diff --git a/2024/10xxx/CVE-2024-10635.json b/2024/10xxx/CVE-2024-10635.json
index 68dc0ec28e4..f9522b51013 100644
--- a/2024/10xxx/CVE-2024-10635.json
+++ b/2024/10xxx/CVE-2024-10635.json
@@ -1,17 +1,127 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-10635",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@proofpoint.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-20 Improper Input Validation",
+ "cweId": "CWE-20"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Proofpoint",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Enterprise Protection",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "changes": [
+ {
+ "at": "patch 4868",
+ "status": "unaffected"
+ }
+ ],
+ "lessThan": "patch 5110",
+ "status": "affected",
+ "version": "8.18.6",
+ "versionType": "semver"
+ },
+ {
+ "changes": [
+ {
+ "at": "patch 4871",
+ "status": "unaffected"
+ }
+ ],
+ "lessThan": "patch 5134",
+ "status": "affected",
+ "version": "8.20.6",
+ "versionType": "semver"
+ },
+ {
+ "changes": [
+ {
+ "at": "patch 4872",
+ "status": "unaffected"
+ }
+ ],
+ "lessThan": "patch 5112",
+ "status": "affected",
+ "version": "8.21.0",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0002",
+ "refsource": "MISC",
+ "name": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0002"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/11xxx/CVE-2024-11922.json b/2024/11xxx/CVE-2024-11922.json
index 31397cc69eb..b36f6a636d0 100644
--- a/2024/11xxx/CVE-2024-11922.json
+++ b/2024/11xxx/CVE-2024-11922.json
@@ -1,17 +1,114 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11922",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security.reports@fortra.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to\u00a0insert arbitrary HTML or JavaScript into an email."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Fortra",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GoAnywhere MFT",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0",
+ "version_value": "7.7.1"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.fortra.com/security/advisories/product-security/fi-2025-005",
+ "refsource": "MISC",
+ "name": "https://www.fortra.com/security/advisories/product-security/fi-2025-005"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Limit access to only trustworthy Web Users\n\n
"
+ }
+ ],
+ "value": "Limit access to only trustworthy Web Users"
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Upgrade to version 7.8.0"
+ }
+ ],
+ "value": "Upgrade to version 7.8.0"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2025/0xxx/CVE-2025-0049.json b/2025/0xxx/CVE-2025-0049.json
index 56e4bb86b74..1cada9d972b 100644
--- a/2025/0xxx/CVE-2025-0049.json
+++ b/2025/0xxx/CVE-2025-0049.json
@@ -1,17 +1,114 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0049",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security.reports@fortra.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow\u00a0Fuzzing for application mapping.\nThis issue affects GoAnywhere: before 7.8.0."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-209 Generation of Error Message Containing Sensitive Information",
+ "cweId": "CWE-209"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Fortra",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "GoAnywhere",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_name": "0",
+ "version_value": "7.8"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://www.fortra.com/security/advisories/product-security/fi-2025-004",
+ "refsource": "MISC",
+ "name": "https://www.fortra.com/security/advisories/product-security/fi-2025-004"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "work_around": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "This issue occurs when the Web User does not have Create permission on Subfolders. It is a bug that happens when a user tries to upload a file to a directory that doesn\u2019t exist yet (If they have permissions to create sub directories, then the non-existent directory would be created automatically).
Note: This workaround requires supplying an additional permission that the Web User does not have in vulnerable configurations. "
+ }
+ ],
+ "value": "This issue occurs when the Web User does not have Create permission on Subfolders. It is a bug that happens when a user tries to upload a file to a directory that doesn\u2019t exist yet (If they have permissions to create sub directories, then the non-existent directory would be created automatically).\n\nNote: This workaround requires supplying an additional permission that the Web User does not have in vulnerable configurations."
+ }
+ ],
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Upgrade to GoAnywhere 7.8.0 or later."
+ }
+ ],
+ "value": "Upgrade to GoAnywhere 7.8.0 or later."
