diff --git a/2024/57xxx/CVE-2024-57440.json b/2024/57xxx/CVE-2024-57440.json
index 9b4c64a02a2..46070bb8d4a 100644
--- a/2024/57xxx/CVE-2024-57440.json
+++ b/2024/57xxx/CVE-2024-57440.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2024-57440",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2024-57440",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi"
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.dlink.com/en/security-bulletin/",
+ "refsource": "MISC",
+ "name": "https://www.dlink.com/en/security-bulletin/"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10418",
+ "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10418"
}
]
}
diff --git a/2024/7xxx/CVE-2024-7598.json b/2024/7xxx/CVE-2024-7598.json
index cfc52d32f8e..0409b8a2ac6 100644
--- a/2024/7xxx/CVE-2024-7598.json
+++ b/2024/7xxx/CVE-2024-7598.json
@@ -1,17 +1,117 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-7598",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@kubernetes.io",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A security issue was discovered in Kubernetes where a malicious or compromised pod could bypass network restrictions enforced by network policies during namespace deletion. The order in which objects are deleted during namespace termination is not defined, and it is possible for network policies to be deleted before the pods that they protect. This can lead to a brief period in which the pods are running, but network policies that should apply to connections to and from the pods are not enforced."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
+ "cweId": "CWE-362"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Kubernetes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "kube-apiserver",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "status": "affected",
+ "version": "1.3.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "1.3.0",
+ "status": "unaffected",
+ "version": "0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/kubernetes/kubernetes/issues/126587",
+ "refsource": "MISC",
+ "name": "https://github.com/kubernetes/kubernetes/issues/126587"
+ },
+ {
+ "url": "https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc",
+ "refsource": "MISC",
+ "name": "https://groups.google.com/g/kubernetes-security-announce/c/67D7UFqiPRc"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Aaron Coffey"
+ },
+ {
+ "lang": "en",
+ "value": "John McGuinness"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "ADJACENT_NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.1,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/29xxx/CVE-2025-29121.json b/2025/29xxx/CVE-2025-29121.json
index 4bd189ae98a..3bca98022b0 100644
--- a/2025/29xxx/CVE-2025-29121.json
+++ b/2025/29xxx/CVE-2025-29121.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2025-29121",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2025-29121",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in Tenda AC6 V15.03.05.16. The vulnerability affects the functionality of the /goform/fast_setting_wifi_set file form_fast_setting_wifi_set. Using the timeZone parameter causes a stack-based buffer overflow."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/Raining-101/IOT_cve/blob/main/ac6_form_fast_setting_wifi_set%20_timeZone.md",
+ "refsource": "MISC",
+ "name": "https://github.com/Raining-101/IOT_cve/blob/main/ac6_form_fast_setting_wifi_set%20_timeZone.md"
}
]
}
diff --git a/2025/29xxx/CVE-2025-29149.json b/2025/29xxx/CVE-2025-29149.json
index 784cf273f4d..4b0a0642ab7 100644
--- a/2025/29xxx/CVE-2025-29149.json
+++ b/2025/29xxx/CVE-2025-29149.json
@@ -1,17 +1,61 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2025-29149",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2025-29149",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the ping1 parameter in the formSetAutoPing function."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/Raining-101/IOT_cve/blob/main/tenda%20i12formSetAutoPing_ping1.md",
+ "refsource": "MISC",
+ "name": "https://github.com/Raining-101/IOT_cve/blob/main/tenda%20i12formSetAutoPing_ping1.md"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2480.json b/2025/2xxx/CVE-2025-2480.json
index 1376fcee6e6..867f484d37f 100644
--- a/2025/2xxx/CVE-2025-2480.json
+++ b/2025/2xxx/CVE-2025-2480.json
@@ -1,17 +1,113 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2480",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "ics-cert@hq.dhs.gov",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of arbitrary code by a local attacker."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-787 Out-of-bounds Write",
+ "cweId": "CWE-787"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Santesoft",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Sante DICOM Viewer Pro",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "14.1.2"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-079-01",
+ "refsource": "MISC",
+ "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-079-01"
+ },
+ {
+ "url": "https://santesoft.com/win/sante-dicom-viewer-pro/download.html",
+ "refsource": "MISC",
+ "name": "https://santesoft.com/win/sante-dicom-viewer-pro/download.html"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "advisory": "ICSMA-25-079-01",
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Santesoft released an updated version of their product and recommends updating Sante DICOM Viewer Pro to v14.2.0 or later.\n\n
"
+ }
+ ],
+ "value": "Santesoft released an updated version of their product and recommends updating Sante DICOM Viewer Pro to v14.2.0 https://santesoft.com/win/sante-dicom-viewer-pro/download.html \u00a0or later."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Michael Heinzl reported this vulnerability to CISA."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2549.json b/2025/2xxx/CVE-2025-2549.json
index ebd48e05907..5a295129ae1 100644
--- a/2025/2xxx/CVE-2025-2549.json
+++ b/2025/2xxx/CVE-2025-2549.json
@@ -1,17 +1,147 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2549",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
+ },
+ {
+ "lang": "deu",
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** In D-Link DIR-618 and DIR-605L 2.02/3.02 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /goform/formSetPassword. Mittels Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Improper Access Controls",
+ "cweId": "CWE-284"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Incorrect Privilege Assignment",
