From 855a4bf39e490115e8f6d70a08a4bf5b27f7a05a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 18 Apr 2025 16:00:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/27xxx/CVE-2025-27599.json | 95 ++++++++++++++++++++++++-- 2025/29xxx/CVE-2025-29209.json | 56 +++++++++++++-- 2025/29xxx/CVE-2025-29784.json | 104 ++++++++++++++++++++++++++-- 2025/29xxx/CVE-2025-29953.json | 72 ++++++++++++++++++-- 2025/30xxx/CVE-2025-30158.json | 86 +++++++++++++++++++++-- 2025/30xxx/CVE-2025-30357.json | 86 +++++++++++++++++++++-- 2025/31xxx/CVE-2025-31118.json | 86 +++++++++++++++++++++-- 2025/31xxx/CVE-2025-31120.json | 86 +++++++++++++++++++++-- 2025/32xxx/CVE-2025-32389.json | 68 ++++++++++++++++-- 2025/32xxx/CVE-2025-32434.json | 58 ++++++++++++++-- 2025/32xxx/CVE-2025-32442.json | 86 +++++++++++++++++++++-- 2025/3xxx/CVE-2025-3792.json | 121 +++++++++++++++++++++++++++++++-- 12 files changed, 953 insertions(+), 51 deletions(-) diff --git a/2025/27xxx/CVE-2025-27599.json b/2025/27xxx/CVE-2025-27599.json index cd0a2a3dd1f..2eb9a96230c 100644 --- a/2025/27xxx/CVE-2025-27599.json +++ b/2025/27xxx/CVE-2025-27599.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-27599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it temporary access to microphone and camera. This issue has been patched in version 25.04.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-926: Improper Export of Android Application Components", + "cweId": "CWE-926" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "element-hq", + "product": { + "product_data": [ + { + "product_name": "element-x-android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 25.04.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/element-hq/element-x-android/security/advisories/GHSA-m5px-pwq3-4p5m", + "refsource": "MISC", + "name": "https://github.com/element-hq/element-x-android/security/advisories/GHSA-m5px-pwq3-4p5m" + }, + { + "url": "https://github.com/element-hq/element-x-android/commit/dc058544d7e693c04298191c1aadd5b39c9be52e", + "refsource": "MISC", + "name": "https://github.com/element-hq/element-x-android/commit/dc058544d7e693c04298191c1aadd5b39c9be52e" + }, + { + "url": "https://github.com/element-hq/element-x-android/releases/tag/v25.04.2", + "refsource": "MISC", + "name": "https://github.com/element-hq/element-x-android/releases/tag/v25.04.2" + } + ] + }, + "source": { + "advisory": "GHSA-m5px-pwq3-4p5m", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/29xxx/CVE-2025-29209.json b/2025/29xxx/CVE-2025-29209.json index c64820ca41d..23959912d44 100644 --- a/2025/29xxx/CVE-2025-29209.json +++ b/2025/29xxx/CVE-2025-29209.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-29209", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-29209", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/LZY0522/CVE/blob/main/X18-sub_41105c.md", + "refsource": "MISC", + "name": "https://github.com/LZY0522/CVE/blob/main/X18-sub_41105c.md" } ] } diff --git a/2025/29xxx/CVE-2025-29784.json b/2025/29xxx/CVE-2025-29784.json index ba430300f65..846c7e5fa30 100644 --- a/2025/29xxx/CVE-2025-29784.json +++ b/2025/29xxx/CVE-2025-29784.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-29784", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performance degradation and potential denial-of-service (DoS) attacks. This issue has been patched in version 2.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-130: Improper Handling of Length Parameter Inconsistency", + "cweId": "CWE-130" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation", + "cweId": "CWE-20" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-1284: Improper Validation of Specified Quantity in Input", + "cweId": "CWE-1284" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NamelessMC", + "product": { + "product_data": [ + { + "product_name": "Nameless", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-4hrq-rf96-c2jm", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-4hrq-rf96-c2jm" + }, + { + "url": "https://github.com/NamelessMC/Nameless/commit/f5341e56930a98978171e0a871d60f19ab30ebdd", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/commit/f5341e56930a98978171e0a871d60f19ab30ebdd" + }, + { + "url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0" + } + ] + }, + "source": { + "advisory": "GHSA-4hrq-rf96-c2jm", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/29xxx/CVE-2025-29953.json b/2025/29xxx/CVE-2025-29953.json index af29f43de07..e0b4719c998 100644 --- a/2025/29xxx/CVE-2025-29953.json +++ b/2025/29xxx/CVE-2025-29953.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-29953", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client.\n\nThis issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious responses that may eventually cause arbitrary code execution on the client. Version 2.1.0 introduced a allow/denylist feature to restrict deserialization, but this feature could be bypassed.\n\nThe .NET team has deprecated the built-in .NET binary serialization feature starting with .NET 9 and suggests migrating away from binary serialization. The project is considering to follow suit and drop this part of the NMS API altogether.