diff --git a/2025/21xxx/CVE-2025-21941.json b/2025/21xxx/CVE-2025-21941.json
index 36ada88d313..7440075a8b5 100644
--- a/2025/21xxx/CVE-2025-21941.json
+++ b/2025/21xxx/CVE-2025-21941.json
@@ -1,18 +1,135 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21941",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params\n\nNull pointer dereference issue could occur when pipe_ctx->plane_state\nis null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not\nnull before accessing. This prevents a null pointer dereference.\n\nFound by code review.\n\n(cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092)"
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "3be5262e353b8ab97c528bfc7d0dd3c820e4ba27",
+ "version_value": "c1e54752dc12e90305eb0475ca908f42f5b369ca"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "4.15",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "4.15",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.1.131",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.6.83",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.12.19",
+ "lessThanOrEqual": "6.12.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.13.7",
+ "lessThanOrEqual": "6.13.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.14",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/c1e54752dc12e90305eb0475ca908f42f5b369ca",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/c1e54752dc12e90305eb0475ca908f42f5b369ca"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/3b3c2be58d5275aa59d8b4810a59f173f2f5bac1",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/3b3c2be58d5275aa59d8b4810a59f173f2f5bac1"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/e0345c3478f185ca840daac7f08a1fcd4ebec3e9",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/e0345c3478f185ca840daac7f08a1fcd4ebec3e9"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/3748fad09d89e9a5290e1738fd6872a79f794743",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/3748fad09d89e9a5290e1738fd6872a79f794743"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/374c9faac5a763a05bc3f68ad9f73dab3c6aec90",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/374c9faac5a763a05bc3f68ad9f73dab3c6aec90"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-7c5fe7eed585"
}
}
\ No newline at end of file
diff --git a/2025/21xxx/CVE-2025-21942.json b/2025/21xxx/CVE-2025-21942.json
index d2e6ff7d6df..fe92ce7e107 100644
--- a/2025/21xxx/CVE-2025-21942.json
+++ b/2025/21xxx/CVE-2025-21942.json
@@ -1,18 +1,82 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21942",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: fix extent range end unlock in cow_file_range()\n\nRunning generic/751 on the for-next branch often results in a hang like\nbelow. They are both stack by locking an extent. This suggests someone\nforget to unlock an extent.\n\n INFO: task kworker/u128:1:12 blocked for more than 323 seconds.\n Not tainted 6.13.0-BTRFS-ZNS+ #503\n \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/u128:1 state:D stack:0 pid:12 tgid:12 ppid:2 flags:0x00004000\n Workqueue: btrfs-fixup btrfs_work_helper [btrfs]\n Call Trace:\n \n __schedule+0x534/0xdd0\n schedule+0x39/0x140\n __lock_extent+0x31b/0x380 [btrfs]\n ? __pfx_autoremove_wake_function+0x10/0x10\n btrfs_writepage_fixup_worker+0xf1/0x3a0 [btrfs]\n btrfs_work_helper+0xff/0x480 [btrfs]\n ? lock_release+0x178/0x2c0\n process_one_work+0x1ee/0x570\n ? srso_return_thunk+0x5/0x5f\n worker_thread+0x1d1/0x3b0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x10b/0x230\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n INFO: task kworker/u134:0:184 blocked for more than 323 seconds.\n Not tainted 6.13.0-BTRFS-ZNS+ #503\n \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/u134:0 state:D stack:0 pid:184 tgid:184 ppid:2 flags:0x00004000\n Workqueue: writeback wb_workfn (flush-btrfs-4)\n Call Trace:\n \n __schedule+0x534/0xdd0\n schedule+0x39/0x140\n __lock_extent+0x31b/0x380 [btrfs]\n ? __pfx_autoremove_wake_function+0x10/0x10\n find_lock_delalloc_range+0xdb/0x260 [btrfs]\n writepage_delalloc+0x12f/0x500 [btrfs]\n ? srso_return_thunk+0x5/0x5f\n extent_write_cache_pages+0x232/0x840 [btrfs]\n btrfs_writepages+0x72/0x130 [btrfs]\n do_writepages+0xe7/0x260\n ? srso_return_thunk+0x5/0x5f\n ? lock_acquire+0xd2/0x300\n ? srso_return_thunk+0x5/0x5f\n ? find_held_lock+0x2b/0x80\n ? wbc_attach_and_unlock_inode.part.0+0x102/0x250\n ? wbc_attach_and_unlock_inode.part.0+0x102/0x250\n __writeback_single_inode+0x5c/0x4b0\n writeback_sb_inodes+0x22d/0x550\n __writeback_inodes_wb+0x4c/0xe0\n wb_writeback+0x2f6/0x3f0\n wb_workfn+0x32a/0x510\n process_one_work+0x1ee/0x570\n ? srso_return_thunk+0x5/0x5f\n worker_thread+0x1d1/0x3b0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x10b/0x230\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\nThis happens because we have another success path for the zoned mode. When\nthere is no active zone available, btrfs_reserve_extent() returns\n-EAGAIN. In this case, we have two reactions.\n\n(1) If the given range is never allocated, we can only wait for someone\n to finish a zone, so wait on BTRFS_FS_NEED_ZONE_FINISH bit and retry\n afterward.\n\n(2) Or, if some allocations are already done, we must bail out and let\n the caller to send IOs for the allocation. This is because these IOs\n may be necessary to finish a zone.\n\nThe commit 06f364284794 (\"btrfs: do proper folio cleanup when\ncow_file_range() failed\") moved the unlock code from the inside of the\nloop to the outside. So, previously, the allocated extents are unlocked\njust after the allocation and so before returning from the function.\nHowever, they are no longer unlocked on the case (2) above. That caused\nthe hang issue.\n\nFix the issue by modifying the 'end' to the end of the allocated\nrange. Then, we can exit the loop and the same unlock code can properly\nhandle the case."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "692cf71173bb41395c855acbbbe197d3aedfa5d4",
+ "version_value": "3fcff2f55389306482ab049b4321bda49495e546"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "06f364284794f149d2abc167c11d556cf20c954b",
+ "version_value": "5a4041f2c47247575a6c2e53ce14f7b0ac946c33"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "6.13.2",
+ "version_value": "6.13.7"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/3fcff2f55389306482ab049b4321bda49495e546",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/3fcff2f55389306482ab049b4321bda49495e546"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/5a4041f2c47247575a6c2e53ce14f7b0ac946c33",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/5a4041f2c47247575a6c2e53ce14f7b0ac946c33"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-7c5fe7eed585"
}
}
\ No newline at end of file
diff --git a/2025/21xxx/CVE-2025-21962.json b/2025/21xxx/CVE-2025-21962.json
index e2c8f8b2425..1945de4afab 100644
--- a/2025/21xxx/CVE-2025-21962.json
+++ b/2025/21xxx/CVE-2025-21962.json
@@ -1,18 +1,135 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21962",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing closetimeo mount option\n\nUser-provided mount parameter closetimeo of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5efdd9122eff772eae2feae9f0fc0ec02d4846a3",
+ "version_value": "9968fcf02cf6b0f78fbacf3f63e782162603855a"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "6.0",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "6.0",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.1.132",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.6.84",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.12.20",
+ "lessThanOrEqual": "6.12.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.13.8",
+ "lessThanOrEqual": "6.13.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.14",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/9968fcf02cf6b0f78fbacf3f63e782162603855a",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/9968fcf02cf6b0f78fbacf3f63e782162603855a"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/6c13fcb7cf59ae65940da1dfea80144e42921e53",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/6c13fcb7cf59ae65940da1dfea80144e42921e53"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/1c46673be93dd2954f44fe370fb4f2b8e6214224",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/1c46673be93dd2954f44fe370fb4f2b8e6214224"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/b24edd5c191c2689c59d0509f0903f9487eb6317",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/b24edd5c191c2689c59d0509f0903f9487eb6317"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/d5a30fddfe2f2e540f6c43b59cf701809995faef",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/d5a30fddfe2f2e540f6c43b59cf701809995faef"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-7c5fe7eed585"
}
}
\ No newline at end of file
diff --git a/2025/21xxx/CVE-2025-21963.json b/2025/21xxx/CVE-2025-21963.json
index 891e8201269..cf092a782cc 100644
--- a/2025/21xxx/CVE-2025-21963.json
+++ b/2025/21xxx/CVE-2025-21963.json
