diff --git a/2025/32xxx/CVE-2025-32413.json b/2025/32xxx/CVE-2025-32413.json
new file mode 100644
index 00000000000..0ec5e2cce84
--- /dev/null
+++ b/2025/32xxx/CVE-2025-32413.json
@@ -0,0 +1,67 @@
+{
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2025-32413",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in website/web/views/user.py."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/vulnerability-lookup/vulnerability-lookup/commit/0a120af1de4a0a13bc2e2000f3c4639291122ba0",
+ "refsource": "MISC",
+ "name": "https://github.com/vulnerability-lookup/vulnerability-lookup/commit/0a120af1de4a0a13bc2e2000f3c4639291122ba0"
+ },
+ {
+ "url": "https://github.com/vulnerability-lookup/vulnerability-lookup/compare/v2.7.0...v2.7.1",
+ "refsource": "MISC",
+ "name": "https://github.com/vulnerability-lookup/vulnerability-lookup/compare/v2.7.0...v2.7.1"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/32xxx/CVE-2025-32414.json b/2025/32xxx/CVE-2025-32414.json
new file mode 100644
index 00000000000..211eef7f8ee
--- /dev/null
+++ b/2025/32xxx/CVE-2025-32414.json
@@ -0,0 +1,62 @@
+{
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2025-32414",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889",
+ "refsource": "MISC",
+ "name": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/32xxx/CVE-2025-32415.json b/2025/32xxx/CVE-2025-32415.json
new file mode 100644
index 00000000000..48c2baa054e
--- /dev/null
+++ b/2025/32xxx/CVE-2025-32415.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-32415",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3361.json b/2025/3xxx/CVE-2025-3361.json
index 208a5773812..2646e6de7fd 100644
--- a/2025/3xxx/CVE-2025-3361.json
+++ b/2025/3xxx/CVE-2025-3361.json
@@ -1,17 +1,119 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3361",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@cert.org.tw",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "HGiga",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "iSherlock 4.5",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "236"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "iSherlock 5.5",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "236"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.twcert.org.tw/tw/cp-132-10051-76634-1.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/tw/cp-132-10051-76634-1.html"
+ },
+ {
+ "url": "https://www.twcert.org.tw/en/lp-139-2.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/en/lp-139-2.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "TVN-202504001",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "For iSherlock 4.5, please update package iSherlock-user-4.5 to version 236 or later.
For iSherlock 5.5, please update package iSherlock-user-5.5 to version 236 or later.
"
+ }
+ ],
+ "value": "For iSherlock 4.5, please update package iSherlock-user-4.5 to version 236 or later.\nFor iSherlock 5.5, please update package iSherlock-user-5.5 to version 236 or later."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/3xxx/CVE-2025-3362.json b/2025/3xxx/CVE-2025-3362.json
index 1e5c99ffc50..7cdda2a13ca 100644
--- a/2025/3xxx/CVE-2025-3362.json
+++ b/2025/3xxx/CVE-2025-3362.json
@@ -1,17 +1,119 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3362",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@cert.org.tw",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "HGiga",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "iSherlock 4.5",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "236"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "iSherlock 5.5",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "236"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.twcert.org.tw/tw/cp-132-10053-890b1-1.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/tw/cp-132-10053-890b1-1.html"
+ },
+ {
+ "url": "https://www.twcert.org.tw/en/cp-139-10055-7dacf-2.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/en/cp-139-10055-7dacf-2.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "TVN-202504002",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "For iSherlock 4.5, please update package iSherlock-user-4.5 to version 236 or later.
For iSherlock 5.5, please update package iSherlock-user-5.5 to version 236 or later.
"
+ }
+ ],
+ "value": "For iSherlock 4.5, please update package iSherlock-user-4.5 to version 236 or later.\nFor iSherlock 5.5, please update package iSherlock-user-5.5 to version 236 or later."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/3xxx/CVE-2025-3363.json b/2025/3xxx/CVE-2025-3363.json
index 50ea686b316..50dd0ed969e 100644
--- a/2025/3xxx/CVE-2025-3363.json
+++ b/2025/3xxx/CVE-2025-3363.json
@@ -1,17 +1,119 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3363",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@cert.org.tw",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
+ "cweId": "CWE-78"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "HGiga",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "iSherlock 4.5",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "236"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "iSherlock 5.5",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "236"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.twcert.org.tw/tw/cp-132-10054-84588-1.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/tw/cp-132-10054-84588-1.html"
+ },
+ {
+ "url": "https://www.twcert.org.tw/en/cp-139-10056-c553a-2.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/en/cp-139-10056-c553a-2.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "TVN-202504003",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "For iSherlock 4.5, please update package iSherlock-user-4.5 to version 236 or later.
For iSherlock 5.5, please update package iSherlock-user-5.5 to version 236 or later.
"
+ }
+ ],
+ "value": "For iSherlock 4.5, please update package iSherlock-user-4.5 to version 236 or later.\nFor iSherlock 5.5, please update package iSherlock-user-5.5 to version 236 or later."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/3xxx/CVE-2025-3364.json b/2025/3xxx/CVE-2025-3364.json
index bc35fd7ff49..621ee0dbecd 100644
--- a/2025/3xxx/CVE-2025-3364.json
+++ b/2025/3xxx/CVE-2025-3364.json
@@ -1,17 +1,107 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3364",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cve@cert.org.tw",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-250 Execution with Unnecessary Privileges",
+ "cweId": "CWE-250"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "HGiga",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "PowerStation",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "x64.6.2.213"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.twcert.org.tw/tw/cp-132-10057-58c05-1.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/tw/cp-132-10057-58c05-1.html"
+ },
+ {
+ "url": "https://www.twcert.org.tw/en/cp-139-10058-fce0b-2.html",
+ "refsource": "MISC",
+ "name": "https://www.twcert.org.tw/en/cp-139-10058-fce0b-2.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "TVN-202504004",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update firmware to version x64.6.2.213 or later, then reboot PowerStation."
