admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-02 21:03:35 +00:00
parent 516bff6e8a
commit e79aa56790
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 870 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
2025/31xxx/CVE-2025-31103.json
View File

@ -1,17 +1,138 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31103",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of untrusted data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "appleple inc.",
"product": {
"product_data": [
{
"product_name": "a-blog cms (Ver.3.1.x series)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to Ver.3.1.37"
}
]
}
},
{
"product_name": "a-blog cms (Ver.3.0.x series)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to Ver.3.0.41"
}
]
}
},
{
"product_name": "a-blog cms (Ver.2.11.x series)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to Ver.2.11.70"
}
]
}
},
{
"product_name": "a-blog cms (Ver.2.10.x series)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to Ver.2.10.58"
}
]
}
},
{
"product_name": "a-blog cms (Ver.2.9.x series)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to Ver.2.9.46"
}
]
}
},
{
"product_name": "a-blog cms (Ver. 2.8.x series)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "prior to Ver.2.8.80"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://developer.a-blogcms.jp/blog/news/security-update202503.html",
"refsource": "MISC",
"name": "https://developer.a-blogcms.jp/blog/news/security-update202503.html"
},
{
"url": "https://developer.a-blogcms.jp/blog/news/entry-4197.html",
"refsource": "MISC",
"name": "https://developer.a-blogcms.jp/blog/news/entry-4197.html"
},
{
"url": "https://jvn.jp/en/jp/JVN66982699/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN66982699/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"baseSeverity": "HIGH",
"baseScore": 7.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
]
}

81
2025/31xxx/CVE-2025-31116.json
View File

@ -1,17 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31116",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MobSF",
"product": {
"product_data": [
{
"product_name": "Mobile-Security-Framework-MobSF",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 4.3.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-fcfq-m8p6-gw56",
"refsource": "MISC",
"name": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-fcfq-m8p6-gw56"
},
{
"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/4b8bab5a9858c69fe13be4631b82d82186e0d3bd",
"refsource": "MISC",
"name": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/4b8bab5a9858c69fe13be4631b82d82186e0d3bd"
}
]
},
"source": {
"advisory": "GHSA-fcfq-m8p6-gw56",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
}
]
}

63
2025/31xxx/CVE-2025-31117.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31117",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal resources. this attack does not return a direct response but can be exploited through DNS or HTTP interactions to exfiltrate sensitive information. This vulnerability is fixed in 7.0.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)",
"cweId": "CWE-918"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openemr",
"product": {
"product_data": [
{
"product_name": "openemr",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 7.0.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/openemr/openemr/security/advisories/GHSA-2pvv-ph3x-2f9h",
"refsource": "MISC",
"name": "https://github.com/openemr/openemr/security/advisories/GHSA-2pvv-ph3x-2f9h"
},
{
"url": "https://github.com/openemr/openemr/commit/aa6f50efb2971285633fa77ea7a50949408cab12",
"refsource": "MISC",
"name": "https://github.com/openemr/openemr/commit/aa6f50efb2971285633fa77ea7a50949408cab12"
}
]
},
"source": {
"advisory": "GHSA-2pvv-ph3x-2f9h",
"discovery": "UNKNOWN"
}
}

58
2025/31xxx/CVE-2025-31121.json
View File

@ -1,18 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31121",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openemr",
"product": {
"product_data": [
{
"product_name": "openemr",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 7.0.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/openemr/openemr/security/advisories/GHSA-2w94-qmj6-3qxx",
"refsource": "MISC",
"name": "https://github.com/openemr/openemr/security/advisories/GHSA-2w94-qmj6-3qxx"
}
]
},
"source": {
"advisory": "GHSA-2w94-qmj6-3qxx",
"discovery": "UNKNOWN"
}
}