@@ -1,18 +1,135 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21963",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Fix integer overflow while processing acdirmax mount option\n\nUser-provided mount parameter acdirmax of type u32 is intended to have\nan upper limit, but before it is validated, the value is converted from\nseconds to jiffies which can lead to an integer overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "4c9f948142a550af416a2bfb5e56d29ce29e92cf",
+ "version_value": "39d086bb3558da9640ef335f97453e01d32578a1"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "5.12",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "5.12",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.1.132",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.6.84",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.12.20",
+ "lessThanOrEqual": "6.12.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.13.8",
+ "lessThanOrEqual": "6.13.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.14",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/39d086bb3558da9640ef335f97453e01d32578a1",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/39d086bb3558da9640ef335f97453e01d32578a1"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/9e438d0410a4002d24f420f2c28897ba2dc0af64",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/9e438d0410a4002d24f420f2c28897ba2dc0af64"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/2809a79bc64964ce02e0c5f2d6bd39b9d09bdb3c",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/2809a79bc64964ce02e0c5f2d6bd39b9d09bdb3c"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/6124cbf73e3dea7591857dd63b8ccece28952afd",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/6124cbf73e3dea7591857dd63b8ccece28952afd"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/5b29891f91dfb8758baf1e2217bef4b16b2b165b",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/5b29891f91dfb8758baf1e2217bef4b16b2b165b"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-7c5fe7eed585"
}
}
\ No newline at end of file
diff --git a/2025/21xxx/CVE-2025-21983.json b/2025/21xxx/CVE-2025-21983.json
index c724b0c78fd..fcb0e5564e6 100644
--- a/2025/21xxx/CVE-2025-21983.json
+++ b/2025/21xxx/CVE-2025-21983.json
@@ -1,18 +1,113 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21983",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slab/kvfree_rcu: Switch to WQ_MEM_RECLAIM wq\n\nCurrently kvfree_rcu() APIs use a system workqueue which is\n\"system_unbound_wq\" to driver RCU machinery to reclaim a memory.\n\nRecently, it has been noted that the following kernel warning can\nbe observed:\n\n\nworkqueue: WQ_MEM_RECLAIM nvme-wq:nvme_scan_work is flushing !WQ_MEM_RECLAIM events_unbound:kfree_rcu_work\n WARNING: CPU: 21 PID: 330 at kernel/workqueue.c:3719 check_flush_dependency+0x112/0x120\n Modules linked in: intel_uncore_frequency(E) intel_uncore_frequency_common(E) skx_edac(E) ...\n CPU: 21 UID: 0 PID: 330 Comm: kworker/u144:6 Tainted: G E 6.13.2-0_g925d379822da #1\n Hardware name: Wiwynn Twin Lakes MP/Twin Lakes Passive MP, BIOS YMM20 02/01/2023\n Workqueue: nvme-wq nvme_scan_work\n RIP: 0010:check_flush_dependency+0x112/0x120\n Code: 05 9a 40 14 02 01 48 81 c6 c0 00 00 00 48 8b 50 18 48 81 c7 c0 00 00 00 48 89 f9 48 ...\n RSP: 0018:ffffc90000df7bd8 EFLAGS: 00010082\n RAX: 000000000000006a RBX: ffffffff81622390 RCX: 0000000000000027\n RDX: 00000000fffeffff RSI: 000000000057ffa8 RDI: ffff88907f960c88\n RBP: 0000000000000000 R08: ffffffff83068e50 R09: 000000000002fffd\n R10: 0000000000000004 R11: 0000000000000000 R12: ffff8881001a4400\n R13: 0000000000000000 R14: ffff88907f420fb8 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff88907f940000(0000) knlGS:0000000000000000\n CR2: 00007f60c3001000 CR3: 000000107d010005 CR4: 00000000007726f0\n PKRU: 55555554\n Call Trace:\n \n ? __warn+0xa4/0x140\n ? check_flush_dependency+0x112/0x120\n ? report_bug+0xe1/0x140\n ? check_flush_dependency+0x112/0x120\n ? handle_bug+0x5e/0x90\n ? exc_invalid_op+0x16/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? timer_recalc_next_expiry+0x190/0x190\n ? check_flush_dependency+0x112/0x120\n ? check_flush_dependency+0x112/0x120\n __flush_work.llvm.1643880146586177030+0x174/0x2c0\n flush_rcu_work+0x28/0x30\n kvfree_rcu_barrier+0x12f/0x160\n kmem_cache_destroy+0x18/0x120\n bioset_exit+0x10c/0x150\n disk_release.llvm.6740012984264378178+0x61/0xd0\n device_release+0x4f/0x90\n kobject_put+0x95/0x180\n nvme_put_ns+0x23/0xc0\n nvme_remove_invalid_namespaces+0xb3/0xd0\n nvme_scan_work+0x342/0x490\n process_scheduled_works+0x1a2/0x370\n worker_thread+0x2ff/0x390\n ? pwq_release_workfn+0x1e0/0x1e0\n kthread+0xb1/0xe0\n ? __kthread_parkme+0x70/0x70\n ret_from_fork+0x30/0x40\n ? __kthread_parkme+0x70/0x70\n ret_from_fork_asm+0x11/0x20\n \n ---[ end trace 0000000000000000 ]---\n\n\nTo address this switch to use of independent WQ_MEM_RECLAIM\nworkqueue, so the rules are not violated from workqueue framework\npoint of view.\n\nApart of that, since kvfree_rcu() does reclaim memory it is worth\nto go with WQ_MEM_RECLAIM type of wq because it is designed for\nthis purpose."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "6c6c47b063b593785202be158e61fe5c827d6677",
+ "version_value": "a74979dce9e9c61f6d797c3761020252c4d8dc63"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "6.12",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "6.12",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.12.20",
+ "lessThanOrEqual": "6.12.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.13.8",
+ "lessThanOrEqual": "6.13.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.14",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/a74979dce9e9c61f6d797c3761020252c4d8dc63",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/a74979dce9e9c61f6d797c3761020252c4d8dc63"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/656e35bf66a11e1adde44c4c12050086dc39f241",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/656e35bf66a11e1adde44c4c12050086dc39f241"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/dfd3df31c9db752234d7d2e09bef2aeabb643ce4",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/dfd3df31c9db752234d7d2e09bef2aeabb643ce4"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-7c5fe7eed585"
}
}
\ No newline at end of file
diff --git a/2025/21xxx/CVE-2025-21984.json b/2025/21xxx/CVE-2025-21984.json
index 8f80843ef84..77ba94dbdba 100644
--- a/2025/21xxx/CVE-2025-21984.json
+++ b/2025/21xxx/CVE-2025-21984.json
@@ -1,18 +1,113 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-21984",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@kernel.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix kernel BUG when userfaultfd_move encounters swapcache\n\nuserfaultfd_move() checks whether the PTE entry is present or a\nswap entry.\n\n- If the PTE entry is present, move_present_pte() handles folio\n migration by setting:\n\n src_folio->index = linear_page_index(dst_vma, dst_addr);\n\n- If the PTE entry is a swap entry, move_swap_pte() simply copies\n the PTE to the new dst_addr.\n\nThis approach is incorrect because, even if the PTE is a swap entry,\nit can still reference a folio that remains in the swap cache.\n\nThis creates a race window between steps 2 and 4.\n 1. add_to_swap: The folio is added to the swapcache.\n 2. try_to_unmap: PTEs are converted to swap entries.\n 3. pageout: The folio is written back.\n 4. Swapcache is cleared.\nIf userfaultfd_move() occurs in the window between steps 2 and 4,\nafter the swap PTE has been moved to the destination, accessing the\ndestination triggers do_swap_page(), which may locate the folio in\nthe swapcache. However, since the folio's index has not been updated\nto match the destination VMA, do_swap_page() will detect a mismatch.\n\nThis can result in two critical issues depending on the system\nconfiguration.\n\nIf KSM is disabled, both small and large folios can trigger a BUG\nduring the add_rmap operation due to:\n\n page_pgoff(folio, page) != linear_page_index(vma, address)\n\n[ 13.336953] page: refcount:6 mapcount:1 mapping:00000000f43db19c index:0xffffaf150 pfn:0x4667c\n[ 13.337520] head: order:2 mapcount:1 entire_mapcount:0 nr_pages_mapped:1 pincount:0\n[ 13.337716] memcg:ffff00000405f000\n[ 13.337849] anon flags: 0x3fffc0000020459(locked|uptodate|dirty|owner_priv_1|head|swapbacked|node=0|zone=0|lastcpupid=0xffff)\n[ 13.338630] raw: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361\n[ 13.338831] raw: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000\n[ 13.339031] head: 03fffc0000020459 ffff80008507b538 ffff80008507b538 ffff000006260361\n[ 13.339204] head: 0000000ffffaf150 0000000000004000 0000000600000000 ffff00000405f000\n[ 13.339375] head: 03fffc0000000202 fffffdffc0199f01 ffffffff00000000 0000000000000001\n[ 13.339546] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000\n[ 13.339736] page dumped because: VM_BUG_ON_PAGE(page_pgoff(folio, page) != linear_page_index(vma, address))\n[ 13.340190] ------------[ cut here ]------------\n[ 13.340316] kernel BUG at mm/rmap.c:1380!\n[ 13.340683] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\n[ 13.340969] Modules linked in:\n[ 13.341257] CPU: 1 UID: 0 PID: 107 Comm: a.out Not tainted 6.14.0-rc3-gcf42737e247a-dirty #299\n[ 13.341470] Hardware name: linux,dummy-virt (DT)\n[ 13.341671] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 13.341815] pc : __page_check_anon_rmap+0xa0/0xb0\n[ 13.341920] lr : __page_check_anon_rmap+0xa0/0xb0\n[ 13.342018] sp : ffff80008752bb20\n[ 13.342093] x29: ffff80008752bb20 x28: fffffdffc0199f00 x27: 0000000000000001\n[ 13.342404] x26: 0000000000000000 x25: 0000000000000001 x24: 0000000000000001\n[ 13.342575] x23: 0000ffffaf0d0000 x22: 0000ffffaf0d0000 x21: fffffdffc0199f00\n[ 13.342731] x20: fffffdffc0199f00 x19: ffff000006210700 x18: 00000000ffffffff\n[ 13.342881] x17: 6c203d2120296567 x16: 6170202c6f696c6f x15: 662866666f67705f\n[ 13.343033] x14: 6567617028454741 x13: 2929737365726464 x12: ffff800083728ab0\n[ 13.343183] x11: ffff800082996bf8 x10: 0000000000000fd7 x9 : ffff80008011bc40\n[ 13.343351] x8 : 0000000000017fe8 x7 : 00000000fffff000 x6 : ffff8000829eebf8\n[ 13.343498] x5 : c0000000fffff000 x4 : 0000000000000000 x3 : 0000000000000000\n[ 13.343645] x2 : 0000000000000000 x1 : ffff0000062db980 x0 : 000000000000005f\n[ 13.343876] Call trace:\n[ 13.344045] __page_check_anon_rmap+0xa0/0xb0 (P)\n[ 13.344234] folio_add_anon_rmap_ptes+0x22c/0x320\n[ 13.344333] do_swap_page+0x1060/0x1400\n[ 13.344417] __handl\n---truncated---"
