diff --git a/2022/44xxx/CVE-2022-44759.json b/2022/44xxx/CVE-2022-44759.json
index 70f4ebe9d24..5e9101a36fe 100644
--- a/2022/44xxx/CVE-2022-44759.json
+++ b/2022/44xxx/CVE-2022-44759.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-44759",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@hcl.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Improper sanitization of SVG files in HCL Leap\nallows client-side script injection in deployed applications."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "HCL Software",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "HCL Leap",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.0 - 9.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900",
+ "refsource": "MISC",
+ "name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2022/44xxx/CVE-2022-44760.json b/2022/44xxx/CVE-2022-44760.json
index 306725050b8..1da40d6ee1b 100644
--- a/2022/44xxx/CVE-2022-44760.json
+++ b/2022/44xxx/CVE-2022-44760.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-44760",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@hcl.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Unsafe default file type filter policy in HCL\nLeap allows execution of unsafe JavaScript in deployed applications."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
+ "cweId": "CWE-434"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "HCL Software",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "HCL Leap",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "9.0 - 9.3"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900",
+ "refsource": "MISC",
+ "name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2023/37xxx/CVE-2023-37516.json b/2023/37xxx/CVE-2023-37516.json
index 7c23831db15..c95fdd2c39f 100644
--- a/2023/37xxx/CVE-2023-37516.json
+++ b/2023/37xxx/CVE-2023-37516.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-37516",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@hcl.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Missing \"no cache\" headers in HCL Leap permits user directory information to be cached."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-524 Use of Cache Containing Sensitive Information",
+ "cweId": "CWE-524"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "HCL Software",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "HCL Leap",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 9.3.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900",
+ "refsource": "MISC",
+ "name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.2,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/30xxx/CVE-2024-30127.json b/2024/30xxx/CVE-2024-30127.json
index 43df656fb9f..b9c1c93d666 100644
--- a/2024/30xxx/CVE-2024-30127.json
+++ b/2024/30xxx/CVE-2024-30127.json
@@ -1,17 +1,87 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-30127",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "psirt@hcl.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "Missing \"no cache\" headers in HCL Leap permits sensitive data to be cached."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-524 Use of Cache Containing Sensitive Information",
+ "cweId": "CWE-524"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "HCL Software",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "HCL Leap",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 9.3.9"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900",
+ "refsource": "MISC",
+ "name": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0119900"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.2,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2024/32xxx/CVE-2024-32752.json b/2024/32xxx/CVE-2024-32752.json
index 24fa6d84669..2f0832a8531 100644
--- a/2024/32xxx/CVE-2024-32752.json
+++ b/2024/32xxx/CVE-2024-32752.json
@@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
- "value": "Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration."
+ "value": "The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated\ncommunications with ICU, which may allow an attacker to gain unauthorized access"
}
]
},
@@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
- "value": "CWE-306 Missing Authentication for Critical Function",
+ "value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
@@ -36,13 +36,64 @@
"product": {
"product_data": [
{
- "product_name": "Software House iSTAR Pro, ICU",
+ "product_name": "iSTAR Configuration Utility (ICU)",
"version": {
"version_data": [
{
- "version_affected": "<=",
- "version_name": "0",
- "version_value": "ALL"
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "All",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "iSTAR Pro, Edge and eX",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThanOrEqual": "All",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "product_name": "iSTAR Ultra and Ultra LT",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "not down converted",
+ "x_cve_json_5_version_data": {
+ "versions": [
+ {
+ "lessThan": "6.6.B",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
}
]
}
@@ -56,9 +107,9 @@
"references": {
"reference_data": [
{
- "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf",
+ "url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories",
"refsource": "MISC",
- "name": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-06.pdf"
+ "name": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-04",
@@ -71,7 +122,7 @@
"engine": "Vulnogram 0.2.0"
},
"source": {
- "discovery": "EXTERNAL"
+ "discovery": "UNKNOWN"
},
"solution": [
{
@@ -80,16 +131,16 @@
{
"base64": false,
"type": "text/html",
- "value": "\n\nThe iSTAR Pro controller has reached its end-of-support period and no further firmware updates will be provided. However, the iSTAR Pro has a physical dip switch located on its GCM board, labeled S4, that can be configured to block out communications to the ICU tool. Please consult the iSTAR Pro Installation and Configuration Guide for more details on how to set the dip switch to mitigate this vulnerability. \n\n
"
+ "value": "\u2022 Replace the iSTAR Pro, Edge and eX door controllers with a current generation iSTAR door controller (such\nas iSTAR Ultra G2) which supports authentication and prevents the ICU from making configuration\nchanges.\n
\u2022 Ensure your iSTAR Ultra and Ultra LT door controllers are running firmware 6.6.B or greater. \n\n
"
}
],
- "value": "The iSTAR Pro controller has reached its end-of-support period and no further firmware updates will be provided. However, the iSTAR Pro has a physical dip switch located on its GCM board, labeled S4, that can be configured to block out communications to the ICU tool. Please consult the iSTAR Pro Installation and Configuration Guide for more details on how to set the dip switch to mitigate this vulnerability."
