admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-03 22:00:36 +00:00
parent 977ca00c13
commit a057be61f4
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
17 changed files with 1022 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2023/52xxx/CVE-2023-52163.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52163",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-52163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.txone.com/blog/digiever-fixes-sorely-needed/",
"url": "https://www.txone.com/blog/digiever-fixes-sorely-needed/"
},
{
"refsource": "MISC",
"name": "https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing",
"url": "https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing"
}
]
}

61
2023/52xxx/CVE-2023-52164.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-52164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-52164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** UNSUPPORTED WHEN ASSIGNED ** access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.txone.com/blog/digiever-fixes-sorely-needed/",
"url": "https://www.txone.com/blog/digiever-fixes-sorely-needed/"
},
{
"refsource": "MISC",
"name": "https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing",
"url": "https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing"
}
]
}

76
2024/35xxx/CVE-2024-35177.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-35177",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. The root cause is an improper ACL applied on the installation folder when a non-default installation path is specified (e.g,: C:\\wazuh). Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUTHORITY\\SYSTEM. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wazuh",
"product": {
"product_data": [
{
"product_name": "wazuh",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.0.0, < 4.9.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-pmr2-2r83-h3cv",
"refsource": "MISC",
"name": "https://github.com/wazuh/wazuh/security/advisories/GHSA-pmr2-2r83-h3cv"
}
]
},
"source": {
"advisory": "GHSA-pmr2-2r83-h3cv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

76
2024/47xxx/CVE-2024-47770.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-47770",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "wazuh",
"product": {
"product_data": [
{
"product_name": "wazuh",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.9.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv",
"refsource": "MISC",
"name": "https://github.com/wazuh/wazuh/security/advisories/GHSA-648q-8m78-5cwv"
}
]
},
"source": {
"advisory": "GHSA-648q-8m78-5cwv",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

18
2025/1xxx/CVE-2025-1006.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1006",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

86
2025/22xxx/CVE-2025-22129.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22129",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
"cweId": "CWE-280"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Enalean",
"product": {
"product_data": [
{
"product_name": "tuleap",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 16.3.99.1736242932"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-f34g-wc2m-mf76",
"refsource": "MISC",
"name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-f34g-wc2m-mf76"
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=3edf8158ba40be66f0b661888b8b2805784795d1",
"refsource": "MISC",
"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=3edf8158ba40be66f0b661888b8b2805784795d1"
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=41434",
"refsource": "MISC",
"name": "https://tuleap.net/plugins/tracker/?aid=41434"
}
]
},
"source": {
"advisory": "GHSA-f34g-wc2m-mf76",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

75
2025/23xxx/CVE-2025-23210.json
View File

@ -1,18 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-23210",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1.8, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHPOffice",
"product": {
"product_data": [
{
"product_name": "PhpSpreadsheet",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.0.0, < 3.9.0"
},
{
"version_affected": "=",
"version_value": ">= 2.2.0, < 2.3.7"
},
{
"version_affected": "=",
"version_value": ">= 2.0.0, < 2.1.8"
},
{
"version_affected": "=",
"version_value": "< 1.29.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-r57h-547h-w24f",
"refsource": "MISC",
"name": "https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-r57h-547h-w24f"
},
{
"url": "https://github.com/PHPOffice/PhpSpreadsheet/commit/cde2926a9e2baf146783f8fd1771bbed7d1dc7b3",
"refsource": "MISC",
"name": "https://github.com/PHPOffice/PhpSpreadsheet/commit/cde2926a9e2baf146783f8fd1771bbed7d1dc7b3"
}
]
},
"source": {
"advisory": "GHSA-r57h-547h-w24f",
"discovery": "UNKNOWN"
}
}

91
2025/24xxx/CVE-2025-24029.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
"cweId": "CWE-280"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Enalean",
"product": {
"product_data": [
{
"product_name": "tuleap",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 16.3.99.1737562605"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-hq46-63pc-xfv9",
"refsource": "MISC",
"name": "https://github.com/Enalean/tuleap/security/advisories/GHSA-hq46-63pc-xfv9"
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=269cbaa73bac6d1c50674c48c9987263f2b38804",
"refsource": "MISC",
"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=269cbaa73bac6d1c50674c48c9987263f2b38804"
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a97480f951351c0f8f2f3f27f7daa3f7f9c37c75",
"refsource": "MISC",
"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=a97480f951351c0f8f2f3f27f7daa3f7f9c37c75"
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=41476",
"refsource": "MISC",
"name": "https://tuleap.net/plugins/tracker/?aid=41476"
}
]
},
"source": {
"advisory": "GHSA-hq46-63pc-xfv9",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

