diff --git a/2022/40xxx/CVE-2022-40490.json b/2022/40xxx/CVE-2022-40490.json
index 3c0018e3274..fb73b9ae5d9 100644
--- a/2022/40xxx/CVE-2022-40490.json
+++ b/2022/40xxx/CVE-2022-40490.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2022-40490",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2022-40490",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/prasathmani/tinyfilemanager",
+ "refsource": "MISC",
+ "name": "https://github.com/prasathmani/tinyfilemanager"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/whitej3rry/CVE-2022-40490/blob/main/PoC.md",
+ "url": "https://github.com/whitej3rry/CVE-2022-40490/blob/main/PoC.md"
}
]
}
diff --git a/2022/40xxx/CVE-2022-40916.json b/2022/40xxx/CVE-2022-40916.json
index 167a96cb903..4f28c034c0a 100644
--- a/2022/40xxx/CVE-2022-40916.json
+++ b/2022/40xxx/CVE-2022-40916.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2022-40916",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2022-40916",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Tiny File Manager v2.4.7 and below is vulnerable to session fixation."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/prasathmani/tinyfilemanager",
+ "url": "https://github.com/prasathmani/tinyfilemanager"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/whitej3rry/CVE-2022-40916/blob/main/PoC.md",
+ "url": "https://github.com/whitej3rry/CVE-2022-40916/blob/main/PoC.md"
}
]
}
diff --git a/2024/13xxx/CVE-2024-13614.json b/2024/13xxx/CVE-2024-13614.json
index 86e7bf8b9c0..a24be0f3e4d 100644
--- a/2024/13xxx/CVE-2024-13614.json
+++ b/2024/13xxx/CVE-2024-13614.json
@@ -1,17 +1,289 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13614",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "vulnerability@kaspersky.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-190: Integer Overflow or Wraparound",
+ "cweId": "CWE-190"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Kaspersky",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Kaspersky Anti-Virus SDK for Windows",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "8.10.1.1943",
+ "version_value": "8.10.1.1943"
+ },
+ {
+ "version_affected": "<=",
+ "version_name": "8.10.1.1943 CF",
+ "version_value": "8.10.1.1943 CF"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Kaspersky Security for Virtualization Light Agent",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "version": "5.2",
+ "status": "affected",
+ "lessThan": "5.2.27.319",
+ "versionType": "custom"
+ },
+ {
+ "version": "5.2.27.319",
+ "status": "unknown",
+ "lessThanOrEqual": "5.2.27.319",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Kaspersky Endpoint Security for Windows",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Kaspersky Small Office Security",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Kaspersky for Windows (Standard, Plus, Premium)",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Kaspersky Free",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Kaspersky Anti-Virus",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Kaspersky Internet Security",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Kaspersky Security Cloud",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Kaspersky Safe Kids",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "Kaspersky Anti-Ransomware Tool",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225",
+ "refsource": "MISC",
+ "name": "https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225"
+ }
+ ]
+ },
+ "exploit": [
+ {
+ "lang": "en",
+ "value": "There have been no recorded attempts to exploit this issue in the wild."
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "value": "To fix the vulnerability, upgrade the KAV SDK for Windows to the following version: Kaspersky Anti-Virus Software Development Kit 8 Level 3 v. 8.10.2.2098. Contact your Technical Account Manager to obtain the necessary instructions."