\n\nUsers are recommended to upgrade to version 2.1.1, which fixes the issue. We also recommend to migrate away from relying on .NET binary serialization as a hardening method for the future." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502 Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache ActiveMQ NMS OpenWire Client", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.1.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://lists.apache.org/thread/vc1sj9y3056d3kkhcvrs9fyw5w8kpmlx", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/vc1sj9y3056d3kkhcvrs9fyw5w8kpmlx" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "defect": [ + "AMQNET-844" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "g7shot working with Trend Zero Day Initiative" + } + ] } \ No newline at end of file diff --git a/2025/30xxx/CVE-2025-30158.json b/2025/30xxx/CVE-2025-30158.json index c3041172cce..ac2e95e9f11 100644 --- a/2025/30xxx/CVE-2025-30158.json +++ b/2025/30xxx/CVE-2025-30158.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30158", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker to perform a UI-based denial of service (DoS) by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This issue has been patched in version 2.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NamelessMC", + "product": { + "product_data": [ + { + "product_name": "Nameless", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-2prx-rgr7-hq5f", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-2prx-rgr7-hq5f" + }, + { + "url": "https://github.com/NamelessMC/Nameless/commit/caa42a975338a13fbc1658e8c440108f16135643", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/commit/caa42a975338a13fbc1658e8c440108f16135643" + }, + { + "url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0" + } + ] + }, + "source": { + "advisory": "GHSA-2prx-rgr7-hq5f", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" } ] } diff --git a/2025/30xxx/CVE-2025-30357.json b/2025/30xxx/CVE-2025-30357.json index 424aa92a386..a135c3829bf 100644 --- a/2025/30xxx/CVE-2025-30357.json +++ b/2025/30xxx/CVE-2025-30357.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-30357", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deletes the malicious user's account, all their posts (comments) along with the associated topics (by unrelated users) will be marked as deleted. This issue has been patched in version 2.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-706: Use of Incorrectly-Resolved Name or Reference", + "cweId": "CWE-706" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NamelessMC", + "product": { + "product_data": [ + { + "product_name": "Nameless", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-22mc-7c9m-gv8h", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-22mc-7c9m-gv8h" + }, + { + "url": "https://github.com/NamelessMC/Nameless/commit/7040924e27f99aa486c619a5b4ca809051a1ca7f", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/commit/7040924e27f99aa486c619a5b4ca809051a1ca7f" + }, + { + "url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0" + } + ] + }, + "source": { + "advisory": "GHSA-22mc-7c9m-gv8h", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31118.json b/2025/31xxx/CVE-2025-31118.json index ce198ccf1e7..9ba71b100b3 100644 --- a/2025/31xxx/CVE-2025-31118.json +++ b/2025/31xxx/CVE-2025-31118.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption", + "cweId": "CWE-400" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NamelessMC", + "product": { + "product_data": [ + { + "product_name": "Nameless", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-jhvp-mwj4-922m", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-jhvp-mwj4-922m" + }, + { + "url": "https://github.com/NamelessMC/Nameless/commit/51e9d93aaa28d40f060b807533d22b768abea207", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/commit/51e9d93aaa28d40f060b807533d22b768abea207" + }, + { + "url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0" + } + ] + }, + "source": { + "advisory": "GHSA-jhvp-mwj4-922m", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "version": "3.1" } ] } diff --git a/2025/31xxx/CVE-2025-31120.json b/2025/31xxx/CVE-2025-31120.json index 09f667e22e7..bc9d1c7fdb5 100644 --- a/2025/31xxx/CVE-2025-31120.json +++ b/2025/31xxx/CVE-2025-31120.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-31120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[tid]) (or session variable for guests) to determine if a view should be counted. When a client does not provide the cookie, every page request increments the counter, leading to incorrect view metrics. This issue has been patched in version 2.