diff --git a/2024/13xxx/CVE-2024-13120.json b/2024/13xxx/CVE-2024-13120.json index 598573411c2..7194e274526 100644 --- a/2024/13xxx/CVE-2024-13120.json +++ b/2024/13xxx/CVE-2024-13120.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.15.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/5b70798c-c30d-42e6-ac72-821c5568b9b5/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/5b70798c-c30d-42e6-ac72-821c5568b9b5/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13121.json b/2024/13xxx/CVE-2024-13121.json index 9476a3c49a0..11f81936abf 100644 --- a/2024/13xxx/CVE-2024-13121.json +++ b/2024/13xxx/CVE-2024-13121.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.15.20" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/59ee8fe5-4820-4d52-b17a-7044631c40c1/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/59ee8fe5-4820-4d52-b17a-7044631c40c1/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13125.json b/2024/13xxx/CVE-2024-13125.json index 5faa4019870..085a4d065f8 100644 --- a/2024/13xxx/CVE-2024-13125.json +++ b/2024/13xxx/CVE-2024-13125.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13125", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Everest Forms WordPress plugin before 3.0.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Everest Forms", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.0.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/f60a8358-1765-4cae-9c89-0d75c5e394ec/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/f60a8358-1765-4cae-9c89-0d75c5e394ec/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13345.json b/2024/13xxx/CVE-2024-13345.json index b5df88d58dd..ceab6deb5c8 100644 --- a/2024/13xxx/CVE-2024-13345.json +++ b/2024/13xxx/CVE-2024-13345.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13345", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "themefusion", + "product": { + "product_data": [ + { + "product_name": "Avada (Fusion) Builder", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.11.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94f6aab3-49a7-4837-a424-e40e483f3f68?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94f6aab3-49a7-4837-a424-e40e483f3f68?source=cve" + }, + { + "url": "https://avada.com/documentation/avada-changelog/", + "refsource": "MISC", + "name": "https://avada.com/documentation/avada-changelog/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Michael Mazzolini" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] } diff --git a/2024/13xxx/CVE-2024-13346.json b/2024/13xxx/CVE-2024-13346.json index 71be59142ee..10dbfe2378e 100644 --- a/2024/13xxx/CVE-2024-13346.json +++ b/2024/13xxx/CVE-2024-13346.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13346", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ThemeFusion", + "product": { + "product_data": [ + { + "product_name": "Avada | Website Builder For WordPress & WooCommerce", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "7.11.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f2f390b-332b-452c-9fe7-ccd1a45390dd?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f2f390b-332b-452c-9fe7-ccd1a45390dd?source=cve" + }, + { + "url": "https://avada.com/documentation/avada-changelog/", + "refsource": "MISC", + "name": "https://avada.com/documentation/avada-changelog/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Michael Mazzolini" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH" } ] } diff --git a/2024/47xxx/CVE-2024-47264.json b/2024/47xxx/CVE-2024-47264.json index 040b2e2b2e9..b5742873c62 100644 --- a/2024/47xxx/CVE-2024-47264.json +++ b/2024/47xxx/CVE-2024-47264.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47264", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@synology.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Synology", + "product": { + "product_data": [ + { + "product_name": "Active Backup for Business", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "*", + "status": "affected", + "lessThan": "2.7.1-3234", + "versionType": "semver" + }, + { + "version": "*", + "status": "affected", + "lessThan": "2.7.1-13234", + "versionType": "semver" + }, + { + "version": "*", + "status": "affected", + "lessThan": "2.7.1-23234", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_25_02", + "refsource": "MISC", + "name": "https://www.synology.com/en-global/security/advisory/Synology_SA_25_02" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Zhao Runzi (\u8d75\u6da6\u6893)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47265.json b/2024/47xxx/CVE-2024-47265.json index cf3d844ea46..832513108e1 100644 --- a/2024/47xxx/CVE-2024-47265.json +++ b/2024/47xxx/CVE-2024-47265.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47265", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@synology.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Synology", + "product": { + "product_data": [ + { + "product_name": "Active Backup for Business", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "*", + "status": "affected", + "lessThan": "2.7.1-13234", + "versionType": "semver" + }, + { + "version": "*", + "status": "affected", + "lessThan": "2.7.1-23234", + "versionType": "semver" + }, + { + "version": "*", + "status": "affected", + "lessThan": "2.7.1-3234", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_25_02", + "refsource": "MISC", + "name": "https://www.synology.com/en-global/security/advisory/Synology_SA_25_02" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Zhao Runzi (\u8d75\u6da6\u6893)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "version": "3.1" } ] } diff --git a/2024/47xxx/CVE-2024-47266.json b/2024/47xxx/CVE-2024-47266.json index eb2f54e887b..68c665295ff 100644 --- a/2024/47xxx/CVE-2024-47266.json +++ b/2024/47xxx/CVE-2024-47266.