admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-18 16:00:39 +00:00
parent c091cb1453
commit 855a4bf39e
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
12 changed files with 953 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
2025/27xxx/CVE-2025-27599.json
View File

@ -1,17 +1,104 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27599",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it temporary access to microphone and camera. This issue has been patched in version 25.04.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-926: Improper Export of Android Application Components",
"cweId": "CWE-926"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "element-hq",
"product": {
"product_data": [
{
"product_name": "element-x-android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 25.04.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/element-hq/element-x-android/security/advisories/GHSA-m5px-pwq3-4p5m",
"refsource": "MISC",
"name": "https://github.com/element-hq/element-x-android/security/advisories/GHSA-m5px-pwq3-4p5m"
},
{
"url": "https://github.com/element-hq/element-x-android/commit/dc058544d7e693c04298191c1aadd5b39c9be52e",
"refsource": "MISC",
"name": "https://github.com/element-hq/element-x-android/commit/dc058544d7e693c04298191c1aadd5b39c9be52e"
},
{
"url": "https://github.com/element-hq/element-x-android/releases/tag/v25.04.2",
"refsource": "MISC",
"name": "https://github.com/element-hq/element-x-android/releases/tag/v25.04.2"
}
]
},
"source": {
"advisory": "GHSA-m5px-pwq3-4p5m",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

56
2025/29xxx/CVE-2025-29209.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29209",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-29209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/LZY0522/CVE/blob/main/X18-sub_41105c.md",
"refsource": "MISC",
"name": "https://github.com/LZY0522/CVE/blob/main/X18-sub_41105c.md"
}
]
}

104
2025/29xxx/CVE-2025-29784.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29784",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performance degradation and potential denial-of-service (DoS) attacks. This issue has been patched in version 2.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-130: Improper Handling of Length Parameter Inconsistency",
"cweId": "CWE-130"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation",
"cweId": "CWE-20"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1284: Improper Validation of Specified Quantity in Input",
"cweId": "CWE-1284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NamelessMC",
"product": {
"product_data": [
{
"product_name": "Nameless",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-4hrq-rf96-c2jm",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-4hrq-rf96-c2jm"
},
{
"url": "https://github.com/NamelessMC/Nameless/commit/f5341e56930a98978171e0a871d60f19ab30ebdd",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/commit/f5341e56930a98978171e0a871d60f19ab30ebdd"
},
{
"url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0"
}
]
},
"source": {
"advisory": "GHSA-4hrq-rf96-c2jm",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

72
2025/29xxx/CVE-2025-29953.json
View File

@ -1,18 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-29953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client.\n\nThis issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious responses that may eventually cause arbitrary code execution on the client. Version 2.1.0 introduced a allow/denylist feature to restrict deserialization, but this feature could be bypassed.\n\nThe .NET team has deprecated the built-in .NET binary serialization feature starting with .NET 9 and suggests migrating away from binary serialization. The project is considering to follow suit and drop this part of the NMS API altogether.\n\nUsers are recommended to upgrade to version 2.1.1, which fixes the issue. We also recommend to migrate away from relying on .NET binary serialization as a hardening method for the future."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache ActiveMQ NMS OpenWire Client",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "2.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/vc1sj9y3056d3kkhcvrs9fyw5w8kpmlx",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/vc1sj9y3056d3kkhcvrs9fyw5w8kpmlx"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"defect": [
"AMQNET-844"
],
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "g7shot working with Trend Zero Day Initiative"
}
]
}

86
2025/30xxx/CVE-2025-30158.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30158",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker to perform a UI-based denial of service (DoS) by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This issue has been patched in version 2.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NamelessMC",
"product": {
"product_data": [
{
"product_name": "Nameless",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-2prx-rgr7-hq5f",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-2prx-rgr7-hq5f"
},
{
"url": "https://github.com/NamelessMC/Nameless/commit/caa42a975338a13fbc1658e8c440108f16135643",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/commit/caa42a975338a13fbc1658e8c440108f16135643"
},
{
"url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0"
}
]
},
"source": {
"advisory": "GHSA-2prx-rgr7-hq5f",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
]
}

86
2025/30xxx/CVE-2025-30357.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-30357",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deletes the malicious user's account, all their posts (comments) along with the associated topics (by unrelated users) will be marked as deleted. This issue has been patched in version 2.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-706: Use of Incorrectly-Resolved Name or Reference",
"cweId": "CWE-706"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NamelessMC",
"product": {
"product_data": [
{
"product_name": "Nameless",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-22mc-7c9m-gv8h",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-22mc-7c9m-gv8h"
},
{
"url": "https://github.com/NamelessMC/Nameless/commit/7040924e27f99aa486c619a5b4ca809051a1ca7f",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/commit/7040924e27f99aa486c619a5b4ca809051a1ca7f"
},
{
"url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0"
}
]
},
"source": {
"advisory": "GHSA-22mc-7c9m-gv8h",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
}
]
}