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Linux",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Linux",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "adef440691bab824e39c1b17382322d195e1fab0",
+ "version_value": "4e9507246298fd6f1ca7bb42ef01a6e34fb93684"
+ },
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "6.8",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "6.8",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.12.20",
+ "lessThanOrEqual": "6.12.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.13.8",
+ "lessThanOrEqual": "6.13.*",
+ "status": "unaffected",
+ "versionType": "semver"
+ },
+ {
+ "version": "6.14",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://git.kernel.org/stable/c/4e9507246298fd6f1ca7bb42ef01a6e34fb93684",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/4e9507246298fd6f1ca7bb42ef01a6e34fb93684"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/b1e11bd86c0943bb7624efebdc384340a50ad683",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/b1e11bd86c0943bb7624efebdc384340a50ad683"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/c50f8e6053b0503375c2975bf47f182445aebb4c",
+ "refsource": "MISC",
+ "name": "https://git.kernel.org/stable/c/c50f8e6053b0503375c2975bf47f182445aebb4c"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "bippy-7c5fe7eed585"
}
}
\ No newline at end of file
diff --git a/2025/25xxx/CVE-2025-25211.json b/2025/25xxx/CVE-2025-25211.json
index 17dfde36226..872196677f7 100644
--- a/2025/25xxx/CVE-2025-25211.json
+++ b/2025/25xxx/CVE-2025-25211.json
@@ -1,17 +1,88 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-25211",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Weak password requirements",
+ "cweId": "CWE-521"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Inaba Denki Sangyo Co., Ltd.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CHOCO TEI WATCHER mini (IB-MCT001)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf",
+ "refsource": "MISC",
+ "name": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
+ },
+ {
+ "url": "https://jvn.jp/en/vu/JVNVU91154745/",
+ "refsource": "MISC",
+ "name": "https://jvn.jp/en/vu/JVNVU91154745/"
+ },
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
+ },
+ {
+ "url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording",
+ "refsource": "MISC",
+ "name": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseSeverity": "CRITICAL",
+ "baseScore": 9.8,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
]
}
diff --git a/2025/26xxx/CVE-2025-26683.json b/2025/26xxx/CVE-2025-26683.json
index 6bf6092f5e0..a2b63b20a99 100644
--- a/2025/26xxx/CVE-2025-26683.json
+++ b/2025/26xxx/CVE-2025-26683.json
@@ -1,17 +1,73 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-26683",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@microsoft.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-285: Improper Authorization",
+ "cweId": "CWE-285"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Microsoft",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Azure Playwright",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "N/A"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26683",
+ "refsource": "MISC",
+ "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26683"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseSeverity": "HIGH",
+ "baseScore": 8.1,
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"
}
]
}
diff --git a/2025/26xxx/CVE-2025-26689.json b/2025/26xxx/CVE-2025-26689.json
index be70297e494..109dfdc6154 100644
--- a/2025/26xxx/CVE-2025-26689.json
+++ b/2025/26xxx/CVE-2025-26689.json
@@ -1,17 +1,88 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-26689",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Direct request ('Forced Browsing')",
+ "cweId": "CWE-425"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Inaba Denki Sangyo Co., Ltd.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CHOCO TEI WATCHER mini (IB-MCT001)",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "all versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf",
+ "refsource": "MISC",
+ "name": "https://www.inaba.co.jp/files/chocomini_vulnerability.pdf"
+ },
+ {
+ "url": "https://jvn.jp/en/vu/JVNVU91154745/",
+ "refsource": "MISC",
+ "name": "https://jvn.jp/en/vu/JVNVU91154745/"
+ },
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-084-04"
+ },
+ {
+ "url": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording",
+ "refsource": "MISC",
+ "name": "https://www.nozominetworks.com/blog/unpatched-vulnerabilities-in-production-line-cameras-may-allow-remote-surveillance-hinder-stoppage-recording"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseSeverity": "CRITICAL",
+ "baseScore": 9.8,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27095.json b/2025/27xxx/CVE-2025-27095.json
index eb734161906..fce0a8d5db5 100644
--- a/2025/27xxx/CVE-2025-27095.json
+++ b/2025/27xxx/CVE-2025-27095.json
@@ -1,17 +1,89 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27095",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to 4.8.0 and 3.10.18, an attacker with a low-privileged account can access the Kubernetes session feature and manipulate the kubeconfig file to redirect API requests to an external server controlled by the attacker. This allows the attacker to intercept and capture the Kubernetes cluster token. This can potentially allow unauthorized access to the cluster and compromise its security. This vulnerability is fixed in 4.8.0 and 3.10.18."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-266: Incorrect Privilege Assignment",
+ "cweId": "CWE-266"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "jumpserver",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "jumpserver",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 3.10.18"
+ },
+ {
+ "version_affected": "=",
+ "version_value": ">= 4.0.0, < 4.8.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-5q9w-f4wh-f535",
+ "refsource": "MISC",
+ "name": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-5q9w-f4wh-f535"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-5q9w-f4wh-f535",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27130.json b/2025/27xxx/CVE-2025-27130.json
index fefe6403f1e..fba89e5cdce 100644
--- a/2025/27xxx/CVE-2025-27130.json
+++ b/2025/27xxx/CVE-2025-27130.json
@@ -1,17 +1,78 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27130",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Welcart e-Commerce 2.11.6 and earlier versions contains an untrusted data deserialization vulnerability. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker who can access websites created using the product."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Deserialization of untrusted data",
+ "cweId": "CWE-502"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Welcart Inc.",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Welcart e-Commerce",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2.11.6 and earlier versions"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.welcart.com/archives/23868.html",
+ "refsource": "MISC",
+ "name": "https://www.welcart.com/archives/23868.html"
+ },
+ {
+ "url": "https://jvn.jp/en/jp/JVN87266215/",
+ "refsource": "MISC",
+ "name": "https://jvn.jp/en/jp/JVN87266215/"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "baseSeverity": "MEDIUM",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27149.json b/2025/27xxx/CVE-2025-27149.json
index a9d08baf4a3..a15f59f8f92 100644
--- a/2025/27xxx/CVE-2025-27149.json
+++ b/2025/27xxx/CVE-2025-27149.json