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/46xxx/CVE-2025-46712.json b/2025/46xxx/CVE-2025-46712.json
new file mode 100644
index 00000000000..0854479f5ee
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46712.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46712",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46713.json b/2025/46xxx/CVE-2025-46713.json
new file mode 100644
index 00000000000..e7d6badcf68
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46713.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46713",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46714.json b/2025/46xxx/CVE-2025-46714.json
new file mode 100644
index 00000000000..00808a6a48e
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46714.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46714",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46715.json b/2025/46xxx/CVE-2025-46715.json
new file mode 100644
index 00000000000..52b500bb9cd
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46715.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46715",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46716.json b/2025/46xxx/CVE-2025-46716.json
new file mode 100644
index 00000000000..d488c3991b3
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46716.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46716",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46717.json b/2025/46xxx/CVE-2025-46717.json
new file mode 100644
index 00000000000..256a52c2f3d
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46717.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46717",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46718.json b/2025/46xxx/CVE-2025-46718.json
new file mode 100644
index 00000000000..2ec95e41b2a
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46718.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46718",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46719.json b/2025/46xxx/CVE-2025-46719.json
new file mode 100644
index 00000000000..0802c1adae7
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46719.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46719",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46720.json b/2025/46xxx/CVE-2025-46720.json
new file mode 100644
index 00000000000..693197ebf18
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46720.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46720",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46721.json b/2025/46xxx/CVE-2025-46721.json
new file mode 100644
index 00000000000..f3454934678
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46721.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46721",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46722.json b/2025/46xxx/CVE-2025-46722.json
new file mode 100644
index 00000000000..dfb67dca62a
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46722.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46722",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46723.json b/2025/46xxx/CVE-2025-46723.json
new file mode 100644
index 00000000000..75b9ab023d6
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46723.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46723",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46724.json b/2025/46xxx/CVE-2025-46724.json
new file mode 100644
index 00000000000..56b8c6a4386
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46724.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46724",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46725.json b/2025/46xxx/CVE-2025-46725.json
new file mode 100644
index 00000000000..e17e8732b3a
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46725.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46725",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46726.json b/2025/46xxx/CVE-2025-46726.json
new file mode 100644
index 00000000000..f442fd14eed
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46726.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46726",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46727.json b/2025/46xxx/CVE-2025-46727.json
new file mode 100644
index 00000000000..f5bc4386162
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46727.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46727",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46728.json b/2025/46xxx/CVE-2025-46728.json
new file mode 100644
index 00000000000..4655d4517a1
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46728.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46728",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46729.json b/2025/46xxx/CVE-2025-46729.json
new file mode 100644
index 00000000000..8d7f0da7b52
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46729.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46729",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46730.json b/2025/46xxx/CVE-2025-46730.json
new file mode 100644
index 00000000000..dcde3478366
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46730.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46730",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46731.json b/2025/46xxx/CVE-2025-46731.json
new file mode 100644
index 00000000000..f6b571fcdc6
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46731.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46731",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46732.json b/2025/46xxx/CVE-2025-46732.json
new file mode 100644
index 00000000000..bb0ec31ebdc
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46732.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46732",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46733.json b/2025/46xxx/CVE-2025-46733.json
new file mode 100644
index 00000000000..27e2b4ed79b
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46733.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46733",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46734.json b/2025/46xxx/CVE-2025-46734.json
new file mode 100644
index 00000000000..49b3c4af50e
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46734.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46734",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46735.json b/2025/46xxx/CVE-2025-46735.json
new file mode 100644
index 00000000000..21b99174023
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46735.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46735",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/46xxx/CVE-2025-46736.json b/2025/46xxx/CVE-2025-46736.json
new file mode 100644
index 00000000000..02abe106e77
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46736.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46736",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/4xxx/CVE-2025-4037.json b/2025/4xxx/CVE-2025-4037.json
index 645915995fa..1060b1aab28 100644
--- a/2025/4xxx/CVE-2025-4037.json
+++ b/2025/4xxx/CVE-2025-4037.json
@@ -1,17 +1,114 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4037",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine kritische Schwachstelle in code-projects ATM Banking 1.0 ausgemacht. Es geht dabei um die Funktion moneyDeposit/moneyWithdraw. Durch Manipulieren mit unbekannten Daten kann eine business logic errors-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Business Logic Errors",
+ "cweId": "CWE-840"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "code-projects",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ATM Banking",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.306402",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.306402"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.306402",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.306402"
+ },
+ {
+ "url": "https://vuldb.com/?submit.559303",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.559303"
+ },
+ {
+ "url": "https://github.com/zzzxc643/cve/blob/main/ATM_Banking.md",
+ "refsource": "MISC",
+ "name": "https://github.com/zzzxc643/cve/blob/main/ATM_Banking.md"
+ },
+ {
+ "url": "https://code-projects.org/",
+ "refsource": "MISC",
+ "name": "https://code-projects.org/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "zzzxc (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 4.4,
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 4.4,
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 3.2,
+ "vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P"
}
]
}
diff --git a/2025/4xxx/CVE-2025-4038.json b/2025/4xxx/CVE-2025-4038.json
index c4e198ea340..94728a591b9 100644
--- a/2025/4xxx/CVE-2025-4038.json
+++ b/2025/4xxx/CVE-2025-4038.json
@@ -1,17 +1,123 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4038",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "In code-projects Train Ticket Reservation System 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um die Funktion Reservation der Komponente Ticket Reservation. Durch das Beeinflussen des Arguments Name mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Stack-based Buffer Overflow",
+ "cweId": "CWE-121"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Memory Corruption",
+ "cweId": "CWE-119"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "code-projects",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Train Ticket Reservation System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.306403",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.306403"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.306403",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.306403"
+ },
+ {
+ "url": "https://vuldb.com/?submit.559344",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.559344"
+ },
+ {
+ "url": "https://github.com/zzzxc643/cve/blob/main/Buffer%20Overflow%20Vulnerability%20in%20Train%20Reservation%20System.md",
+ "refsource": "MISC",
+ "name": "https://github.com/zzzxc643/cve/blob/main/Buffer%20Overflow%20Vulnerability%20in%20Train%20Reservation%20System.md"
+ },
+ {
+ "url": "https://code-projects.org/",
+ "refsource": "MISC",
+ "name": "https://code-projects.org/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "zzzxc (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 5.3,
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 5.3,
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "MEDIUM"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 4.3,
+ "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
}
]
}
diff --git a/2025/4xxx/CVE-2025-4050.json b/2025/4xxx/CVE-2025-4050.json
new file mode 100644
index 00000000000..500fb829078
--- /dev/null
+++ b/2025/4xxx/CVE-2025-4050.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-4050",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/4xxx/CVE-2025-4051.json b/2025/4xxx/CVE-2025-4051.json
new file mode 100644
index 00000000000..6ace1ca908c
--- /dev/null
+++ b/2025/4xxx/CVE-2025-4051.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-4051",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2025/4xxx/CVE-2025-4052.json b/2025/4xxx/CVE-2025-4052.json
new file mode 100644
index 00000000000..d212b45ffb4
--- /dev/null
+++ b/2025/4xxx/CVE-2025-4052.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-4052",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file