admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-28 12:00:35 +00:00
parent 668dbce9b0
commit b9670d9928
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
7 changed files with 432 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2025/3xxx/CVE-2025-3864.json
View File

@ -1,18 +1,82 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-3864", "ID": "CVE-2025-3864",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cvd@cert.pl",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library.\nFix for this issue has been included in\u00a01.24.0 release."
} }
] ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime",
"cweId": "CWE-772"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "hackney",
"product": {
"product_data": [
{
"product_name": "hackney",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.24.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/benoitc/hackney/issues/717",
"refsource": "MISC",
"name": "https://github.com/benoitc/hackney/issues/717"
},
{
"url": "https://cert.pl/en/posts/2025/05/CVE-2025-3864/",
"refsource": "MISC",
"name": "https://cert.pl/en/posts/2025/05/CVE-2025-3864/"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Micha\u0142 Majchrowicz, Marcin Wyczechowski, and Pawe\u0142 Zdunek \u2014 members of the AFINE Team"
}
]
} }

4
2025/4xxx/CVE-2025-4009.json
View File

@ -11,7 +11,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "The Evertz SVDN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a\u00a0web management interface on port 80. This web management interface can be used by administrators to control product\nfeatures, setup network switching, and register license among other features. The application has been developed in PHP with\u00a0the webEASY SDK, also named \u2018ewb\u2019 by Evertz.\n\nThis web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass.\n\nRemote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.\n\nThis level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others." "value": "The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a\u00a0web management interface on port 80. This web management interface can be used by administrators to control product\nfeatures, setup network switching, and register license among other features. The application has been developed in PHP with\u00a0the webEASY SDK, also named \u2018ewb\u2019 by Evertz.\n\nThis web interface has two endpoints that are vulnerable to arbitrary command injection and the authentication mechanism has a flaw leading to authentication bypass.\n\nRemote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.\n\nThis level of access could lead to serious business impact such as the interruption of media streaming, modification of media being streamed, alteration of closed captions being generated, among others."
} }
] ]
}, },
@ -45,7 +45,7 @@
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "SVDN 3080ipx-10G", "product_name": "3080ipx-10G",
"version": { "version": {
"version_data": [ "version_data": [
{ {

109
2025/5xxx/CVE-2025-5295.json
View File

@ -1,17 +1,118 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-5295", "ID": "CVE-2025-5295",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability classified as critical was found in FreeFloat FTP Server 1.0.0. This vulnerability affects unknown code of the component PORT Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In FreeFloat FTP Server 1.0.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Komponente PORT Command Handler. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow",
"cweId": "CWE-120"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeFloat",
"product": {
"product_data": [
{
"product_name": "FTP Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.310420",
"refsource": "MISC",
"name": "https://vuldb.com/?id.310420"
},
{
"url": "https://vuldb.com/?ctiid.310420",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.310420"
},
{
"url": "https://vuldb.com/?submit.582988",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.582988"
},
{
"url": "https://fitoxs.com/exploit/exploit-4f6236b59b5119d64718e994b0f3d63a755e7cb5a496e3846b92dfb960f1a80a.txt",
"refsource": "MISC",
"name": "https://fitoxs.com/exploit/exploit-4f6236b59b5119d64718e994b0f3d63a755e7cb5a496e3846b92dfb960f1a80a.txt"
}
]
},
"credits": [
{
"lang": "en",
"value": "Fernando Mengali (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
} }
] ]
} }

114
2025/5xxx/CVE-2025-5297.json
View File

@ -1,17 +1,123 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-5297", "ID": "CVE-2025-5297",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in SourceCodester Computer Store System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion Add der Datei main.c. Dank Manipulation des Arguments laptopcompany/RAM/Processor mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow",
"cweId": "CWE-121"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Computer Store System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.310421",
"refsource": "MISC",
"name": "https://vuldb.com/?id.310421"
},
{
"url": "https://vuldb.com/?ctiid.310421",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.310421"
},
{
"url": "https://vuldb.com/?submit.585114",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.585114"
},
{
"url": "https://github.com/byxs0x0/cve/issues/6",
"refsource": "MISC",
"name": "https://github.com/byxs0x0/cve/issues/6"
},
{
"url": "https://www.sourcecodester.com/",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "wanglun (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P"
} }
] ]
} }

114
2025/5xxx/CVE-2025-5298.json
View File

@ -1,17 +1,123 @@
{ {
"data_version": "4.0",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE", "data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2025-5298", "ID": "CVE-2025-5298",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cna@vuldb.com",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/betweendates-detailsreports.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in Campcodes Online Hospital Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/betweendates-detailsreports.php. Mit der Manipulation des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Campcodes",
"product": {
"product_data": [
{
"product_name": "Online Hospital Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.310422",
"refsource": "MISC",
"name": "https://vuldb.com/?id.310422"
},
{
"url": "https://vuldb.com/?ctiid.310422",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.310422"
},
{
"url": "https://vuldb.com/?submit.585161",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.585161"
},
{
"url": "https://github.com/RS7325/cve/issues/2",
"refsource": "MISC",
"name": "https://github.com/RS7325/cve/issues/2"
},
{
"url": "https://www.campcodes.com/",
"refsource": "MISC",
"name": "https://www.campcodes.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "RayZ7z (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
} }
] ]
} }

18
2025/5xxx/CVE-2025-5303.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5303",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2025/5xxx/CVE-2025-5304.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-5304",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}