admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-01-13 21:00:58 +00:00
parent 1fd97611e8
commit b7bbc0654c
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
15 changed files with 611 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2024/13xxx/CVE-2024-13154.json
View File

@ -1,17 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-13154", "ID": "CVE-2024-13154",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@wordfence.com",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: 2024-13362. Reason: This candidate is a reservation duplicate of 2024-13362. Notes: All CVE users should reference 2024-13362 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }

8
2024/13xxx/CVE-2024-13324.json
View File

@ -1,17 +1,17 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2024-13324", "ID": "CVE-2024-13324",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@wordfence.com",
"STATE": "RESERVED" "STATE": "REJECT"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: 2024-13362. Reason: This candidate is a reservation duplicate of 2024-13362. Notes: All CVE users should reference 2024-13362 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }

18
2024/13xxx/CVE-2024-13372.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13372",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/13xxx/CVE-2024-13373.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/13xxx/CVE-2024-13374.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-13374",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

81
2025/22xxx/CVE-2025-22134.json
View File

@ -1,17 +1,90 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-22134", "ID": "CVE-2025-22134",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vim",
"product": {
"product_data": [
{
"product_name": "vim",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< v9.1.1003"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8",
"refsource": "MISC",
"name": "https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8"
},
{
"url": "https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead",
"refsource": "MISC",
"name": "https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead"
}
]
},
"source": {
"advisory": "GHSA-5rgf-26wj-48v8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
} }
] ]
} }

58
2025/22xxx/CVE-2025-22138.json
View File

@ -1,18 +1,68 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-22138", "ID": "CVE-2025-22138",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "@codidact/qpixel is a Q&A-based community knowledge-sharing software. In affected versions when a category is set to private or limited-visibility within QPixel's admin tools, suggested edits within this category can still be viewed by unprivileged or anonymous users via the suggested edit queue. This issue has not yet been patched and no workarounds are available. Users are advised to follow the development repo for updates.\n\n### Patches\nNot yet patched.\n\n### Workarounds\nNone available. Private or limited-visibility categories should not be considered ways to store sensitive information.\n\n### References\nInternal: [SUPPORT-114](https://codidact.atlassian.net/issues/SUPPORT-114)"
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "codidact",
"product": {
"product_data": [
{
"product_name": "qpixel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 0.9.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/codidact/qpixel/security/advisories/GHSA-pv74-hcg9-65r4",
"refsource": "MISC",
"name": "https://github.com/codidact/qpixel/security/advisories/GHSA-pv74-hcg9-65r4"
}
]
},
"source": {
"advisory": "GHSA-pv74-hcg9-65r4",
"discovery": "UNKNOWN"
} }
} }

63
2025/22xxx/CVE-2025-22613.json
View File

@ -1,18 +1,73 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-22613", "ID": "CVE-2025-22613",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `informacao_adicional.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `informacao_adicional.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-fhpx-54ch-ccxh",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-fhpx-54ch-ccxh"
},
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/d47412372d94dc3ca26e6416b8315895c61224fa",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/d47412372d94dc3ca26e6416b8315895c61224fa"
}
]
},
"source": {
"advisory": "GHSA-fhpx-54ch-ccxh",
"discovery": "UNKNOWN"
} }
} }

63
2025/22xxx/CVE-2025-22614.json
View File

@ -1,18 +1,73 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-22614", "ID": "CVE-2025-22614",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_editarInfoPessoal.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `nome` and `SobrenomeForm`parameters. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `dependente_editarInfoPessoal.php` parameters. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wr55-2952-79rh",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wr55-2952-79rh"
},
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/8eb446f132ceba002559da2fd8745386096d494e",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/8eb446f132ceba002559da2fd8745386096d494e"
}
]
},
"source": {
"advisory": "GHSA-wr55-2952-79rh",
"discovery": "UNKNOWN"
} }
} }

63
2025/22xxx/CVE-2025-22615.json
View File

@ -1,18 +1,73 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-22615", "ID": "CVE-2025-22615",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `Cadastro_Atendido.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `cpf` parameter. The application fails to validate and sanitize user inputs in the `cpf` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6q73-74pc-p3c8",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-6q73-74pc-p3c8"
},
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/61ae1c3bec3c76e039f5ef48bc46cea30562192e",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/61ae1c3bec3c76e039f5ef48bc46cea30562192e"
}
]
},
"source": {
"advisory": "GHSA-6q73-74pc-p3c8",
"discovery": "UNKNOWN"
} }
} }

63
2025/22xxx/CVE-2025-22616.json
View File

@ -1,18 +1,73 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-22616", "ID": "CVE-2025-22616",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_parentesco_adicionar.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `dependente_parentesco_adicionar.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xm3h-x3rv-whr5",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-xm3h-x3rv-whr5"
},
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/1825e235aa4ab1b8b641a02c3ec8bc32ea7a8433",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/1825e235aa4ab1b8b641a02c3ec8bc32ea7a8433"
}
]
},
"source": {
"advisory": "GHSA-xm3h-x3rv-whr5",
"discovery": "UNKNOWN"
} }
} }

63
2025/22xxx/CVE-2025-22617.json
View File

@ -1,18 +1,73 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-22617", "ID": "CVE-2025-22617",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_socio.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `socio` parameter. The application fails to validate and sanitize user inputs in the `socio` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in version 3.2.7 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-8cp5-vr69-h8xx",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-8cp5-vr69-h8xx"
},
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/35d374736cec39082ed297bb3cd55fa6286050ad",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/35d374736cec39082ed297bb3cd55fa6286050ad"
}
]
},
"source": {
"advisory": "GHSA-8cp5-vr69-h8xx",
"discovery": "UNKNOWN"
} }
} }

63
2025/22xxx/CVE-2025-22618.json
View File

@ -1,18 +1,73 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-22618", "ID": "CVE-2025-22618",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cargo.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_cargo.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in release version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-2775-42rh-535q",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-2775-42rh-535q"
},
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/f3b1cd90e33b790b6b2049c69d22c6d50fe965a1",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/f3b1cd90e33b790b6b2049c69d22c6d50fe965a1"
}
]
},
"source": {
"advisory": "GHSA-2775-42rh-535q",
"discovery": "UNKNOWN"
} }
} }

63
2025/22xxx/CVE-2025-22619.json
View File

@ -1,18 +1,73 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-22619", "ID": "CVE-2025-22619",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security-advisories@github.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_permissoes.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_c` parameter. The application fails to validate and sanitize user inputs in the `msg_c` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in release version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LabRedesCefetRJ",
"product": {
"product_data": [
{
"product_name": "WeGIA",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 3.2.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jfjj-7rgc-6j2m",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-jfjj-7rgc-6j2m"
},
{
"url": "https://github.com/LabRedesCefetRJ/WeGIA/commit/f1233c30f00398f7a02fd9dd9cd46fb35098f2a4",
"refsource": "MISC",
"name": "https://github.com/LabRedesCefetRJ/WeGIA/commit/f1233c30f00398f7a02fd9dd9cd46fb35098f2a4"
}
]
},
"source": {
"advisory": "GHSA-jfjj-7rgc-6j2m",
"discovery": "UNKNOWN"
} }
} }

5
2025/23xxx/CVE-2025-23022.json
View File

@ -56,6 +56,11 @@
"url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1312", "url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1312",
"refsource": "MISC", "refsource": "MISC",
"name": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1312" "name": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1312"
},
{
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2025-23022",
"url": "https://security-tracker.debian.org/tracker/CVE-2025-23022"
} }
] ]
} }