admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-02 21:00:34 +00:00
parent 615e53aeda
commit b7905af5b1
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
14 changed files with 754 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
2025/0xxx/CVE-2025-0782.json
View File

@ -1,17 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-0782",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@huntr.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the S3 bucket configuration for h2oai/h2o-3 allows public write access to the 'h2o-release' bucket. This issue affects all versions and could enable an attacker to overwrite any file in the bucket. As users download binary files such as JARs from this bucket, this vulnerability could lead to remote code execution (RCE) on any user who uses the application. Additionally, an attacker could modify the documentation to include malicious download links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "h2oai",
"product": {
"product_data": [
{
"product_name": "h2oai/h2o-3",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "Fixed by DevOps in aws config"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.com/bounties/4587cec7-8bc5-48ab-8614-105d41c99151",
"refsource": "MISC",
"name": "https://huntr.com/bounties/4587cec7-8bc5-48ab-8614-105d41c99151"
},
{
"url": "https://github.com/h2oai/h2o-3/commit/6740655b70cef40ec67d952bee2d23f7d33c7419",
"refsource": "MISC",
"name": "https://github.com/h2oai/h2o-3/commit/6740655b70cef40ec67d952bee2d23f7d33c7419"
}
]
},
"source": {
"advisory": "4587cec7-8bc5-48ab-8614-105d41c99151",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"baseScore": 10,
"baseSeverity": "CRITICAL"
}
]
}

18
2025/47xxx/CVE-2025-47225.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47225",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

72
2025/47xxx/CVE-2025-47226.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2025-47226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/grokability/snipe-it/pull/16672",
"refsource": "MISC",
"name": "https://github.com/grokability/snipe-it/pull/16672"
},
{
"url": "https://github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0",
"refsource": "MISC",
"name": "https://github.com/grokability/snipe-it/compare/v8.0.4...v8.1.0"
},
{
"url": "https://github.com/grokability/snipe-it/releases/tag/v8.1.0",
"refsource": "MISC",
"name": "https://github.com/grokability/snipe-it/releases/tag/v8.1.0"
}
]
}
}

114
2025/4xxx/CVE-2025-4215.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.63.3b17 is able to address this issue. The patch is identified as eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c. It is recommended to upgrade the affected component."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in gorhill uBlock Origin bis 1.63.3b16 ausgemacht. Betroffen hiervon ist die Funktion currentStateChanged der Datei src/js/1p-filters.js der Komponente UI. Durch Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.63.3b17 vermag dieses Problem zu l\u00f6sen. Der Patch wird als eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inefficient Regular Expression Complexity",
"cweId": "CWE-1333"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gorhill",
"product": {
"product_data": [
{
"product_name": "uBlock Origin",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.63.3b16"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.307194",
"refsource": "MISC",
"name": "https://vuldb.com/?id.307194"
},
{
"url": "https://vuldb.com/?ctiid.307194",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.307194"
},
{
"url": "https://vuldb.com/?submit.562301",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.562301"
},
{
"url": "https://github.com/gorhill/uBlock/commit/eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c",
"refsource": "MISC",
"name": "https://github.com/gorhill/uBlock/commit/eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c"
},
{
"url": "https://github.com/gorhill/uBlock/releases/tag/1.63.3b17",
"refsource": "MISC",
"name": "https://github.com/gorhill/uBlock/releases/tag/1.63.3b17"
}
]
},
"credits": [
{
"lang": "en",
"value": "DayShift (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.1,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.1,
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P"
}
]
}

