admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-02-28 13:00:36 +00:00
parent b51df780c5
commit b08667db6b
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 574 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
2025/1xxx/CVE-2025-1300.json
View File

@ -1,17 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1300",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@ericsson.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \n\nThe CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassing the protections against CVE-2021-28861, leading to the same open redirect pathway.\n\nThis issue affects CodeChecker: through 6.24.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
"cweId": "CWE-601"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ericsson",
"product": {
"product_data": [
{
"product_name": "CodeChecker",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "6.24.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-g839-x3p3-g5fm",
"refsource": "MISC",
"name": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-g839-x3p3-g5fm"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "GHSA-g839-x3p3-g5fm",
"discovery": "INTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]
}

81
2025/1xxx/CVE-2025-1319.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-1319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Site Mailer \u2013 SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "elemntor",
"product": {
"product_data": [
{
"product_name": "Site Mailer \u2013 SMTP Replacement, Email API Deliverability & Email Log",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.2.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9fe3574-f338-474c-af78-f843501d422c?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9fe3574-f338-474c-af78-f843501d422c?source=cve"
},
{
"url": "https://wordpress.org/plugins/site-mailer/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/site-mailer/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3247059/",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset/3247059/"
}
]
},
"credits": [
{
"lang": "en",
"value": "D.Sim"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

82
2025/22xxx/CVE-2025-22270.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker with access to the Administration panel, specifically the \"Role Management\"\ntab, can\ninject code by adding a new role in the \"name\" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the\nrequired additional error that allows bypassing the Content-Security-Policy policy, which\nmitigates JS code execution while still allowing HTML injection.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CyberArk",
"product": {
"product_data": [
{
"product_name": "Endpoint Privilege Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "24.7.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/",
"refsource": "MISC",
"name": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm",
"refsource": "MISC",
"name": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"value": "Maksymilian Kubiak (Afine Team)"
}
]
}

82
2025/22xxx/CVE-2025-22271.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22271",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The application or its infrastructure allows for IP address spoofing by providing its own value in the \"X-Forwarded-For\" header. Thus, the action logging mechanism in the application loses\u00a0accountability\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CyberArk",
"product": {
"product_data": [
{
"product_name": "Endpoint Privilege Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "24.7.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/",
"refsource": "MISC",
"name": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm",
"refsource": "MISC",
"name": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"value": "Maksymilian Kubiak (Afine Team)"
}
]
}

82
2025/22xxx/CVE-2025-22272.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22272",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In the \"/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg\" endpoint, it is possible to inject code in the \"modalDlgMsgInternal\" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CyberArk",
"product": {
"product_data": [
{
"product_name": "Endpoint Privilege Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "24.7.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/",
"refsource": "MISC",
"name": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm",
"refsource": "MISC",
"name": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"value": "Maksymilian Kubiak (Afine Team)"
}
]
}

82
2025/22xxx/CVE-2025-22273.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the \"/EPMUI/VfManager.asmx/ChangePassword\" endpoint it is possible to perform a brute force attack on the current password in use.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770 Allocation of Resources Without Limits or Throttling",
"cweId": "CWE-770"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CyberArk",
"product": {
"product_data": [
{
"product_name": "Endpoint Privilege Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "24.7.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/",
"refsource": "MISC",
"name": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm",
"refsource": "MISC",
"name": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"value": "Maksymilian Kubiak (Afine Team)"
}
]
}

82
2025/22xxx/CVE-2025-22274.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cvd@cert.pl",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "It is possible to inject HTML code into the page content using the \"content\" field in the \"Application definition\" page.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"cweId": "CWE-80"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CyberArk",
"product": {
"product_data": [
{
"product_name": "Endpoint Privilege Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "24.7.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/"
},
{
"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/",
"refsource": "MISC",
"name": "https://cert.pl/posts/2025/02/CVE-2025-22270/"
},
{
"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm",
"refsource": "MISC",
"name": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Karol Mazurek (Afine Team)"
},
{
"lang": "en",
"value": "Maksymilian Kubiak (Afine Team)"
}
]
}

18
2025/27xxx/CVE-2025-27532.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27532",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/27xxx/CVE-2025-27533.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-27533",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}