@@ -1,18 +1,68 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27149",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries (E.g., ZulipGitlabWebhook, okhttp, or PycURL) that have been used to access any organization on the server was incorrectly included in all three export types, regardless of if they were used to access the exported organization or not. The \"public data\" and \"with consent\" exports metadata including the titles of some topics in private channels which the administrator otherwise did not have access to, and none of the users consented to exporting and metadata for which users were in a group DM together. This vulnerability is fixed in 10.0."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
+ "cweId": "CWE-497"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "zulip",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "zulip",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": ">= 2.1.0, < 10.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/zulip/zulip/security/advisories/GHSA-358p-x39m-99mm",
+ "refsource": "MISC",
+ "name": "https://github.com/zulip/zulip/security/advisories/GHSA-358p-x39m-99mm"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-358p-x39m-99mm",
+ "discovery": "UNKNOWN"
}
}
\ No newline at end of file
diff --git a/2025/27xxx/CVE-2025-27244.json b/2025/27xxx/CVE-2025-27244.json
index 09a69b57ee0..cf902a65be8 100644
--- a/2025/27xxx/CVE-2025-27244.json
+++ b/2025/27xxx/CVE-2025-27244.json
@@ -1,17 +1,93 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27244",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vultures@jpcert.or.jp",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Insertion of sensitive information into sent data",
+ "cweId": "CWE-201"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Hammock Corporation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "AssetView",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "prior to Ver 13.2.4.3408 (13.2.4O)"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "AssetView CLOUD",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "prior to Ver 13.2.4.3408 (13.2.4O)"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "prior to Ver 13.3.4.3004 (13.3.4K)"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.hammock.jp/assetview/info/250325.html",
+ "refsource": "MISC",
+ "name": "https://www.hammock.jp/assetview/info/250325.html"
+ },
+ {
+ "url": "https://jvn.jp/en/jp/JVN26321838/",
+ "refsource": "MISC",
+ "name": "https://jvn.jp/en/jp/JVN26321838/"
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.0",
+ "baseSeverity": "MEDIUM",
+ "baseScore": 5.9,
+ "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27427.json b/2025/27xxx/CVE-2025-27427.json
index 52fa6c56036..3ec028976d8 100644
--- a/2025/27xxx/CVE-2025-27427.json
+++ b/2025/27xxx/CVE-2025-27427.json
@@ -1,18 +1,96 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27427",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@apache.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular address. When combined with the send permission and automatic queue creation a user could successfully send a message with a routing-type not supported by the address when that message should actually be rejected on the basis that the user doesn't have permission to change the routing-type of the address.\n\nThis issue affects Apache ActiveMQ Artemis from 2.0.0 through 2.39.0.\n\nUsers are recommended to upgrade to version 2.40.0 which fixes the issue."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-863 Incorrect Authorization",
+ "cweId": "CWE-863"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Apache Software Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache ActiveMQ Artemis",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "2.0.0",
+ "version_value": "2.39.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://lists.apache.org/thread/8dzlm2vkqphyrnkrby8r8kzndsm5o6x8",
+ "refsource": "MISC",
+ "name": "https://lists.apache.org/thread/8dzlm2vkqphyrnkrby8r8kzndsm5o6x8"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "defect": [
+ "ARTEMIS-5346"
+ ],
+ "discovery": "EXTERNAL"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Eojin Lee "
+ },
+ {
+ "lang": "en",
+ "value": "Dain Lee "
+ },
+ {
+ "lang": "en",
+ "value": "WooJin Park <1203kids@gmail.com>"
+ },
+ {
+ "lang": "en",
+ "value": "MinJung Lee "
+ },
+ {
+ "lang": "en",
+ "value": "SeChang Oh "
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/27xxx/CVE-2025-27692.json b/2025/27xxx/CVE-2025-27692.json
index 01f5d8ef42c..1965c89ddbd 100644
--- a/2025/27xxx/CVE-2025-27692.json
+++ b/2025/27xxx/CVE-2025-27692.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27692",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@dell.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-434: Unrestricted Upload of File with Dangerous Type",
+ "cweId": "CWE-434"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Dell",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Wyse Management Suite Repository",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "N/A",
+ "version_value": "5.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135",
+ "refsource": "MISC",
+ "name": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Dell Technologies would like to thank Alain Mowat from Orange Cyberdefense Switzerland's research lab for reporting these issues."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 4.7,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27693.json b/2025/27xxx/CVE-2025-27693.json
index d3402a184e2..951b0c798ca 100644
--- a/2025/27xxx/CVE-2025-27693.json
+++ b/2025/27xxx/CVE-2025-27693.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27693",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@dell.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Dell",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Wyse Management Suite",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "N/A",
+ "version_value": "5.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135",
+ "refsource": "MISC",
+ "name": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Dell Technologies would like to thank Alain Mowat from Orange Cyberdefense Switzerland's research lab for reporting these issues."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "HIGH",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/27xxx/CVE-2025-27694.json b/2025/27xxx/CVE-2025-27694.json
index 21233ec6b2a..a244f748cab 100644
--- a/2025/27xxx/CVE-2025-27694.json
+++ b/2025/27xxx/CVE-2025-27694.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27694",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secure@dell.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Insufficient Resource Pool vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-410: Insufficient Resource Pool",
+ "cweId": "CWE-410"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Dell",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Wyse Management Suite",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "N/A",
+ "version_value": "5.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135",
+ "refsource": "MISC",
+ "name": "https://www.dell.com/support/kbdoc/en-us/000296515/dsa-2025-135"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Dell Technologies would like to thank Alain Mowat from Orange Cyberdefense Switzerland's research lab for reporting these issues."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2513.json b/2025/2xxx/CVE-2025-2513.json
index 62c9918dc8d..35866632e68 100644
--- a/2025/2xxx/CVE-2025-2513.json
+++ b/2025/2xxx/CVE-2025-2513.json
@@ -1,17 +1,95 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2513",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@wordfence.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The Smart Icons For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "smartpixels",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Smart Icons For WordPress",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "*",
+ "version_value": "1.0.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f5d8eac-fca9-4222-9a5f-a12748d298ec?source=cve",
+ "refsource": "MISC",
+ "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f5d8eac-fca9-4222-9a5f-a12748d298ec?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/smartifw/tags/1.0.4/includes/media.php#L3",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/smartifw/tags/1.0.4/includes/media.php#L3"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/smartifw/tags/1.0.4/smart_icons_for_wordpress.php#L86",
+ "refsource": "MISC",
+ "name": "https://plugins.trac.wordpress.org/browser/smartifw/tags/1.0.4/smart_icons_for_wordpress.php#L86"
+ },
+ {
+ "url": "https://wordpress.org/plugins/smartifw/#developers",
+ "refsource": "MISC",
+ "name": "https://wordpress.org/plugins/smartifw/#developers"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Avraham Shemesh"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2538.json b/2025/2xxx/CVE-2025-2538.json
index c726652d197..ed970c55c37 100644
--- a/2025/2xxx/CVE-2025-2538.json
+++ b/2025/2xxx/CVE-2025-2538.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Some deployments of Esri ArcGIS Enterprise are vulnerable to an improper authentication vulnerability."
+ "value": "A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote authenticated attacker\u00a0to\u00a0gain administrative access to the system."