+ },
+ {
+ "lang": "en",
+ "value": "Install Kaspersky Security for Virtualization Light Agent 5.2.27.319 (with Kaspersky Security Components Installation Wizard 5.2.1.4005) or newer using the following url: https://www.kaspersky.com/small-to-medium-business-security/downloads/virtualization-hybrid-cloud"
+ },
+ {
+ "lang": "en",
+ "value": "The fix was installed automatically for Kaspersky Endpoint Security for Windows. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
+ },
+ {
+ "lang": "en",
+ "value": "The fix was installed automatically for Kaspersky Small Office Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
+ },
+ {
+ "lang": "en",
+ "value": "The fix was installed automatically for Kaspersky for Windows (Standard, Plus, Premium). To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
+ },
+ {
+ "lang": "en",
+ "value": "The fix was installed automatically for Kaspersky Free. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
+ },
+ {
+ "lang": "en",
+ "value": "The fix was installed automatically for Kaspersky Anti-Virus. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
+ },
+ {
+ "lang": "en",
+ "value": "The fix was installed automatically for Kaspersky Internet Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
+ },
+ {
+ "lang": "en",
+ "value": "The fix was installed automatically for Kaspersky Security Cloud. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
+ },
+ {
+ "lang": "en",
+ "value": "The fix was installed automatically for Kaspersky Safe Kids. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
+ },
+ {
+ "lang": "en",
+ "value": "The fix was installed automatically for Kaspersky Anti-Ransomware Tool. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Florian Schweins"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H"
}
]
}
diff --git a/2024/39xxx/CVE-2024-39033.json b/2024/39xxx/CVE-2024-39033.json
index b7de0748eb9..b4ce40eba2f 100644
--- a/2024/39xxx/CVE-2024-39033.json
+++ b/2024/39xxx/CVE-2024-39033.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-39033",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-39033",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration and PII to be stolen."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://pastebin.com/SHExsfh6",
+ "url": "https://pastebin.com/SHExsfh6"
}
]
}
diff --git a/2024/39xxx/CVE-2024-39272.json b/2024/39xxx/CVE-2024-39272.json
index 28fc9dd431f..7607d23d9b9 100644
--- a/2024/39xxx/CVE-2024-39272.json
+++ b/2024/39xxx/CVE-2024-39272.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-39272",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "talos-cna@cisco.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ClearML",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ClearML",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "Enterprise Server 3.22.5-1533"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2110",
+ "refsource": "MISC",
+ "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2110"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Edwin Molenaar of Cisco Meraki Offensive Security Team"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9,
+ "baseSeverity": "CRITICAL"
}
]
}
diff --git a/2024/43xxx/CVE-2024-43779.json b/2024/43xxx/CVE-2024-43779.json
index 9f003b91727..0af57837990 100644
--- a/2024/43xxx/CVE-2024-43779.json
+++ b/2024/43xxx/CVE-2024-43779.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-43779",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "talos-cna@cisco.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-200: Information Exposure",
+ "cweId": "CWE-200"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "ClearML",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ClearML",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "Enterprise Server 3.22.5-1533"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2112",
+ "refsource": "MISC",
+ "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2112"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Edwin Molenaar of Cisco Meraki Offensive Security Team"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.7,
+ "baseSeverity": "HIGH"
}
]
}
diff --git a/2024/57xxx/CVE-2024-57427.json b/2024/57xxx/CVE-2024-57427.json
index 718799db787..c5226fc4ac0 100644
--- a/2024/57xxx/CVE-2024-57427.json
+++ b/2024/57xxx/CVE-2024-57427.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-57427",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-57427",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim\u2019s browser. Attackers can craft malicious links to steal session cookies or conduct phishing attacks."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.phpjabbers.com/cinema-booking-system/",
+ "refsource": "MISC",
+ "name": "https://www.phpjabbers.com/cinema-booking-system/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/ahrixia/CVE-2024-57427",
+ "url": "https://github.com/ahrixia/CVE-2024-57427"
}
]
}
diff --git a/2024/57xxx/CVE-2024-57428.json b/2024/57xxx/CVE-2024-57428.json
index 505dcfc8ed7..21c3bce0bca 100644
--- a/2024/57xxx/CVE-2024-57428.json