86
2025/31xxx/CVE-2025-31118.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31118",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NamelessMC",
"product": {
"product_data": [
{
"product_name": "Nameless",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-jhvp-mwj4-922m",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-jhvp-mwj4-922m"
},
{
"url": "https://github.com/NamelessMC/Nameless/commit/51e9d93aaa28d40f060b807533d22b768abea207",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/commit/51e9d93aaa28d40f060b807533d22b768abea207"
},
{
"url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0"
}
]
},
"source": {
"advisory": "GHSA-jhvp-mwj4-922m",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
]
}

86
2025/31xxx/CVE-2025-31120.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31120",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[tid]) (or session variable for guests) to determine if a view should be counted. When a client does not provide the cookie, every page request increments the counter, leading to incorrect view metrics. This issue has been patched in version 2.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-565: Reliance on Cookies without Validation and Integrity Checking",
"cweId": "CWE-565"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NamelessMC",
"product": {
"product_data": [
{
"product_name": "Nameless",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-8jv7-77jw-h646",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-8jv7-77jw-h646"
},
{
"url": "https://github.com/NamelessMC/Nameless/commit/9b112c0beab346a38b6f5a51e7773b38c6fc52e7",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/commit/9b112c0beab346a38b6f5a51e7773b38c6fc52e7"
},
{
"url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0"
}
]
},
"source": {
"advisory": "GHSA-8jv7-77jw-h646",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

68
2025/32xxx/CVE-2025-32389.json
View File

@ -1,18 +1,78 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32389",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a&param[1]=b&param[2]=c` utilized by PHP, which is parsed by PHP as `$_GET['param']` being of type array. This issue has been patched in version 2.1.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "NamelessMC",
"product": {
"product_data": [
{
"product_name": "Nameless",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.1.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2x",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-5984-mhcp-cq2x"
},
{
"url": "https://github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566f",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/commit/02c81c7c45b98fad1ebe3bc085efae18aec4566f"
},
{
"url": "https://github.com/NamelessMC/Nameless/releases/tag/v2.1.4",
"refsource": "MISC",
"name": "https://github.com/NamelessMC/Nameless/releases/tag/v2.1.4"
}
]
},
"source": {
"advisory": "GHSA-5984-mhcp-cq2x",
"discovery": "UNKNOWN"
}
}

58
2025/32xxx/CVE-2025-32434.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32434",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pytorch",
"product": {
"product_data": [
{
"product_name": "pytorch",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.6.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6",
"refsource": "MISC",
"name": "https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6"
}
]
},
"source": {
"advisory": "GHSA-53q9-r3pm-6pq6",
"discovery": "UNKNOWN"
}
}

86
2025/32xxx/CVE-2025-32442.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32442",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_ content type such as with different casing or altered whitespacing before `;`. This issue has been patched in version 5.3.1. A workaround involves not specifying individual content types in the schema."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1287: Improper Validation of Specified Type of Input",
"cweId": "CWE-1287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "fastify",
"product": {
"product_data": [
{
"product_name": "fastify",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 5.0.0, < 5.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/fastify/fastify/security/advisories/GHSA-mg2h-6x62-wpwc",
"refsource": "MISC",
"name": "https://github.com/fastify/fastify/security/advisories/GHSA-mg2h-6x62-wpwc"
},
{
"url": "https://github.com/fastify/fastify/commit/436da4c06dfbbb8c24adee3a64de0c51e4f47418",
"refsource": "MISC",
"name": "https://github.com/fastify/fastify/commit/436da4c06dfbbb8c24adee3a64de0c51e4f47418"
},
{
"url": "https://hackerone.com/reports/3087928",
"refsource": "MISC",
"name": "https://hackerone.com/reports/3087928"
}
]
},
"source": {
"advisory": "GHSA-mg2h-6x62-wpwc",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}

121
2025/3xxx/CVE-2025-3792.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3792",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in SeaCMS bis 13.3 entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /admin_link.php?action=delall. Mit der Manipulation des Arguments e_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "SeaCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "13.0"
},
{
"version_affected": "=",
"version_value": "13.1"
},
{
"version_affected": "=",
"version_value": "13.2"
},
{
"version_affected": "=",
"version_value": "13.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.305615",
"refsource": "MISC",
"name": "https://vuldb.com/?id.305615"
},
{
"url": "https://vuldb.com/?ctiid.305615",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.305615"
},
{
"url": "https://vuldb.com/?submit.554592",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.554592"
},
{
"url": "https://github.com/FSRM1/CVE/blob/main/seacms_sql%E6%B3%A8%E5%85%A5.md",
"refsource": "MISC",
"name": "https://github.com/FSRM1/CVE/blob/main/seacms_sql%E6%B3%A8%E5%85%A5.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "fsrm3 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.7,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.7,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P"
}
]
}