+ "value": "\u2022 Replace the iSTAR Pro, Edge and eX door controllers with a current generation iSTAR door controller (such\nas iSTAR Ultra G2) which supports authentication and prevents the ICU from making configuration\nchanges.\n\n\u2022 Ensure your iSTAR Ultra and Ultra LT door controllers are running firmware 6.6.B or greater."
}
],
"credits": [
{
"lang": "en",
- "value": "Reid Wightman of Dragos"
+ "value": "Reid Wightman"
}
]
}
\ No newline at end of file
diff --git a/2025/29xxx/CVE-2025-29529.json b/2025/29xxx/CVE-2025-29529.json
index 5c7c078422f..afc37af06cd 100644
--- a/2025/29xxx/CVE-2025-29529.json
+++ b/2025/29xxx/CVE-2025-29529.json
@@ -1,17 +1,66 @@
{
- "data_type": "CVE",
- "data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
- "ID": "CVE-2025-29529",
"ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ID": "CVE-2025-29529",
+ "STATE": "PUBLIC"
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
+ ]
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "** UNSUPPORTED WHEN ASSIGNED ** ITC Systems Multiplan/Matrix OneCard platform v3.7.4.1002 was discovered to contain a SQL injection vulnerability via the component Forgotpassword.aspx."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/chamilo/chamilo-lms/commit/beb07770d674fcc9db6df0e59aab107678c28682",
+ "url": "https://github.com/chamilo/chamilo-lms/commit/beb07770d674fcc9db6df0e59aab107678c28682"
+ },
+ {
+ "refsource": "MISC",
+ "name": "https://github.com/Yoshik0xF6/CVE-2025-29529",
+ "url": "https://github.com/Yoshik0xF6/CVE-2025-29529"
}
]
}
diff --git a/2025/43xxx/CVE-2025-43861.json b/2025/43xxx/CVE-2025-43861.json
index 840c5ecc1ea..6811ca55c6b 100644
--- a/2025/43xxx/CVE-2025-43861.json
+++ b/2025/43xxx/CVE-2025-43861.json
@@ -1,17 +1,90 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-43861",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 2f177dc, ManageWiki is vulnerable to reflected or stored XSS in the review dialog. A logged-in attacker must change a form field to include a malicious payload. If that same user then opens the \"Review Changes\" dialog, the payload will be rendered and executed in the context of their own session. This issue has been patched in commit 2f177dc."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "miraheze",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ManageWiki",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 2f177dc"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-859x-46h8-vcrv",
+ "refsource": "MISC",
+ "name": "https://github.com/miraheze/ManageWiki/security/advisories/GHSA-859x-46h8-vcrv"
+ },
+ {
+ "url": "https://github.com/miraheze/ManageWiki/commit/2f177dc83b28b727613215b835d4036cb179e4ab",
+ "refsource": "MISC",
+ "name": "https://github.com/miraheze/ManageWiki/commit/2f177dc83b28b727613215b835d4036cb179e4ab"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-859x-46h8-vcrv",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
}
]
}
diff --git a/2025/46xxx/CVE-2025-46548.json b/2025/46xxx/CVE-2025-46548.json
new file mode 100644
index 00000000000..7c5f08e3add
--- /dev/null
+++ b/2025/46xxx/CVE-2025-46548.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-46548",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file