}
]
},
diff --git a/2025/2xxx/CVE-2025-2586.json b/2025/2xxx/CVE-2025-2586.json
index 04182bb415a..69165af4e76 100644
--- a/2025/2xxx/CVE-2025-2586.json
+++ b/2025/2xxx/CVE-2025-2586.json
@@ -1,17 +1,94 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2586",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "secalert@redhat.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk usage, and potential service unavailability. Since the issue does not require authentication, an external attacker can exhaust CPU, RAM, and disk space, impacting both application and cluster stability."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Uncontrolled Resource Consumption",
+ "cweId": "CWE-400"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Red Hat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "OpenShift Lightspeed",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2025-2586",
+ "refsource": "MISC",
+ "name": "https://access.redhat.com/security/cve/CVE-2025-2586"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353998",
+ "refsource": "MISC",
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2353998"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Red Hat would like to thank Jon Weiser (RedHat) and Oleg Sushchenko (RedHat) for reporting this issue."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2725.json b/2025/2xxx/CVE-2025-2725.json
index 9f128ba8cda..01de209b9a6 100644
--- a/2025/2xxx/CVE-2025-2725.json
+++ b/2025/2xxx/CVE-2025-2725.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+ "value": "A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
- "value": "In H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /api/login/auth der Komponente HTTP POST Request Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ "value": "In H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /api/login/auth der Komponente HTTP POST Request Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@@ -143,20 +143,20 @@
"cvss": [
{
"version": "3.1",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
- "baseScore": 9,
- "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
+ "baseScore": 7.7,
+ "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2726.json b/2025/2xxx/CVE-2025-2726.json
index 79735e8f6b2..0ce2f5bb7b7 100644
--- a/2025/2xxx/CVE-2025-2726.json
+++ b/2025/2xxx/CVE-2025-2726.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+ "value": "A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this issue is some unknown functionality of the file /api/esps of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
- "value": "Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /api/esps der Komponente HTTP POST Request Handler. Mittels Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ "value": "Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /api/esps der Komponente HTTP POST Request Handler. Mittels Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@@ -143,20 +143,20 @@
"cvss": [
{
"version": "3.1",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
- "baseScore": 9,
- "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
+ "baseScore": 7.7,
+ "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2727.json b/2025/2xxx/CVE-2025-2727.json
index b82b680187e..36e0fbe9663 100644
--- a/2025/2xxx/CVE-2025-2727.json
+++ b/2025/2xxx/CVE-2025-2727.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+ "value": "A vulnerability, which was classified as critical, was found in H3C Magic NX30 Pro up to V100R007. This affects an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads to command injection. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
- "value": "Es wurde eine kritische Schwachstelle in H3C Magic NX30 Pro bis V100R007 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /api/wizard/getNetworkStatus der Komponente HTTP POST Request Handler. Durch das Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ "value": "Es wurde eine kritische Schwachstelle in H3C Magic NX30 Pro bis V100R007 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /api/wizard/getNetworkStatus der Komponente HTTP POST Request Handler. Durch das Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@@ -99,20 +99,20 @@
"cvss": [
{
"version": "3.1",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
- "baseScore": 9,
- "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
+ "baseScore": 7.7,
+ "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2728.json b/2025/2xxx/CVE-2025-2728.json
index d3daef3717f..1f9f0ca924b 100644
--- a/2025/2xxx/CVE-2025-2728.json
+++ b/2025/2xxx/CVE-2025-2728.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way."
+ "value": "A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be approached within the local network."
},
{
"lang": "deu",
- "value": "In H3C Magic NX30 Pro and Magic NX400 bis V100R014 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /api/wizard/getNetworkConf. Durch Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen."
+ "value": "In H3C Magic NX30 Pro and Magic NX400 bis V100R014 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /api/wizard/getNetworkConf. Durch Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen."
}
]
},
@@ -110,20 +110,20 @@
"cvss": [
{
"version": "3.1",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
- "baseScore": 9,
- "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
+ "baseScore": 7.7,
+ "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2729.json b/2025/2xxx/CVE-2025-2729.json
index 5cc151b35a4..692529f8a5f 100644
--- a/2025/2xxx/CVE-2025-2729.json
+++ b/2025/2xxx/CVE-2025-2729.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+ "value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects some unknown processing of the file /api/wizard/networkSetup of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
- "value": "Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /api/wizard/networkSetup der Komponente HTTP POST Request Handler. Durch das Beeinflussen mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ "value": "Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 gefunden. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /api/wizard/networkSetup der Komponente HTTP POST Request Handler. Durch das Beeinflussen mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@@ -143,20 +143,20 @@
"cvss": [
{
"version": "3.1",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
- "baseScore": 9,
- "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
+ "baseScore": 7.7,
+ "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2730.json b/2025/2xxx/CVE-2025-2730.json
index b3535c25c2e..d619cd1d37d 100644
--- a/2025/2xxx/CVE-2025-2730.json
+++ b/2025/2xxx/CVE-2025-2730.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+ "value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is an unknown function of the file /api/wizard/getssidname of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
- "value": "Es wurde eine kritische Schwachstelle in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /api/wizard/getssidname der Komponente HTTP POST Request Handler. Durch Beeinflussen mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ "value": "Es wurde eine kritische Schwachstelle in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /api/wizard/getssidname der Komponente HTTP POST Request Handler. Durch Beeinflussen mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@@ -143,20 +143,20 @@
"cvss": [
{
"version": "3.1",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
- "baseScore": 9,
- "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
+ "baseScore": 7.7,
+ "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2731.json b/2025/2xxx/CVE-2025-2731.json
index 27d557b31dd..2917130f70c 100644
--- a/2025/2xxx/CVE-2025-2731.json
+++ b/2025/2xxx/CVE-2025-2731.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+ "value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/wizard/getDualbandSync of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
- "value": "In H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /api/wizard/getDualbandSync der Komponente HTTP POST Request Handler. Dank der Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ "value": "In H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /api/wizard/getDualbandSync der Komponente HTTP POST Request Handler. Dank der Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@@ -143,20 +143,20 @@
"cvss": [
{
"version": "3.1",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
- "baseScore": 9,
- "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
+ "baseScore": 7.7,
+ "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2732.json b/2025/2xxx/CVE-2025-2732.json
index 3796be18b83..c60d5db4d7f 100644
--- a/2025/2xxx/CVE-2025-2732.json
+++ b/2025/2xxx/CVE-2025-2732.json
@@ -11,11 +11,11 @@
"description_data": [
{
"lang": "eng",
- "value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+ "value": "A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
- "value": "Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /api/wizard/getWifiNeighbour der Komponente HTTP POST Request Handler. Dank Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ "value": "Eine kritische Schwachstelle wurde in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 bis V100R014 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /api/wizard/getWifiNeighbour der Komponente HTTP POST Request Handler. Dank Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
@@ -143,20 +143,20 @@
"cvss": [
{
"version": "3.1",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
- "baseScore": 8.8,
- "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 8,
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
- "baseScore": 9,
- "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
+ "baseScore": 7.7,
+ "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C"
}
]
}
diff --git a/2025/30xxx/CVE-2025-30834.json b/2025/30xxx/CVE-2025-30834.json
index e3ca8125ff3..abc12122575 100644
--- a/2025/30xxx/CVE-2025-30834.json
+++ b/2025/30xxx/CVE-2025-30834.json
@@ -1,17 +1,122 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30834",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "audit@patchstack.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Path Traversal vulnerability in Bit Apps Bit Assist allows Path Traversal. This issue affects Bit Assist: from n/a through 1.5.4."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-35 Path Traversal",
+ "cweId": "CWE-35"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Bit Apps",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Bit Assist",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "1.5.4",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom",
+ "changes": [
+ {
+ "at": "1.5.5",
+ "status": "unaffected"
+ }
+ ]
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://patchstack.com/database/wordpress/plugin/bit-assist/vulnerability/wordpress-bit-assist-plugin-1-5-4-path-traversal-vulnerability?_s_id=cve",
+ "refsource": "MISC",
+ "name": "https://patchstack.com/database/wordpress/plugin/bit-assist/vulnerability/wordpress-bit-assist-plugin-1-5-4-path-traversal-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update the WordPress Bit Assist plugin to the latest available version (at least 1.5.5)."
