admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-02 11:42:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-19 14:00:33 +00:00
parent 795552daf9
commit e0d1c0d92d
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
11 changed files with 335 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
2023/6xxx/CVE-2023-6142.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.\n"
"value": "Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim."
}
]
},
@ -77,15 +77,15 @@
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]

8
2024/4xxx/CVE-2024-4878.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4878",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@openvpn.net",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** Unused CVE record, incorrectly reserved"
}
]
}

6
2024/8xxx/CVE-2024-8372.json
View File

@ -72,6 +72,12 @@
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "George Kalpakas"
}
],
"impact": {
"cvss": [
{

6
2024/8xxx/CVE-2024-8373.json
View File

@ -72,6 +72,12 @@
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "George Kalpakas"
}
],
"impact": {
"cvss": [
{

6
2025/0xxx/CVE-2025-0716.json
View File

@ -72,6 +72,12 @@
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "George Kalpakas"
}
],
"impact": {
"cvss": [
{

2
2025/26xxx/CVE-2025-26785.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes."
"value": "An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes."
}
]
},

71
2025/44xxx/CVE-2025-44108.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-44108",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-44108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A stored Cross-Site Scripting (XSS) vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/flatpressblog/flatpress/releases/tag/1.3.1",
"refsource": "MISC",
"name": "https://github.com/flatpressblog/flatpress/releases/tag/1.3.1"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/flatpressblog/flatpress/releases/tag/1.4.rc2",
"url": "https://github.com/flatpressblog/flatpress/releases/tag/1.4.rc2"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/flatpressblog/flatpress/commit/24a6feacf1747ec19725b52c097715c8ab9c4559",
"url": "https://github.com/flatpressblog/flatpress/commit/24a6feacf1747ec19725b52c097715c8ab9c4559"
},
{
"refsource": "MISC",
"name": "https://harish0x.github.io/blog/CVE-2025-44108",
"url": "https://harish0x.github.io/blog/CVE-2025-44108"
}
]
}

7
2025/48xxx/CVE-2025-48219.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "O2 UK through 2025-05-17 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Identity) leak. The Cell ID might be usable to identify a cell location via crowdsourced data, and might correspond to a small physical area (e.g., if the called party is in a city centre). Removal of the Cellular-Network-Info header is mentioned in section 4.4.19 of ETSI TS 124 229."
"value": "O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Identity) leak. The Cell ID might be usable to identify a cell location via crowdsourced data, and might correspond to a small physical area (e.g., if the called party is in a city centre). Removal of the Cellular-Network-Info header is mentioned in section 4.4.19 of ETSI TS 124 229."
}
]
},
@ -66,6 +66,11 @@
"url": "https://www.etsi.org/deliver/etsi_ts/124200_124299/124229/15.10.00_60/ts_124229v151000p.pdf",
"refsource": "MISC",
"name": "https://www.etsi.org/deliver/etsi_ts/124200_124299/124229/15.10.00_60/ts_124229v151000p.pdf"
},
{
"refsource": "MISC",
"name": "https://www.ispreview.co.uk/index.php/2025/05/o2-uk-fixes-volte-flaw-that-exposed-user-mobile-location-data.html",
"url": "https://www.ispreview.co.uk/index.php/2025/05/o2-uk-fixes-volte-flaw-that-exposed-user-mobile-location-data.html"
}
]
}

18
2025/48xxx/CVE-2025-48230.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-48230",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

109
2025/4xxx/CVE-2025-4933.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4933",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in ponaravindb Hospital-Management-System 1.0. This affects an unknown part of the file /doctor-panel.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in ponaravindb Hospital-Management-System 1.0 gefunden. Es betrifft eine unbekannte Funktion der Datei /doctor-panel.php. Durch Beeinflussen des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ponaravindb",
"product": {
"product_data": [
{
"product_name": "Hospital-Management-System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.309495",
"refsource": "MISC",
"name": "https://vuldb.com/?id.309495"
},
{
"url": "https://vuldb.com/?ctiid.309495",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.309495"
},
{
"url": "https://vuldb.com/?submit.579678",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.579678"
},
{
"url": "https://github.com/zylv0002/SQLi-ponaravindb-HMS",
"refsource": "MISC",
"name": "https://github.com/zylv0002/SQLi-ponaravindb-HMS"
}
]
},
"credits": [
{
"lang": "en",
"value": "320E (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

114
2025/4xxx/CVE-2025-4934.json
View File

@ -1,17 +1,123 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4934",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. This vulnerability affects unknown code of the file /edit-profile.php. The manipulation of the argument Contact leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In PHPGurukul User Registration & Login and User Management System 3.3 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /edit-profile.php. Dank der Manipulation des Arguments Contact mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PHPGurukul",
"product": {
"product_data": [
{
"product_name": "User Registration & Login and User Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.309496",
"refsource": "MISC",
"name": "https://vuldb.com/?id.309496"
},
{
"url": "https://vuldb.com/?ctiid.309496",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.309496"
},
{
"url": "https://vuldb.com/?submit.579759",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.579759"
},
{
"url": "https://github.com/LitBot123/mycve/issues/1",
"refsource": "MISC",
"name": "https://github.com/LitBot123/mycve/issues/1"
},
{
"url": "https://phpgurukul.com/",
"refsource": "MISC",
"name": "https://phpgurukul.com/"
}
]
},
"credits": [
{
"lang": "en",
"value": "LitBot (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}