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-565: Reliance on Cookies without Validation and Integrity Checking", + "cweId": "CWE-565" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NamelessMC", + "product": { + "product_data": [ + { + "product_name": "Nameless", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-8jv7-77jw-h646", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-8jv7-77jw-h646" + }, + { + "url": "https://github.com/NamelessMC/Nameless/commit/9b112c0beab346a38b6f5a51e7773b38c6fc52e7", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/commit/9b112c0beab346a38b6f5a51e7773b38c6fc52e7" + }, + { + "url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0" + } + ] + }, + "source": { + "advisory": "GHSA-8jv7-77jw-h646", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2025/32xxx/CVE-2025-32389.json b/2025/32xxx/CVE-2025-32389.json index 55da6d9d5b8..7391895e7c0 100644 --- a/2025/32xxx/CVE-2025-32389.json +++ b/2025/32xxx/CVE-2025-32389.json @@ -1,18 +1,78 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-32389", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a¶m[1]=b¶m[2]=c` utilized by PHP, which is parsed by PHP as `$_GET['param']` being of type array. This issue has been patched in version 2.1.4." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NamelessMC", + "product": { + "product_data": [ + { + "product_name": "Nameless", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2x", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2x" + }, + { + "url": "https://github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566f", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566f" + }, + { + "url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.1.4", + "refsource": "MISC", + "name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.1.4" + } + ] + }, + "source": { + "advisory": "GHSA-5984-mhcp-cq2x", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/32xxx/CVE-2025-32434.json b/2025/32xxx/CVE-2025-32434.json index 3712bb98c17..cd0b3280f23 100644 --- a/2025/32xxx/CVE-2025-32434.json +++ b/2025/32xxx/CVE-2025-32434.json @@ -1,18 +1,68 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-32434", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data", + "cweId": "CWE-502" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pytorch", + "product": { + "product_data": [ + { + "product_name": "pytorch", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 2.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6", + "refsource": "MISC", + "name": "https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6" + } + ] + }, + "source": { + "advisory": "GHSA-53q9-r3pm-6pq6", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2025/32xxx/CVE-2025-32442.json b/2025/32xxx/CVE-2025-32442.json index afd364ea93e..0d10e11bad7 100644 --- a/2025/32xxx/CVE-2025-32442.json +++ b/2025/32xxx/CVE-2025-32442.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-32442", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_ content type such as with different casing or altered whitespacing before `;`. This issue has been patched in version 5.3.1. A workaround involves not specifying individual content types in the schema." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1287: Improper Validation of Specified Type of Input", + "cweId": "CWE-1287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "fastify", + "product": { + "product_data": [ + { + "product_name": "fastify", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 5.0.0, < 5.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fastify/fastify/security/advisories/GHSA-mg2h-6x62-wpwc", + "refsource": "MISC", + "name": "https://github.com/fastify/fastify/security/advisories/GHSA-mg2h-6x62-wpwc" + }, + { + "url": "https://github.com/fastify/fastify/commit/436da4c06dfbbb8c24adee3a64de0c51e4f47418", + "refsource": "MISC", + "name": "https://github.com/fastify/fastify/commit/436da4c06dfbbb8c24adee3a64de0c51e4f47418" + }, + { + "url": "https://hackerone.com/reports/3087928", + "refsource": "MISC", + "name": "https://hackerone.com/reports/3087928" + } + ] + }, + "source": { + "advisory": "GHSA-mg2h-6x62-wpwc", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" } ] } diff --git a/2025/3xxx/CVE-2025-3792.json b/2025/3xxx/CVE-2025-3792.json index 065efaf73d0..f21bb852c5b 100644 --- a/2025/3xxx/CVE-2025-3792.json +++ b/2025/3xxx/CVE-2025-3792.json @@ -1,17 +1,130 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in SeaCMS bis 13.3 entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /admin_link.php?action=delall. Mit der Manipulation des Arguments e_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SeaCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "13.0" + }, + { + "version_affected": "=", + "version_value": "13.1" + }, + { + "version_affected": "=", + "version_value": "13.2" + }, + { + "version_affected": "=", + "version_value": "13.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.305615", + "refsource": "MISC", + "name": "https://vuldb.com/?id.305615" + }, + { + "url": "https://vuldb.com/?ctiid.305615", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.305615" + }, + { + "url": "https://vuldb.com/?submit.554592", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.554592" + }, + { + "url": "https://github.com/FSRM1/CVE/blob/main/seacms_sql%E6%B3%A8%E5%85%A5.md", + "refsource": "MISC", + "name": "https://github.com/FSRM1/CVE/blob/main/seacms_sql%E6%B3%A8%E5%85%A5.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "fsrm3 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] }