+ }
+ ],
+ "value": "Update the WordPress Bit Assist plugin to the latest available version (at least 1.5.5)."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Falgun Patel (Patchstack Alliance)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "baseScore": 7.5,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+ "baseSeverity": "HIGH",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "version": "3.1"
}
]
}
diff --git a/2025/30xxx/CVE-2025-30835.json b/2025/30xxx/CVE-2025-30835.json
index e003534670c..6e038817cff 100644
--- a/2025/30xxx/CVE-2025-30835.json
+++ b/2025/30xxx/CVE-2025-30835.json
@@ -1,17 +1,122 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30835",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "audit@patchstack.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Accounting for WooCommerce allows PHP Local File Inclusion. This issue affects Accounting for WooCommerce: from n/a through 1.6.8."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')",
+ "cweId": "CWE-98"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Bastien Ho",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Accounting for WooCommerce",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "1.6.8",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom",
+ "changes": [
+ {
+ "at": "1.6.9",
+ "status": "unaffected"
+ }
+ ]
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://patchstack.com/database/wordpress/plugin/accounting-for-woocommerce/vulnerability/wordpress-accounting-for-woocommerce-plugin-1-6-8-local-file-inclusion-vulnerability?_s_id=cve",
+ "refsource": "MISC",
+ "name": "https://patchstack.com/database/wordpress/plugin/accounting-for-woocommerce/vulnerability/wordpress-accounting-for-woocommerce-plugin-1-6-8-local-file-inclusion-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update the WordPress Accounting for WooCommerce plugin to the latest available version (at least 1.6.9)."
+ }
+ ],
+ "value": "Update the WordPress Accounting for WooCommerce plugin to the latest available version (at least 1.6.9)."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Dimas Maulana (Patchstack Alliance)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "baseScore": 7.5,
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseSeverity": "HIGH",
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1"
}
]
}
diff --git a/2025/30xxx/CVE-2025-30837.json b/2025/30xxx/CVE-2025-30837.json
index aedc13a301a..295fe94538c 100644
--- a/2025/30xxx/CVE-2025-30837.json
+++ b/2025/30xxx/CVE-2025-30837.json
@@ -1,17 +1,122 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30837",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "audit@patchstack.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristiano Zanca WooCommerce Fattureincloud allows Reflected XSS. This issue affects WooCommerce Fattureincloud: from n/a through 2.6.7."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Cristiano Zanca",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "WooCommerce Fattureincloud",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "2.6.7",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom",
+ "changes": [
+ {
+ "at": "2.6.8",
+ "status": "unaffected"
+ }
+ ]
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://patchstack.com/database/wordpress/plugin/woo-fattureincloud/vulnerability/wordpress-woocommerce-fattureincloud-plugin-2-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "MISC",
+ "name": "https://patchstack.com/database/wordpress/plugin/woo-fattureincloud/vulnerability/wordpress-woocommerce-fattureincloud-plugin-2-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update the WordPress WooCommerce Fattureincloud plugin to the latest available version (at least 2.6.8)."
+ }
+ ],
+ "value": "Update the WordPress WooCommerce Fattureincloud plugin to the latest available version (at least 2.6.8)."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Nguyen Xuan Chien (Patchstack Alliance)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "baseScore": 7.1,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+ "baseSeverity": "HIGH",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1"
}
]
}
diff --git a/2025/30xxx/CVE-2025-30840.json b/2025/30xxx/CVE-2025-30840.json
index a37d616fe5f..a72c51b2d03 100644
--- a/2025/30xxx/CVE-2025-30840.json
+++ b/2025/30xxx/CVE-2025-30840.json
@@ -1,17 +1,122 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30840",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "audit@patchstack.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-dictionary allows Reflected XSS. This issue affects xili-dictionary: from n/a through 2.12.5."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Michel - xiligroup dev",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "xili-dictionary",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "2.12.5",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom",
+ "changes": [
+ {
+ "at": "2.12.5.1",
+ "status": "unaffected"
+ }
+ ]
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://patchstack.com/database/wordpress/plugin/xili-dictionary/vulnerability/wordpress-xili-dictionary-plugin-2-12-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "MISC",
+ "name": "https://patchstack.com/database/wordpress/plugin/xili-dictionary/vulnerability/wordpress-xili-dictionary-plugin-2-12-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update the WordPress xili-dictionary plugin to the latest available version (at least 2.12.5.1)."
+ }
+ ],
+ "value": "Update the WordPress xili-dictionary plugin to the latest available version (at least 2.12.5.1)."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "0xd4rk5id3 (Patchstack Alliance)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "baseScore": 7.1,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+ "baseSeverity": "HIGH",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1"
}
]
}
diff --git a/2025/30xxx/CVE-2025-30841.json b/2025/30xxx/CVE-2025-30841.json
index e6d43483d71..f84f0622809 100644
--- a/2025/30xxx/CVE-2025-30841.json
+++ b/2025/30xxx/CVE-2025-30841.json
@@ -1,17 +1,122 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30841",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "audit@patchstack.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. This issue affects Countdown & Clock: from n/a through 2.8.8."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
+ "cweId": "CWE-22"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "adamskaat",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Countdown & Clock",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "2.8.8",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom",
+ "changes": [
+ {
+ "at": "2.8.9",
+ "status": "unaffected"
+ }
+ ]
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://patchstack.com/database/wordpress/plugin/countdown-builder/vulnerability/wordpress-countdown-clock-plugin-2-8-8-remote-code-execution-rce-vulnerability?_s_id=cve",
+ "refsource": "MISC",
+ "name": "https://patchstack.com/database/wordpress/plugin/countdown-builder/vulnerability/wordpress-countdown-clock-plugin-2-8-8-remote-code-execution-rce-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update the WordPress Countdown & Clock plugin to the latest available version (at least 2.8.9)."
+ }
+ ],
+ "value": "Update the WordPress Countdown & Clock plugin to the latest available version (at least 2.8.9)."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "astra.r3verii (Patchstack Alliance)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "baseScore": 9.9,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "baseSeverity": "CRITICAL",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "version": "3.1"
}
]
}
diff --git a/2025/30xxx/CVE-2025-30844.json b/2025/30xxx/CVE-2025-30844.json
index e7e21de9264..8729e3847e5 100644
--- a/2025/30xxx/CVE-2025-30844.json
+++ b/2025/30xxx/CVE-2025-30844.json
@@ -1,17 +1,122 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30844",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "audit@patchstack.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz allows Reflected XSS. This issue affects Watu Quiz: from n/a through 3.4.2."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Bob",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Watu Quiz",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "3.4.2",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom",
+ "changes": [
+ {
+ "at": "3.4.3",
+ "status": "unaffected"
+ }
+ ]
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://patchstack.com/database/wordpress/plugin/watu/vulnerability/wordpress-watu-quiz-plugin-3-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "MISC",
+ "name": "https://patchstack.com/database/wordpress/plugin/watu/vulnerability/wordpress-watu-quiz-plugin-3-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update the WordPress Watu Quiz plugin to the latest available version (at least 3.4.3)."
+ }
+ ],
+ "value": "Update the WordPress Watu Quiz plugin to the latest available version (at least 3.4.3)."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) (Patchstack Alliance)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "baseScore": 7.1,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+ "baseSeverity": "HIGH",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1"
}
]
}
diff --git a/2025/30xxx/CVE-2025-30848.json b/2025/30xxx/CVE-2025-30848.json
index 2aaf078900e..c8af23d31ae 100644
--- a/2025/30xxx/CVE-2025-30848.json
+++ b/2025/30xxx/CVE-2025-30848.json
@@ -1,17 +1,122 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30848",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "audit@patchstack.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel allows Reflected XSS. This issue affects Hostel: from n/a through 1.1.5."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Bob",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Hostel",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "1.1.5",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom",
+ "changes": [
+ {
+ "at": "1.1.5.5",
+ "status": "unaffected"
+ }
+ ]
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://patchstack.com/database/wordpress/plugin/hostel/vulnerability/wordpress-hostel-plugin-1-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "MISC",
+ "name": "https://patchstack.com/database/wordpress/plugin/hostel/vulnerability/wordpress-hostel-plugin-1-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update the WordPress Hostel plugin to the latest available version (at least 1.1.5.5)."