+++ b/2024/57xxx/CVE-2024-57428.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-57428",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-57428",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, malware injection, and session hijacking."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.phpjabbers.com/cinema-booking-system/",
+ "refsource": "MISC",
+ "name": "https://www.phpjabbers.com/cinema-booking-system/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/ahrixia/CVE-2024-57428",
+ "url": "https://github.com/ahrixia/CVE-2024-57428"
}
]
}
diff --git a/2024/57xxx/CVE-2024-57429.json b/2024/57xxx/CVE-2024-57429.json
index 8d1baf4be62..fdbdb6d85e4 100644
--- a/2024/57xxx/CVE-2024-57429.json
+++ b/2024/57xxx/CVE-2024-57429.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-57429",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-57429",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.phpjabbers.com/cinema-booking-system/",
+ "refsource": "MISC",
+ "name": "https://www.phpjabbers.com/cinema-booking-system/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/ahrixia/CVE-2024-57429",
+ "url": "https://github.com/ahrixia/CVE-2024-57429"
}
]
}
diff --git a/2024/57xxx/CVE-2024-57430.json b/2024/57xxx/CVE-2024-57430.json
index a084cac4ec6..19122d2ac60 100644
--- a/2024/57xxx/CVE-2024-57430.json
+++ b/2024/57xxx/CVE-2024-57430.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-57430",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-57430",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.phpjabbers.com/cinema-booking-system/",
+ "refsource": "MISC",
+ "name": "https://www.phpjabbers.com/cinema-booking-system/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/ahrixia/CVE-2024-57430",
+ "url": "https://github.com/ahrixia/CVE-2024-57430"
}
]
}
diff --git a/2024/57xxx/CVE-2024-57599.json b/2024/57xxx/CVE-2024-57599.json
index e5f3481768e..1d35a67f8d2 100644
--- a/2024/57xxx/CVE-2024-57599.json
+++ b/2024/57xxx/CVE-2024-57599.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-57599",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-57599",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.douphp.com/",
+ "refsource": "MISC",
+ "name": "https://www.douphp.com/"
+ },
+ {
+ "url": "https://github.com/Arykon/cve/blob/main/douphp.pdf",
+ "refsource": "MISC",
+ "name": "https://github.com/Arykon/cve/blob/main/douphp.pdf"
}
]
}
diff --git a/2025/0xxx/CVE-2025-0994.json b/2025/0xxx/CVE-2025-0994.json
index f82c4a72709..80f8ec413d3 100644
--- a/2025/0xxx/CVE-2025-0994.json
+++ b/2025/0xxx/CVE-2025-0994.json
@@ -1,18 +1,116 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0994",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Trimble Cityworks versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer\u2019s Microsoft Internet Information Services (IIS) web server."
}
]
- }
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-502 Deserialization of Untrusted Data",
+ "cweId": "CWE-502"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Trimble",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Cityworks",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "23.10"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Trimble has observed that some on-premise deployments may have overprivileged Internet Information Services (IIS) identity permissions. For avoidance of doubt, and in accordance with Trimble's technical documentation, IIS should not be run with local or domain level administrative privileges on any site. Please refer to the direction in the latest release notes in the [Cityworks Support Portal](https://cityworks.my.site.com/)(Login required) for more information on how to update IIS identity permissions. Trimble's CWOL customers have their IIS identity permissions set appropriately and do not need to take this action.
Trimble has observed that some deployments have inappropriate attachment directory configurations. Trimble recommends that attachment directory root configuration should be limited to folders/subfolders which only contain attachments. Please refer to the direction in the latest release notes in the [Cityworks Support Portal](https://cityworks.my.site.com/)(Login required) for more information on how to ensure proper configuration of the attachment directory.
"
+ }
+ ],
+ "value": "Trimble has observed that some on-premise deployments may have overprivileged Internet Information Services (IIS) identity permissions. For avoidance of doubt, and in accordance with Trimble's technical documentation, IIS should not be run with local or domain level administrative privileges on any site. Please refer to the direction in the latest release notes in the [Cityworks Support Portal]( https://cityworks.my.site.com/)(Login required) for more information on how to update IIS identity permissions. Trimble's CWOL customers have their IIS identity permissions set appropriately and do not need to take this action.\n\nTrimble has observed that some deployments have inappropriate attachment directory configurations. Trimble recommends that attachment directory root configuration should be limited to folders/subfolders which only contain attachments. Please refer to the direction in the latest release notes in the [Cityworks Support Portal]( https://cityworks.my.site.com/)(Login required) for more information on how to ensure proper configuration of the attachment directory."