+ "cweId": "CWE-266"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "D-Link",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIR-618",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2.02"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.02"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "DIR-605L",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2.02"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.02"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.300163",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.300163"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.300163",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.300163"
+ },
+ {
+ "url": "https://vuldb.com/?submit.516791",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.516791"
+ },
+ {
+ "url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-618-formSetPassword-1b053a41781f8021b704f7dfeb1fcd09?pvs=4",
+ "refsource": "MISC",
+ "name": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-618-formSetPassword-1b053a41781f8021b704f7dfeb1fcd09?pvs=4"
+ },
+ {
+ "url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetPassword-1b153a41781f803d8166f9b551b30cd4?pvs=4",
+ "refsource": "MISC",
+ "name": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetPassword-1b153a41781f803d8166f9b551b30cd4?pvs=4"
+ },
+ {
+ "url": "https://www.dlink.com/",
+ "refsource": "MISC",
+ "name": "https://www.dlink.com/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "yhryhryhr_miemie (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 3.3,
+ "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2550.json b/2025/2xxx/CVE-2025-2550.json
index e78dc7040ec..3ada73ed76b 100644
--- a/2025/2xxx/CVE-2025-2550.json
+++ b/2025/2xxx/CVE-2025-2550.json
@@ -1,17 +1,147 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2550",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
+ },
+ {
+ "lang": "deu",
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** Eine Schwachstelle wurde in D-Link DIR-618 and DIR-605L 2.02/3.02 gefunden. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /goform/formSetDDNS der Komponente DDNS Service. Durch das Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Improper Access Controls",
+ "cweId": "CWE-284"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Incorrect Privilege Assignment",
+ "cweId": "CWE-266"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "D-Link",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "DIR-618",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2.02"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.02"
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "DIR-605L",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "2.02"
+ },
+ {
+ "version_affected": "=",
+ "version_value": "3.02"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.300164",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.300164"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.300164",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.300164"
+ },
+ {
+ "url": "https://vuldb.com/?submit.516792",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.516792"
+ },
+ {
+ "url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-618-formSetDDNS-1b053a41781f80659702da9a589e4f4a?pvs=4",
+ "refsource": "MISC",
+ "name": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-618-formSetDDNS-1b053a41781f80659702da9a589e4f4a?pvs=4"
+ },
+ {
+ "url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetDDNS-1b153a41781f80feb80bd24afc8f83d5?pvs=4",
+ "refsource": "MISC",
+ "name": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetDDNS-1b153a41781f80feb80bd24afc8f83d5?pvs=4"
+ },
+ {
+ "url": "https://www.dlink.com/",
+ "refsource": "MISC",
+ "name": "https://www.dlink.com/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "yhryhryhr_tutu (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 4.3,
+ "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 3.3,
+ "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N"
}
]
}
diff --git a/2025/2xxx/CVE-2025-2565.json b/2025/2xxx/CVE-2025-2565.json
index bea1d3c04f6..542ae9ac7de 100644
--- a/2025/2xxx/CVE-2025-2565.json
+++ b/2025/2xxx/CVE-2025-2565.json
@@ -1,18 +1,149 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-2565",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@liferay.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 allows an unauthorized user to obtain entry data from forms."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-201 Insertion of Sensitive Information Into Sent Data",
+ "cweId": "CWE-201"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Liferay",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Portal",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "7.4.3.128",
+ "status": "affected",
+ "version": "7.4.0",
+ "versionType": "maven"
+ },
+ {
+ "status": "unaffected",
+ "version": "7.4.3.129"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "DXP",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "7.4.13-u92",
+ "status": "affected",
+ "version": "7.4.13",
+ "versionType": "maven"
+ },
+ {
+ "lessThanOrEqual": "2023.Q3.10",
+ "status": "affected",
+ "version": "2023.Q3.1",
+ "versionType": "maven"
+ },
+ {
+ "lessThanOrEqual": "2023.Q4.10",
+ "status": "affected",
+ "version": "2023.Q4.0",
+ "versionType": "maven"
+ },
+ {
+ "lessThanOrEqual": "2024.Q1.12",
+ "status": "affected",
+ "version": "2024.Q1.1",
+ "versionType": "maven"
+ },
+ {
+ "lessThanOrEqual": "2024.Q2.12",
+ "status": "affected",
+ "version": "2024.Q2.0",
+ "versionType": "maven"
+ },
+ {
+ "status": "affected",
+ "version": "2024.Q3.0",
+ "versionType": "maven"
+ },
+ {
+ "status": "unaffected",
+ "version": "2024.Q1.13",
+ "versionType": "maven"
+ },
+ {
+ "status": "unaffected",
+ "version": "2024.Q3.1",
+ "versionType": "maven"
+ },
+ {
+ "status": "unaffected",
+ "version": "2024.Q4.0",
+ "versionType": "maven"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-2565",
+ "refsource": "MISC",
+ "name": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-2565"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
}
}
\ No newline at end of file
diff --git a/2025/2xxx/CVE-2025-2566.json b/2025/2xxx/CVE-2025-2566.json
new file mode 100644
index 00000000000..74349bec908
--- /dev/null
+++ b/2025/2xxx/CVE-2025-2566.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-2566",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/2xxx/CVE-2025-2567.json b/2025/2xxx/CVE-2025-2567.json
new file mode 100644
index 00000000000..9d0cbc75641
--- /dev/null
+++ b/2025/2xxx/CVE-2025-2567.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-2567",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file