admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 05:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-28 14:00:42 +00:00
parent b8e5afdf5d
commit af4acde029
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 400 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2024/7xxx/CVE-2024-7137.json
View File

@ -56,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://community.silabs.com/068Vm00000F9zre",
"url": "https://community.silabs.com/068Vm00000I5mjD",
"refsource": "MISC",
"name": "https://community.silabs.com/068Vm00000F9zre"
"name": "https://community.silabs.com/068Vm00000I5mjD"
}
]
},

4
2024/7xxx/CVE-2024-7138.json
View File

@ -56,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://community.silabs.com/068Vm00000F9zre",
"url": "https://community.silabs.com/068Vm00000I5mjD",
"refsource": "MISC",
"name": "https://community.silabs.com/068Vm00000F9zre"
"name": "https://community.silabs.com/068Vm00000I5mjD"
}
]
},

4
2024/7xxx/CVE-2024-7139.json
View File

@ -65,9 +65,9 @@
"references": {
"reference_data": [
{
"url": "https://community.silabs.com/068Vm00000F9zre",
"url": "https://community.silabs.com/068Vm00000I5mjD",
"refsource": "MISC",
"name": "https://community.silabs.com/068Vm00000F9zre"
"name": "https://community.silabs.com/068Vm00000I5mjD"
}
]
},

66
2025/40xxx/CVE-2025-40651.json
View File

@ -1,18 +1,76 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-40651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reflected Cross-Site Scripting (XSS) vulnerability in Real Easy Store. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the keyword parameter in /index.php?a=search. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Real Easy Store",
"product": {
"product_data": [
{
"product_name": "Real Easy Store",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-real-easy-store",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/reflected-cross-site-scripting-xss-real-easy-store"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Edgar Carrillo"
}
]
}

61
2025/45xxx/CVE-2025-45997.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-45997",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-45997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/17883/web-based-product-alert-system.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/17883/web-based-product-alert-system.html"
},
{
"refsource": "MISC",
"name": "https://github.com/litsasuk/CVE-POC/blob/main/CVE-2025-45997.md",
"url": "https://github.com/litsasuk/CVE-POC/blob/main/CVE-2025-45997.md"
}
]
}

83
2025/48xxx/CVE-2025-48734.json
View File

@ -1,18 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-48734",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@apache.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Access Control vulnerability in Apache Commons.\n\n\n\nA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\n\n\n\n\n\nReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u2019s class loader via the \u201cdeclaredClass\u201d property available on all Java \u201cenum\u201d objects. Accessing the enum\u2019s \u201cdeclaredClass\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\nStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \u201cdeclaredClass\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests.\n\nThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils\n\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\n\n\nUsers of the artifact org.apache.commons:commons-beanutils2\n\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apache Software Foundation",
"product": {
"product_data": [
{
"product_name": "Apache Commons BeanUtils 1.x",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.0",
"version_value": "1.11.0"
}
]
}
},
{
"product_name": "Apache Commons BeanUtils 2.x",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.0.0-M1",
"version_value": "2.0.0-M2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"refsource": "MISC",
"name": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Raj (mailto:denesh.raj@zohocorp.com)"
},
{
"lang": "en",
"value": "Muthukumar Marikani (mailto:muthukumar.marikani@zohocorp.com)"
}
]
}

101
2025/4xxx/CVE-2025-4134.json
View File

@ -1,17 +1,110 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4134",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@nortonlifelock.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552 Files or Directories Accessible to External Parties",
"cweId": "CWE-552"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Avast",
"product": {
"product_data": [
{
"product_name": "Avast Business Antivirus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "4.5.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/",
"refsource": "MISC",
"name": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in V4.6 released 03/FEB/2025, ugrade to latest version."
}
],
"value": "Fixed in V4.6 released 03/FEB/2025, ugrade to latest version."
}
],
"credits": [
{
"lang": "en",
"value": "FIS Securtiy"
},
{
"lang": "en",
"value": "N\u00f4ng Ho\u00e0ng T\u00fa"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

85
2025/5xxx/CVE-2025-5277.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5277",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "alexei-led",
"product": {
"product_data": [
{
"product_name": "aws-mcp-server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/alexei-led/aws-mcp-server/commit/94d20ae1798a43ac7e3a28e71900d774e5159c8a",
"refsource": "MISC",
"name": "https://github.com/alexei-led/aws-mcp-server/commit/94d20ae1798a43ac7e3a28e71900d774e5159c8a"
},
{
"url": "https://github.com/alexei-led/aws-mcp-server/blob/94d20ae1798a43ac7e3a28e71900d774e5159c8a/src/aws_mcp_server/cli_executor.py#L92",
"refsource": "MISC",
"name": "https://github.com/alexei-led/aws-mcp-server/blob/94d20ae1798a43ac7e3a28e71900d774e5159c8a/src/aws_mcp_server/cli_executor.py#L92"
}
]
},
"credits": [
{
"lang": "en",
"value": "Raul Onitza-Klugman (Snyk Security Research)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"exploitCodeMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
}
]
}

18
2025/5xxx/CVE-2025-5305.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5305",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}