+ }
+ ],
+ "exploit": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "CISA has received reports of this vulnerability being actively exploited.
"
+ }
+ ],
+ "value": "CISA has received reports of this vulnerability being actively exploited."
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Trimble will be releasing updated versions to both 15.x (15.8.9 available January 28, 2025) and Cityworks 23.x software releases (23.10 available January 29, 2025). Information on the updated versions will be available through the normal channels via the [Cityworks Support Portal](https://cityworks.my.site.com/)(Login required). On-premise customers should install the updated version immediately. These updates will be automatically applied to all Cityworks Online (CWOL) deployments.
"
+ }
+ ],
+ "value": "Trimble will be releasing updated versions to both 15.x (15.8.9 available January 28, 2025) and Cityworks 23.x software releases (23.10 available January 29, 2025). Information on the updated versions will be available through the normal channels via the [Cityworks Support Portal]( https://cityworks.my.site.com/)(Login required). On-premise customers should install the updated version immediately. These updates will be automatically applied to all Cityworks Online (CWOL) deployments."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Trimble"
+ }
+ ]
}
\ No newline at end of file
diff --git a/2025/1xxx/CVE-2025-1088.json b/2025/1xxx/CVE-2025-1088.json
new file mode 100644
index 00000000000..b6a1029ad53
--- /dev/null
+++ b/2025/1xxx/CVE-2025-1088.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-1088",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/1xxx/CVE-2025-1089.json b/2025/1xxx/CVE-2025-1089.json
new file mode 100644
index 00000000000..fafb2f401c4
--- /dev/null
+++ b/2025/1xxx/CVE-2025-1089.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-1089",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/22xxx/CVE-2025-22866.json b/2025/22xxx/CVE-2025-22866.json
index d6e3e6e2d43..ddd9f8a56be 100644
--- a/2025/22xxx/CVE-2025-22866.json
+++ b/2025/22xxx/CVE-2025-22866.json
@@ -1,17 +1,88 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22866",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@golang.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-208: Observable Timing Discrepancy"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Go standard library",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "crypto/internal/nistec",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "1.22.12"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.23.0-0",
+ "version_value": "1.23.6"
+ },
+ {
+ "version_affected": "<",
+ "version_name": "1.24.0-0",
+ "version_value": "1.24.0-rc.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://go.dev/cl/643735",
+ "refsource": "MISC",
+ "name": "https://go.dev/cl/643735"
+ },
+ {
+ "url": "https://go.dev/issue/71383",
+ "refsource": "MISC",
+ "name": "https://go.dev/issue/71383"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k",
+ "refsource": "MISC",
+ "name": "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2025-3447",
+ "refsource": "MISC",
+ "name": "https://pkg.go.dev/vuln/GO-2025-3447"
}
]
}
diff --git a/2025/24xxx/CVE-2025-24311.json b/2025/24xxx/CVE-2025-24311.json
new file mode 100644
index 00000000000..6e5148a20dc
--- /dev/null
+++ b/2025/24xxx/CVE-2025-24311.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-24311",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/24xxx/CVE-2025-24922.json b/2025/24xxx/CVE-2025-24922.json
new file mode 100644
index 00000000000..193b4fd8f31
--- /dev/null
+++ b/2025/24xxx/CVE-2025-24922.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-24922",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/25xxx/CVE-2025-25050.json b/2025/25xxx/CVE-2025-25050.json
new file mode 100644
index 00000000000..05eeb561f38
--- /dev/null
+++ b/2025/25xxx/CVE-2025-25050.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-25050",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/25xxx/CVE-2025-25215.json b/2025/25xxx/CVE-2025-25215.json
new file mode 100644
index 00000000000..40aff6675fc
--- /dev/null
+++ b/2025/25xxx/CVE-2025-25215.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-25215",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file