9591615ae7b1e6229aa60a485447441c4a0c15"
}
]
},
"source": {
"advisory": "GHSA-gpjj-f76m-9x3q",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
]
}

109
2025/3xxx/CVE-2025-3795.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3795",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in DaiCuo 1.3.13 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Komponente SEO Optimization Settings Section. Mit der Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting",
"cweId": "CWE-79"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "DaiCuo",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.3.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.305648",
"refsource": "MISC",
"name": "https://vuldb.com/?id.305648"
},
{
"url": "https://vuldb.com/?ctiid.305648",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.305648"
},
{
"url": "https://vuldb.com/?submit.554639",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.554639"
},
{
"url": "https://github.com/daicuo/cms/issues/1",
"refsource": "MISC",
"name": "https://github.com/daicuo/cms/issues/1"
}
]
},
"credits": [
{
"lang": "en",
"value": "A13niL (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 2.4,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 2.4,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N"
}
]
}

18
2025/3xxx/CVE-2025-3814.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3814",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/43xxx/CVE-2025-43902.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-43902",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}