admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-07 16:00:33 +00:00
parent 05298b7975
commit 9e2e081f0c
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
20 changed files with 1085 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
2024/6xxx/CVE-2024-6221.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions." "value": "A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions."
} }
] ]
}, },
@ -40,9 +40,9 @@
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_affected": "<=", "version_affected": "<",
"version_name": "unspecified", "version_name": "unspecified",
"version_value": "latest" "version_value": "5.0.0"
} }
] ]
} }
@ -59,6 +59,11 @@
"url": "https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d", "url": "https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d",
"refsource": "MISC", "refsource": "MISC",
"name": "https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d" "name": "https://huntr.com/bounties/a42935fc-6f57-4818-bca4-3d528235df4d"
},
{
"url": "https://github.com/corydolphin/flask-cors/commit/03aa3f8e2256437f7bad96422a747b98ab5e31bf",
"refsource": "MISC",
"name": "https://github.com/corydolphin/flask-cors/commit/03aa3f8e2256437f7bad96422a747b98ab5e31bf"
} }
] ]
}, },

61
2025/28xxx/CVE-2025-28400.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28400",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28400",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
},
{
"refsource": "MISC",
"name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28400.md",
"url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28400.md"
} }
] ]
} }

56
2025/28xxx/CVE-2025-28401.json
View File

@ -1,17 +1,61 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28401",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28401",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
} }
] ]
} }

61
2025/28xxx/CVE-2025-28402.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28402",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28402",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
},
{
"refsource": "MISC",
"name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28402.md",
"url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28402.md"
} }
] ]
} }

61
2025/28xxx/CVE-2025-28403.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28403",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28403",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
},
{
"refsource": "MISC",
"name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28403.md",
"url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28403.md"
} }
] ]
} }

61
2025/28xxx/CVE-2025-28405.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28405",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28405",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
},
{
"refsource": "MISC",
"name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28405.md",
"url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28405.md"
} }
] ]
} }

61
2025/28xxx/CVE-2025-28406.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28406",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28406",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
},
{
"refsource": "MISC",
"name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28406.md",
"url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28406.md"
} }
] ]
} }

61
2025/28xxx/CVE-2025-28407.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28407",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28407",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
},
{
"refsource": "MISC",
"name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28407.md",
"url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28407.md"
} }
] ]
} }

61
2025/28xxx/CVE-2025-28408.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28408",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28408",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
},
{
"refsource": "MISC",
"name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md",
"url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md"
} }
] ]
} }

61
2025/28xxx/CVE-2025-28409.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28409",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28409",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
},
{
"refsource": "MISC",
"name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md",
"url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md"
} }
] ]
} }

61
2025/28xxx/CVE-2025-28410.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28410",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28410",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
},
{
"refsource": "MISC",
"name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28409.md",
"url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28409.md"
} }
] ]
} }

61
2025/28xxx/CVE-2025-28411.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28411",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28411",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
},
{
"refsource": "MISC",
"name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28411.md",
"url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28411.md"
} }
] ]
} }

61
2025/28xxx/CVE-2025-28412.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28412",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28412",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
},
{
"refsource": "MISC",
"name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28412.md",
"url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28412.md"
} }
] ]
} }

61
2025/28xxx/CVE-2025-28413.json
View File

@ -1,17 +1,66 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-28413",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED" "ID": "CVE-2025-28413",
"STATE": "PUBLIC"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"refsource": "MISC",
"name": "https://github.com/yangzongzhuan/RuoYi"
},
{
"refsource": "MISC",
"name": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28413.md",
"url": "https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28413.md"
} }
] ]
} }

42
2025/2xxx/CVE-2025-2877.json
View File

@ -36,12 +36,41 @@
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "Red Hat Ansible Automation Platform 2", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "not down converted", "version_value": "not down converted",
"x_cve_json_5_version_data": { "x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.0.8-2.el8ap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "0:1.0.8-2.el9ap",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected" "defaultStatus": "affected"
} }
} }
@ -56,6 +85,11 @@
}, },
"references": { "references": {
"reference_data": [ "reference_data": [
{
"url": "https://access.redhat.com/errata/RHSA-2025:3636",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2025:3636"
},
{ {
"url": "https://access.redhat.com/security/cve/CVE-2025-2877", "url": "https://access.redhat.com/security/cve/CVE-2025-2877",
"refsource": "MISC", "refsource": "MISC",
@ -68,6 +102,12 @@
} }
] ]
}, },
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"impact": { "impact": {
"cvss": [ "cvss": [
{ {

18
2025/32xxx/CVE-2025-32408.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32408",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

109
2025/3xxx/CVE-2025-3372.json
View File

@ -1,17 +1,118 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-3372", "ID": "CVE-2025-3372",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component MKDIR Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in PCMan FTP Server 2.0.7 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente MKDIR Command Handler. Durch das Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow",
"cweId": "CWE-120"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PCMan",
"product": {
"product_data": [
{
"product_name": "FTP Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.303618",
"refsource": "MISC",
"name": "https://vuldb.com/?id.303618"
},
{
"url": "https://vuldb.com/?ctiid.303618",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.303618"
},
{
"url": "https://vuldb.com/?submit.552273",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.552273"
},
{
"url": "https://fitoxs.com/exploit/01-exploit.txt",
"refsource": "MISC",
"name": "https://fitoxs.com/exploit/01-exploit.txt"
}
]
},
"credits": [
{
"lang": "en",
"value": "Fernando Mengali (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
} }
] ]
} }

109
2025/3xxx/CVE-2025-3373.json
View File

@ -1,17 +1,118 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-3373", "ID": "CVE-2025-3373",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the component SITE CHMOD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In PCMan FTP Server 2.0.7 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Komponente SITE CHMOD Command Handler. Durch Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow",
"cweId": "CWE-120"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PCMan",
"product": {
"product_data": [
{
"product_name": "FTP Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.303619",
"refsource": "MISC",
"name": "https://vuldb.com/?id.303619"
},
{
"url": "https://vuldb.com/?ctiid.303619",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.303619"
},
{
"url": "https://vuldb.com/?submit.552274",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.552274"
},
{
"url": "https://fitoxs.com/exploit/exploit2.txt",
"refsource": "MISC",
"name": "https://fitoxs.com/exploit/exploit2.txt"
}
]
},
"credits": [
{
"lang": "en",
"value": "Fernando Mengali (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
} }
] ]
} }

80
2025/3xxx/CVE-2025-3424.json Normal file
View File

@ -0,0 +1,80 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2025-3424",
"ASSIGNER": "productsecurity@philips.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IntelliSpace portal application utilizes .NET\nRemoting for its functionality. The vulnerability arises from the exploitation\nof port 755 through the \"Object Marshalling\" technique, which allows\nan attacker to read internal files without any authentication. This is possible\nby crafting specific .NET Remoting URLs derived from information enumerated in\nthe client-side configuration files.\n\n\n\n\n\n\n\nThis issue affects IntelliSpace Portal: 12 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Philips",
"product": {
"product_data": [
{
"product_name": "IntelliSpace Portal",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12 and prior"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3424",
"refsource": "MISC",
"name": "https://www.cve.org/CVERecord?id=CVE-2025-3424"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Victor A Morales"
},
{
"lang": "en",
"value": "Omar A Crespo"
}
]
}

18
2025/3xxx/CVE-2025-3425.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3425",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}