318
2025/4xxx/CVE-2025-4218.json
View File

@ -1,17 +1,327 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4218",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gpt_selenium_agent.py. The manipulation of the argument instructions leads to code injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In handrew browserpilot bis 0.2.51 wurde eine kritische Schwachstelle ausgemacht. Es geht um die Funktion GPTSeleniumAgent der Datei browserpilot/browserpilot/agents/gpt_selenium_agent.py. Durch das Beeinflussen des Arguments instructions mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection",
"cweId": "CWE-94"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "handrew",
"product": {
"product_data": [
{
"product_name": "browserpilot",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.2.0"
},
{
"version_affected": "=",
"version_value": "0.2.1"
},
{
"version_affected": "=",
"version_value": "0.2.2"
},
{
"version_affected": "=",
"version_value": "0.2.3"
},
{
"version_affected": "=",
"version_value": "0.2.4"
},
{
"version_affected": "=",
"version_value": "0.2.5"
},
{
"version_affected": "=",
"version_value": "0.2.6"
},
{
"version_affected": "=",
"version_value": "0.2.7"
},
{
"version_affected": "=",
"version_value": "0.2.8"
},
{
"version_affected": "=",
"version_value": "0.2.9"
},
{
"version_affected": "=",
"version_value": "0.2.10"
},
{
"version_affected": "=",
"version_value": "0.2.11"
},
{
"version_affected": "=",
"version_value": "0.2.12"
},
{
"version_affected": "=",
"version_value": "0.2.13"
},
{
"version_affected": "=",
"version_value": "0.2.14"
},
{
"version_affected": "=",
"version_value": "0.2.15"
},
{
"version_affected": "=",
"version_value": "0.2.16"
},
{
"version_affected": "=",
"version_value": "0.2.17"
},
{
"version_affected": "=",
"version_value": "0.2.18"
},
{
"version_affected": "=",
"version_value": "0.2.19"
},
{
"version_affected": "=",
"version_value": "0.2.20"
},
{
"version_affected": "=",
"version_value": "0.2.21"
},
{
"version_affected": "=",
"version_value": "0.2.22"
},
{
"version_affected": "=",
"version_value": "0.2.23"
},
{
"version_affected": "=",
"version_value": "0.2.24"
},
{
"version_affected": "=",
"version_value": "0.2.25"
},
{
"version_affected": "=",
"version_value": "0.2.26"
},
{
"version_affected": "=",
"version_value": "0.2.27"
},
{
"version_affected": "=",
"version_value": "0.2.28"
},
{
"version_affected": "=",
"version_value": "0.2.29"
},
{
"version_affected": "=",
"version_value": "0.2.30"
},
{
"version_affected": "=",
"version_value": "0.2.31"
},
{
"version_affected": "=",
"version_value": "0.2.32"
},
{
"version_affected": "=",
"version_value": "0.2.33"
},
{
"version_affected": "=",
"version_value": "0.2.34"
},
{
"version_affected": "=",
"version_value": "0.2.35"
},
{
"version_affected": "=",
"version_value": "0.2.36"
},
{
"version_affected": "=",
"version_value": "0.2.37"
},
{
"version_affected": "=",
"version_value": "0.2.38"
},
{
"version_affected": "=",
"version_value": "0.2.39"
},
{
"version_affected": "=",
"version_value": "0.2.40"
},
{
"version_affected": "=",
"version_value": "0.2.41"
},
{
"version_affected": "=",
"version_value": "0.2.42"
},
{
"version_affected": "=",
"version_value": "0.2.43"
},
{
"version_affected": "=",
"version_value": "0.2.44"
},
{
"version_affected": "=",
"version_value": "0.2.45"
},
{
"version_affected": "=",
"version_value": "0.2.46"
},
{
"version_affected": "=",
"version_value": "0.2.47"
},
{
"version_affected": "=",
"version_value": "0.2.48"
},
{
"version_affected": "=",
"version_value": "0.2.49"
},
{
"version_affected": "=",
"version_value": "0.2.50"
},
{
"version_affected": "=",
"version_value": "0.2.51"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.307195",
"refsource": "MISC",
"name": "https://vuldb.com/?id.307195"
},
{
"url": "https://vuldb.com/?ctiid.307195",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.307195"
},
{
"url": "https://vuldb.com/?submit.562383",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.562383"
},
{
"url": "https://github.com/handrew/browserpilot/issues/20",
"refsource": "MISC",
"name": "https://github.com/handrew/browserpilot/issues/20"
},
{
"url": "https://github.com/handrew/browserpilot/issues/20#issue-2999815850",
"refsource": "MISC",
"name": "https://github.com/handrew/browserpilot/issues/20#issue-2999815850"
}
]
},
"credits": [
{
"lang": "en",
"value": "ybdesire (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2025/4xxx/CVE-2025-4236.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4236",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4237.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4237",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4238.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4238",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4239.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4239",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4240.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4240",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4241.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4241",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4242.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4242",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4243.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4243",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/4xxx/CVE-2025-4244.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4244",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}