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-47266", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@synology.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Synology", + "product": { + "product_data": [ + { + "product_name": "Active Backup for Business", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "version": "*", + "status": "affected", + "lessThan": "2.7.1-13234", + "versionType": "semver" + }, + { + "version": "*", + "status": "affected", + "lessThan": "2.7.1-23234", + "versionType": "semver" + }, + { + "version": "*", + "status": "affected", + "lessThan": "2.7.1-3234", + "versionType": "semver" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_25_02", + "refsource": "MISC", + "name": "https://www.synology.com/en-global/security/advisory/Synology_SA_25_02" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Zhao Runzi (\u8d75\u6da6\u6893)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 2.7, + "baseSeverity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0327.json b/2025/0xxx/CVE-2025-0327.json index 981f3140e11..cbf8ed8e70c 100644 --- a/2025/0xxx/CVE-2025-0327.json +++ b/2025/0xxx/CVE-2025-0327.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0327", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit\ntrail data and the other acting as server managing client request) that could cause a loss of Confidentiality,\nIntegrity and Availability of engineering workstation when an attacker with standard privilege modifies the\nexecutable path of the windows services. To be exploited, services need to be restarted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management", + "cweId": "CWE-269" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schneider Electric", + "product": { + "product_data": [ + { + "product_name": "EcoStruxure Process Expert", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Versions 2020R2" + }, + { + "version_affected": "=", + "version_value": "Versions 2021 & 2023 (prior to v4.8.0.5715)" + } + ] + } + }, + { + "product_name": "EcoStruxure Process Expert for AVEVA System Platform", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Versions 2020R2" + }, + { + "version_affected": "=", + "version_value": "Versions 2021 & 2023" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-03.pdf", + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-03.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0692.json b/2025/0xxx/CVE-2025-0692.json index c23a09c3d8d..88d97878440 100644 --- a/2025/0xxx/CVE-2025-0692.json +++ b/2025/0xxx/CVE-2025-0692.json @@ -1,18 +1,89 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Simple Video Management System", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "affected", + "versionType": "semver", + "version": "0", + "lessThanOrEqual": "1.0.4" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/176f329b-a861-4ab0-ad1d-02f750f9b691/", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/176f329b-a861-4ab0-ad1d-02f750f9b691/" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Bob Matyas" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2025/0xxx/CVE-2025-0814.json b/2025/0xxx/CVE-2025-0814.json index 56d4e805fb1..29c8cad281d 100644 --- a/2025/0xxx/CVE-2025-0814.json +++ b/2025/0xxx/CVE-2025-0814.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0814", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network\nservices running on the product when malicious IEC61850-MMS packets are sent to the device. The core\nfunctionality of the breaker remains intact during the attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schneider Electric", + "product": { + "product_data": [ + { + "product_name": "Enerlin\u2019X IFE interface (LV434001)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Enerlin\u2019X eIFE (LV851001)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-04.pdf", + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-04.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0815.json b/2025/0xxx/CVE-2025-0815.json index 385a5040ac4..3c6a02e24a8 100644 --- a/2025/0xxx/CVE-2025-0815.json +++ b/2025/0xxx/CVE-2025-0815.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0815", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the\nproduct when malicious ICMPV6 packets are sent to the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schneider Electric", + "product": { + "product_data": [ + { + "product_name": "Enerlin\u2019X IFE interface (LV434001)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Enerlin\u2019X eIFE (LV851001)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-04.pdf", + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-04.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/0xxx/CVE-2025-0816.json b/2025/0xxx/CVE-2025-0816.json index bb4c95ba469..4d8f1006e00 100644 --- a/2025/0xxx/CVE-2025-0816.json +++ b/2025/0xxx/CVE-2025-0816.json @@ -1,17 +1,98 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-0816", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the\nproduct when malicious IPV6 packets are sent to the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Schneider Electric", + "product": { + "product_data": [ + { + "product_name": "Enerlin\u2019X IFE interface (LV434001)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Enerlin\u2019X eIFE (LV851001)", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-04.pdf", + "refsource": "MISC", + "name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-042-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-042-04.pdf" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2025/1xxx/CVE-2025-1268.json b/2025/1xxx/CVE-2025-1268.json new file mode 100644 index 00000000000..ce9edddbf41 --- /dev/null +++ b/2025/1xxx/CVE-2025-1268.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-1268", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file