+ }
+ ],
+ "value": "Update the WordPress Hostel plugin to the latest available version (at least 1.1.5.5)."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) (Patchstack Alliance)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "baseScore": 7.1,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+ "baseSeverity": "HIGH",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1"
}
]
}
diff --git a/2025/30xxx/CVE-2025-30849.json b/2025/30xxx/CVE-2025-30849.json
index 8d1dfd3cb5c..8de3f0b40ac 100644
--- a/2025/30xxx/CVE-2025-30849.json
+++ b/2025/30xxx/CVE-2025-30849.json
@@ -1,17 +1,122 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30849",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "audit@patchstack.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.0."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')",
+ "cweId": "CWE-98"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "g5theme",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Essential Real Estate",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "5.2.0",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom",
+ "changes": [
+ {
+ "at": "5.2.1",
+ "status": "unaffected"
+ }
+ ]
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://patchstack.com/database/wordpress/plugin/essential-real-estate/vulnerability/wordpress-essential-real-estate-plugin-5-2-0-local-file-inclusion-vulnerability?_s_id=cve",
+ "refsource": "MISC",
+ "name": "https://patchstack.com/database/wordpress/plugin/essential-real-estate/vulnerability/wordpress-essential-real-estate-plugin-5-2-0-local-file-inclusion-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update the WordPress Essential Real Estate plugin to the latest available version (at least 5.2.1)."
+ }
+ ],
+ "value": "Update the WordPress Essential Real Estate plugin to the latest available version (at least 5.2.1)."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "LVT-tholv2k (Patchstack Alliance)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "baseScore": 8.1,
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseSeverity": "HIGH",
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "version": "3.1"
}
]
}
diff --git a/2025/30xxx/CVE-2025-30852.json b/2025/30xxx/CVE-2025-30852.json
index 0c1731014c2..4641f47ca9b 100644
--- a/2025/30xxx/CVE-2025-30852.json
+++ b/2025/30xxx/CVE-2025-30852.json
@@ -1,17 +1,122 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30852",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "audit@patchstack.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite allows Reflected XSS. This issue affects Oracle Cards Lite: from n/a through 1.2.1."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "emotionalonlinestorytelling",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Oracle Cards Lite",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "1.2.1",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom",
+ "changes": [
+ {
+ "at": "1.2.2",
+ "status": "unaffected"
+ }
+ ]
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://patchstack.com/database/wordpress/plugin/oracle-cards/vulnerability/wordpress-oracle-cards-lite-plugin-1-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "refsource": "MISC",
+ "name": "https://patchstack.com/database/wordpress/plugin/oracle-cards/vulnerability/wordpress-oracle-cards-lite-plugin-1-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update the WordPress Oracle Cards Lite plugin to the latest available version (at least 1.2.2)."
+ }
+ ],
+ "value": "Update the WordPress Oracle Cards Lite plugin to the latest available version (at least 1.2.2)."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) (Patchstack Alliance)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "baseScore": 7.1,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+ "baseSeverity": "HIGH",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "version": "3.1"
}
]
}
diff --git a/2025/31xxx/CVE-2025-31652.json b/2025/31xxx/CVE-2025-31652.json
new file mode 100644
index 00000000000..079f4a30f9a
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31652.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31652",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31653.json b/2025/31xxx/CVE-2025-31653.json
new file mode 100644
index 00000000000..5f49f489ef9
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31653.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31653",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31814.json b/2025/31xxx/CVE-2025-31814.json
new file mode 100644
index 00000000000..1c60c1a310b
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31814.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31814",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31815.json b/2025/31xxx/CVE-2025-31815.json
new file mode 100644
index 00000000000..48bb5e241b6
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31815.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31815",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31816.json b/2025/31xxx/CVE-2025-31816.json
new file mode 100644
index 00000000000..ca1018a35f0
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31816.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31816",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31817.json b/2025/31xxx/CVE-2025-31817.json
new file mode 100644
index 00000000000..d1c28c4eedd
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31817.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31817",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31818.json b/2025/31xxx/CVE-2025-31818.json
new file mode 100644
index 00000000000..390d70acff0
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31818.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31818",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31819.json b/2025/31xxx/CVE-2025-31819.json
new file mode 100644
index 00000000000..4f85147256b
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31819.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31819",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31820.json b/2025/31xxx/CVE-2025-31820.json
new file mode 100644
index 00000000000..e55a917721c
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31820.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31820",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31821.json b/2025/31xxx/CVE-2025-31821.json
new file mode 100644
index 00000000000..6d7fccc3262
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31821.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31821",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31822.json b/2025/31xxx/CVE-2025-31822.json
new file mode 100644
index 00000000000..f3a44ec1759
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31822.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31822",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31823.json b/2025/31xxx/CVE-2025-31823.json
new file mode 100644
index 00000000000..ae3fa1bbbc0
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31823.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31823",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31824.json b/2025/31xxx/CVE-2025-31824.json
new file mode 100644
index 00000000000..2e45a87c17a
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31824.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31824",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31825.json b/2025/31xxx/CVE-2025-31825.json
new file mode 100644
index 00000000000..9885c110587
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31825.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31825",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31826.json b/2025/31xxx/CVE-2025-31826.json
new file mode 100644
index 00000000000..d7aba8f5a98
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31826.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31826",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31827.json b/2025/31xxx/CVE-2025-31827.json
new file mode 100644
index 00000000000..c18e2531d2d
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31827.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31827",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31828.json b/2025/31xxx/CVE-2025-31828.json
new file mode 100644
index 00000000000..1e12ff429c1
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31828.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31828",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31829.json b/2025/31xxx/CVE-2025-31829.json
new file mode 100644
index 00000000000..1f9b4624c18
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31829.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31829",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31830.json b/2025/31xxx/CVE-2025-31830.json
new file mode 100644
index 00000000000..5a6d99edc2d
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31830.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31830",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31831.json b/2025/31xxx/CVE-2025-31831.json
new file mode 100644
index 00000000000..7bc2d1c08fd
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31831.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31831",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31832.json b/2025/31xxx/CVE-2025-31832.json
new file mode 100644
index 00000000000..2a36def08a3
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31832.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31832",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31833.json b/2025/31xxx/CVE-2025-31833.json
new file mode 100644
index 00000000000..4b424f41c5e
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31833.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31833",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31834.json b/2025/31xxx/CVE-2025-31834.json
new file mode 100644
index 00000000000..b0208a3c0ba
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31834.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31834",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31949.json b/2025/31xxx/CVE-2025-31949.json
new file mode 100644
index 00000000000..1d51aa09ec4
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31949.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31949",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31950.json b/2025/31xxx/CVE-2025-31950.json
new file mode 100644
index 00000000000..673fabec82a
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31950.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31950",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31972.json b/2025/31xxx/CVE-2025-31972.json
new file mode 100644
index 00000000000..4f1bc26e1f3
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31972.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31972",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31973.json b/2025/31xxx/CVE-2025-31973.json
new file mode 100644
index 00000000000..0056b233c31
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31973.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31973",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31974.json b/2025/31xxx/CVE-2025-31974.json
new file mode 100644
index 00000000000..663ae685b6c
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31974.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31974",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31975.json b/2025/31xxx/CVE-2025-31975.json
new file mode 100644
index 00000000000..78bc3e26d3b
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31975.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31975",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31976.json b/2025/31xxx/CVE-2025-31976.json
new file mode 100644
index 00000000000..8f37fddde25
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31976.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31976",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31977.json b/2025/31xxx/CVE-2025-31977.json
new file mode 100644
index 00000000000..79e5808e2cd
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31977.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31977",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31978.json b/2025/31xxx/CVE-2025-31978.json
new file mode 100644
index 00000000000..34726397815
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31978.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31978",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31979.json b/2025/31xxx/CVE-2025-31979.json
new file mode 100644
index 00000000000..4880a173de6