+ }
+ ],
+ "value": "Update firmware to version x64.6.2.213 or later, then reboot PowerStation."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/3xxx/CVE-2025-3399.json b/2025/3xxx/CVE-2025-3399.json
index a080847d1df..5383bea7a25 100644
--- a/2025/3xxx/CVE-2025-3399.json
+++ b/2025/3xxx/CVE-2025-3399.json
@@ -1,17 +1,118 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3399",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5.6.3.154.205_20250114. Affected by this issue is some unknown functionality of the file /pubinfo/updateNotice.jsp. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine kritische Schwachstelle wurde in ESAFENET CDG 5.6.3.154.205_20250114 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /pubinfo/updateNotice.jsp. Dank der Manipulation des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ESAFENET",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CDG",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "5.6.3.154.205_20250114"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.303644",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.303644"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.303644",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.303644"
+ },
+ {
+ "url": "https://vuldb.com/?submit.525610",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.525610"
+ },
+ {
+ "url": "https://github.com/Rain1er/report/blob/main/CDG/MTA%3D.md",
+ "refsource": "MISC",
+ "name": "https://github.com/Rain1er/report/blob/main/CDG/MTA%3D.md"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "XU NIE (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2025/3xxx/CVE-2025-3400.json b/2025/3xxx/CVE-2025-3400.json
index 17e6a1a5ddc..7d541c0e12f 100644
--- a/2025/3xxx/CVE-2025-3400.json
+++ b/2025/3xxx/CVE-2025-3400.json
@@ -1,17 +1,118 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3400",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine kritische Schwachstelle in ESAFENET CDG 5.6.3.154.205_20250114 gefunden. Es betrifft eine unbekannte Funktion der Datei /client/UnChkMailApplication.jsp. Dank Manipulation des Arguments typename mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ESAFENET",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CDG",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "5.6.3.154.205_20250114"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.303645",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.303645"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.303645",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.303645"
+ },
+ {
+ "url": "https://vuldb.com/?submit.525611",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.525611"
+ },
+ {
+ "url": "https://github.com/Rain1er/report/blob/main/CDG/NA%3D%3D.md",
+ "refsource": "MISC",
+ "name": "https://github.com/Rain1er/report/blob/main/CDG/NA%3D%3D.md"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "XU NIE (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2025/3xxx/CVE-2025-3401.json b/2025/3xxx/CVE-2025-3401.json
index 6cad5ceb570..3a30500f428 100644
--- a/2025/3xxx/CVE-2025-3401.json
+++ b/2025/3xxx/CVE-2025-3401.json
@@ -1,17 +1,118 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3401",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 and classified as critical. This vulnerability affects unknown code of the file /parameter/getLimitIPList.jsp. The manipulation of the argument noticeId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "deu",
+ "value": "In ESAFENET CDG 5.6.3.154.205_20250114 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /parameter/getLimitIPList.jsp. Mit der Manipulation des Arguments noticeId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ESAFENET",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "CDG",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "5.6.3.154.205_20250114"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.303646",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.303646"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.303646",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.303646"
+ },
+ {
+ "url": "https://vuldb.com/?submit.525612",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.525612"
+ },
+ {
+ "url": "https://github.com/Rain1er/report/blob/main/CDG/Ng%3D%3D.md",
+ "refsource": "MISC",
+ "name": "https://github.com/Rain1er/report/blob/main/CDG/Ng%3D%3D.md"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "XU NIE (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2025/3xxx/CVE-2025-3402.json b/2025/3xxx/CVE-2025-3402.json
index ad9984fe2dc..5b588f8b005 100644
--- a/2025/3xxx/CVE-2025-3402.json
+++ b/2025/3xxx/CVE-2025-3402.json
@@ -1,17 +1,118 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3402",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical. This issue affects some unknown processing of the file /sysform/042/check.js%70. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine kritische Schwachstelle wurde in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 gefunden. Dies betrifft einen unbekannten Teil der Datei /sysform/042/check.js%70. Durch die Manipulation des Arguments Name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Seeyon",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Zhiyuan Interconnect FE Collaborative Office Platform",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "5.5.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.303647",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.303647"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.303647",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.303647"
+ },
+ {
+ "url": "https://vuldb.com/?submit.542343",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.542343"
+ },
+ {
+ "url": "https://github.com/Angel12345623/CVE/blob/main/CVE_1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/Angel12345623/CVE/blob/main/CVE_1.md"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Angel (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 6.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 6.5,
+ "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2025/3xxx/CVE-2025-3440.json b/2025/3xxx/CVE-2025-3440.json
new file mode 100644
index 00000000000..c7918ff9428
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3440.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3440",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/3xxx/CVE-2025-3441.json b/2025/3xxx/CVE-2025-3441.json
new file mode 100644
index 00000000000..9e1e6ca0e28
--- /dev/null
+++ b/2025/3xxx/CVE-2025-3441.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-3441",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file