63
2025/24xxx/CVE-2025-24370.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24370",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality `set_property_value`, which can be remotely triggered by users by crafting appropriate component requests and feeding in values of second and third parameter to the vulnerable function, leading to arbitrary changes to the python runtime status. With this finding at least five ways of vulnerability exploitation have been observed, stably resulting in Cross-Site Scripting (XSS), Denial of Service (DoS), and Authentication Bypass attacks in almost every Django-Unicorn-based application. This issue has been addressed in version 0.62.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"cweId": "CWE-915"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "adamghill",
"product": {
"product_data": [
{
"product_name": "django-unicorn",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.62.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/adamghill/django-unicorn/security/advisories/GHSA-g9wf-5777-gq43",
"refsource": "MISC",
"name": "https://github.com/adamghill/django-unicorn/security/advisories/GHSA-g9wf-5777-gq43"
},
{
"url": "https://github.com/adamghill/django-unicorn/commit/17614200f27174f789d4af54cc3a1f2b0df7870c",
"refsource": "MISC",
"name": "https://github.com/adamghill/django-unicorn/commit/17614200f27174f789d4af54cc3a1f2b0df7870c"
}
]
},
"source": {
"advisory": "GHSA-g9wf-5777-gq43",
"discovery": "UNKNOWN"
}
}

72
2025/24xxx/CVE-2025-24371.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24371",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send their `base` and `latest` heights when they connect to a new node (`A`), which is syncing to the tip of a network. `base` acts as a lower ground and informs `A` that the peer only has blocks starting from height `base`. `latest` height informs `A` about the latest block in a network. Normally, nodes would only report increasing heights. If `B` fails to provide the latest block, `B` is removed and the `latest` height (target height) is recalculated based on other nodes `latest` heights. The existing code however doesn't check for the case where `B` first reports `latest` height `X` and immediately after height `Y`, where `X > Y`. `A` will be trying to catch up to 2000 indefinitely. This condition requires the introduction of malicious code in the full node first reporting some non-existing `latest` height, then reporting lower `latest` height and nodes which are syncing using `blocksync` protocol. This issue has been patched in versions 1.0.1 and 0.38.17 and all users are advised to upgrade. Operators may attempt to ban malicious peers from the network as a workaround."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"cweId": "CWE-703"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cometbft",
"product": {
"product_data": [
{
"product_name": "cometbft",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.38.17"
},
{
"version_affected": "=",
"version_value": "= 1.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/cometbft/cometbft/security/advisories/GHSA-22qq-3xwm-r5x4",
"refsource": "MISC",
"name": "https://github.com/cometbft/cometbft/security/advisories/GHSA-22qq-3xwm-r5x4"
},
{
"url": "https://github.com/cometbft/cometbft/releases/tag/v0.38.17",
"refsource": "MISC",
"name": "https://github.com/cometbft/cometbft/releases/tag/v0.38.17"
},
{
"url": "https://github.com/cometbft/cometbft/releases/tag/v1.0.1",
"refsource": "MISC",
"name": "https://github.com/cometbft/cometbft/releases/tag/v1.0.1"
}
]
},
"source": {
"advisory": "GHSA-22qq-3xwm-r5x4",
"discovery": "UNKNOWN"
}
}

63
2025/24xxx/CVE-2025-24899.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24899",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "yogeshojha",
"product": {
"product_data": [
{
"product_name": "rengine",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 2.2.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-r3fp-xr9f-wv38",
"refsource": "MISC",
"name": "https://github.com/yogeshojha/rengine/security/advisories/GHSA-r3fp-xr9f-wv38"
},
{
"url": "https://github.com/yogeshojha/rengine/commit/a658b8519f1a3347634b04733cf91ed933af1f99",
"refsource": "MISC",
"name": "https://github.com/yogeshojha/rengine/commit/a658b8519f1a3347634b04733cf91ed933af1f99"
}
]
},
"source": {
"advisory": "GHSA-r3fp-xr9f-wv38",
"discovery": "UNKNOWN"
}
}

58
2025/24xxx/CVE-2025-24901.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24901",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jp48-94wm-3gmc",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jp48-94wm-3gmc"
}
]
},
"source": {
"advisory": "GHSA-jp48-94wm-3gmc",
"discovery": "UNKNOWN"
}
}

58
2025/24xxx/CVE-2025-24902.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24902",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pg73-w9vx-8mgp",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-pg73-w9vx-8mgp"
}
]
},
"source": {
"advisory": "GHSA-pg73-w9vx-8mgp",
"discovery": "UNKNOWN"
}
}

58
2025/24xxx/CVE-2025-24905.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24905",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qjc6-5qv6-fr8m",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-qjc6-5qv6-fr8m"
}
]
},
"source": {
"advisory": "GHSA-qjc6-5qv6-fr8m",
"discovery": "UNKNOWN"
}
}

58
2025/24xxx/CVE-2025-24906.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24906",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jpph-g9p7-9jrm",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jpph-g9p7-9jrm"
}
]
},
"source": {
"advisory": "GHSA-jpph-g9p7-9jrm",
"discovery": "UNKNOWN"
}
}

58
2025/24xxx/CVE-2025-24957.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24957",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x28g-6228-99p9",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-x28g-6228-99p9"
}
]
},
"source": {
"advisory": "GHSA-x28g-6228-99p9",
"discovery": "UNKNOWN"
}
}

58
2025/24xxx/CVE-2025-24958.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-24958",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_tag.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-2mhx-5998-46hx",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-2mhx-5998-46hx"
}
]
},
"source": {
"advisory": "GHSA-2mhx-5998-46hx",
"discovery": "UNKNOWN"
}
}