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31979.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31979",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31980.json b/2025/31xxx/CVE-2025-31980.json
new file mode 100644
index 00000000000..07ea5c5c6e6
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31980.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31980",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31981.json b/2025/31xxx/CVE-2025-31981.json
new file mode 100644
index 00000000000..6077407975c
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31981.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31981",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31982.json b/2025/31xxx/CVE-2025-31982.json
new file mode 100644
index 00000000000..fe50f62aa63
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31982.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31982",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31983.json b/2025/31xxx/CVE-2025-31983.json
new file mode 100644
index 00000000000..81fa85ae12e
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31983.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31983",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31984.json b/2025/31xxx/CVE-2025-31984.json
new file mode 100644
index 00000000000..a4da34b5037
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31984.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31984",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31985.json b/2025/31xxx/CVE-2025-31985.json
new file mode 100644
index 00000000000..d4d9d368c2c
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31985.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31985",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31986.json b/2025/31xxx/CVE-2025-31986.json
new file mode 100644
index 00000000000..bb0f8e899a4
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31986.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31986",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31987.json b/2025/31xxx/CVE-2025-31987.json
new file mode 100644
index 00000000000..e1440dcea88
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31987.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31987",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31988.json b/2025/31xxx/CVE-2025-31988.json
new file mode 100644
index 00000000000..31be6b1ad41
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31988.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31988",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31989.json b/2025/31xxx/CVE-2025-31989.json
new file mode 100644
index 00000000000..be63c6f81d6
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31989.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31989",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31990.json b/2025/31xxx/CVE-2025-31990.json
new file mode 100644
index 00000000000..0fda124d3ba
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31990.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31990",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/31xxx/CVE-2025-31991.json b/2025/31xxx/CVE-2025-31991.json
new file mode 100644
index 00000000000..3aa634d7766
--- /dev/null
+++ b/2025/31xxx/CVE-2025-31991.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-31991",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/32xxx/CVE-2025-32012.json b/2025/32xxx/CVE-2025-32012.json
new file mode 100644
index 00000000000..f5beee34bdb
--- /dev/null
+++ b/2025/32xxx/CVE-2025-32012.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-32012",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/32xxx/CVE-2025-32013.json b/2025/32xxx/CVE-2025-32013.json
new file mode 100644
index 00000000000..42d4abf8209
--- /dev/null
+++ b/2025/32xxx/CVE-2025-32013.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-32013",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/32xxx/CVE-2025-32014.json b/2025/32xxx/CVE-2025-32014.json
new file mode 100644
index 00000000000..6063c4d83b0
--- /dev/null
+++ b/2025/32xxx/CVE-2025-32014.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-32014",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/32xxx/CVE-2025-32015.json b/2025/32xxx/CVE-2025-32015.json
new file mode 100644
index 00000000000..7e59c3aea61
--- /dev/null
+++ b/2025/32xxx/CVE-2025-32015.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-32015",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/32xxx/CVE-2025-32044.json b/2025/32xxx/CVE-2025-32044.json
new file mode 100644
index 00000000000..270dfb1e2c4
--- /dev/null
+++ b/2025/32xxx/CVE-2025-32044.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-32044",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/32xxx/CVE-2025-32045.json b/2025/32xxx/CVE-2025-32045.json
new file mode 100644
index 00000000000..8192895e085
--- /dev/null
+++ b/2025/32xxx/CVE-2025-32045.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-32045",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3049.json b/2025/3xxx/CVE-2025-3049.json
new file mode 100644
index 00000000000..d20dbfb5ad4
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3049.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3049",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3050.json b/2025/3xxx/CVE-2025-3050.json
new file mode 100644
index 00000000000..027ba939197
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3050.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3050",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3051.json b/2025/3xxx/CVE-2025-3051.json
index 24f30bf4ae0..5352a62fbe4 100644
--- a/2025/3xxx/CVE-2025-3051.json
+++ b/2025/3xxx/CVE-2025-3051.json
@@ -1,94 +1,18 @@
{
- "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
+ "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3051",
- "ASSIGNER": "cve-request@security.metacpan.org",
- "STATE": "PUBLIC"
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238.\n\nIf an attacker can place a malicious file in current working directory, it may be\u00a0loaded instead of the intended file, potentially leading to arbitrary\u00a0code execution.\n\nLinux::Statm::Tiny uses Mite to produce the affected code section due to\u00a0CVE-2025-30672"
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
- },
- "problemtype": {
- "problemtype_data": [
- {
- "description": [
- {
- "lang": "eng",
- "value": "CWE-427 Uncontrolled Search Path Element",
- "cweId": "CWE-427"
- }
- ]
- }
- ]
- },
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "vendor_name": "RRWO",
- "product": {
- "product_data": [
- {
- "product_name": "Linux::Statm::Tiny",
- "version": {
- "version_data": [
- {
- "version_affected": "<",
- "version_name": "0",
- "version_value": "0.0701"
- }
- ]
- }
- }
- ]
- }
- }
- ]
- }
- },
- "references": {
- "reference_data": [
- {
- "url": "https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0701/changes",
- "refsource": "MISC",
- "name": "https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0701/changes"
- },
- {
- "url": "https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0700/source/lib/Linux/Statm/Tiny/Mite.pm#L82",
- "refsource": "MISC",
- "name": "https://metacpan.org/release/RRWO/Linux-Statm-Tiny-0.0700/source/lib/Linux/Statm/Tiny/Mite.pm#L82"
- },
- {
- "url": "https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html",
- "refsource": "MISC",
- "name": "https://blogs.perl.org/users/todd_rinaldo/2016/11/what-happened-to-dot-in-inc.html"
- }
- ]
- },
- "generator": {
- "engine": "Vulnogram 0.2.0"
- },
- "source": {
- "discovery": "UNKNOWN"
- },
- "solution": [
- {
- "lang": "en",
- "supportingMedia": [
- {
- "base64": false,
- "type": "text/html",
- "value": "Version 0.0701 of Linux::Statm::Tiny was released to address the issue. Users should update to the latest version.
"
- }
- ],
- "value": "Version 0.0701 of Linux::Statm::Tiny\u00a0was released to address the issue. Users should update to the latest version."
- }
- ]
+ }
}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3084.json b/2025/3xxx/CVE-2025-3084.json
new file mode 100644
index 00000000000..88bf75ebba0
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3084.json
@@ -0,0 +1,104 @@
+{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3084",
+ "ASSIGNER": "cna@mongodb.com",
+ "STATE": "PUBLIC"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-703: Improper Check or Handling of Exceptional Conditions",
+ "cweId": "CWE-703"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "MongoDB Inc",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "MongoDB Server",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.0",
+ "version_value": "5.0.31"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "6.0",
+ "version_value": "6.0.20"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "7.0",
+ "version_value": "7.0.16"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "8.0",
+ "version_value": "8.0.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://jira.mongodb.org/browse/SERVER-103153",
+ "refsource": "MISC",
+ "name": "https://jira.mongodb.org/browse/SERVER-103153"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "INTERNAL"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "version": "3.1"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3085.json b/2025/3xxx/CVE-2025-3085.json
new file mode 100644
index 00000000000..c246df4ba3b
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3085.json
@@ -0,0 +1,117 @@
+{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3085",
+ "ASSIGNER": "cna@mongodb.com",
+ "STATE": "PUBLIC"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to improper authentication. This issue may also affect intra-cluster authentication. This issue affects MongoDB Server v5.0 versions prior to 5.0.31, MongoDB Server v6.0 versions prior to 6.0.20, MongoDB Server v7.0 versions prior to 7.0.16 and MongoDB Server v8.0 versions prior to 8.0.4.\nRequired Configuration :\u00a0MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-299: Improper Check for Certificate Revocation",
+ "cweId": "CWE-299"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "MongoDB Inc",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "MongoDB Server",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "5.0",
+ "version_value": "5.0.31"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "6.0",
+ "version_value": "6.0.20"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "7.0",
+ "version_value": "7.0.16"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "8.0.",
+ "version_value": "8.0.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://jira.mongodb.org/browse/SERVER-95445",
+ "refsource": "MISC",
+ "name": "https://jira.mongodb.org/browse/SERVER-95445"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "INTERNAL"
+ },
+ "configuration": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled"
+ }
+ ],
+ "value": "MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3095.json b/2025/3xxx/CVE-2025-3095.json
new file mode 100644
index 00000000000..a6383740e6b
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3095.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3095",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3096.json b/2025/3xxx/CVE-2025-3096.json
new file mode 100644
index 00000000000..e58512c5eac
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3096.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3096",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3124.json b/2025/3xxx/CVE-2025-3124.json
new file mode 100644
index 00000000000..07b8365cc40
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3124.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3124",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3126.json b/2025/3xxx/CVE-2025-3126.json
new file mode 100644
index 00000000000..6481dec5be5
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3126.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3126",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3127.json b/2025/3xxx/CVE-2025-3127.json
new file mode 100644
index 00000000000..b69188c3117
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3127.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3127",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3132.json b/2025/3xxx/CVE-2025-3132.json
new file mode 100644
index 00000000000..3ec8b212399
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3132.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3132",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3133.json b/2025/3xxx/CVE-2025-3133.json
new file mode 100644
index 00000000000..2a3c88bdbec
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3133.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3133",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file