72
2025/31xxx/CVE-2025-31122.json
View File

@ -1,18 +1,82 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31122",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication",
"cweId": "CWE-287"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing",
"cweId": "CWE-290"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Scratch-Coding-Hut",
"product": {
"product_data": [
{
"product_name": "Scratch-Coding-Hut",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 1.0-beta3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/Scratch-Coding-Hut/Scratch-Coding-Hut/security/advisories/GHSA-mmg3-567w-v9j2",
"refsource": "MISC",
"name": "https://github.com/Scratch-Coding-Hut/Scratch-Coding-Hut/security/advisories/GHSA-mmg3-567w-v9j2"
},
{
"url": "https://github.com/Scratch-Coding-Hut/Scratch-Coding-Hut.github.io/issues/56",
"refsource": "MISC",
"name": "https://github.com/Scratch-Coding-Hut/Scratch-Coding-Hut.github.io/issues/56"
}
]
},
"source": {
"advisory": "GHSA-mmg3-567w-v9j2",
"discovery": "UNKNOWN"
}
}

158
2025/31xxx/CVE-2025-31123.json
View File

@ -1,17 +1,167 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31123",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to obtain valid access tokens. This vulnerability does not affect the use of JWT Profile for OAuth 2.0 Client Authentication on the Token and Introspection endpoints, which correctly reject expired keys. This vulnerability is fixed in 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6, and 2.63.9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-324: Use of a Key Past its Expiration Date",
"cweId": "CWE-324"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zitadel",
"product": {
"product_data": [
{
"product_name": "zitadel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.62.0, < 2.63.9"
},
{
"version_affected": "=",
"version_value": ">= 2.64.0-rc.1, < 2.64.6"
},
{
"version_affected": "=",
"version_value": ">= 2.65.0-rc.1, < 2.65.7"
},
{
"version_affected": "=",
"version_value": ">= 2.66.0-rc.1, < 2.66.16"
},
{
"version_affected": "=",
"version_value": ">= 2.67.0-rc.1, < 2.67.13"
},
{
"version_affected": "=",
"version_value": ">= 2.68.0-rc.1, < 2.68.9"
},
{
"version_affected": "=",
"version_value": ">= 2.69.0-rc.1, < 2.69.9"
},
{
"version_affected": "=",
"version_value": ">= 2.70.0-rc.1, < 2.70.8"
},
{
"version_affected": "=",
"version_value": ">= 2.71.0-rc.1, < 2.71.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-h3q7-347g-qwhf",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-h3q7-347g-qwhf"
},
{
"url": "https://github.com/zitadel/zitadel/commit/315503beabd679f2e6aec0c004f0f9d2f5b53ed3",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/315503beabd679f2e6aec0c004f0f9d2f5b53ed3"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.63.9",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.63.9"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.64.6",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.64.6"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.65.7",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.65.7"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.66.16",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.66.16"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.67.13",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.67.13"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.68.9",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.68.9"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.69.9",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.69.9"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.70.8",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.70.8"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.71.6",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.71.6"
}
]
},
"source": {
"advisory": "GHSA-h3q7-347g-qwhf",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
]
}

176
2025/31xxx/CVE-2025-31124.json
View File

@ -1,17 +1,185 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31124",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called \"Ignoring unknown usernames\" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report \"Username or Password invalid\". While the setting was correctly respected during the login flow, the user's username was normalized leading to a disclosure of the user's existence. This vulnerability is fixed in 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6, and 2.63.9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203: Observable Discrepancy",
"cweId": "CWE-203"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-204: Observable Response Discrepancy",
"cweId": "CWE-204"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "zitadel",
"product": {
"product_data": [
{
"product_name": "zitadel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 2.62.0, < 2.63.9"
},
{
"version_affected": "=",
"version_value": ">= 2.64.0-rc.1, < 2.64.6"
},
{
"version_affected": "=",
"version_value": ">= 2.65.0-rc.1, < 2.65.7"
},
{
"version_affected": "=",
"version_value": ">= 2.66.0-rc.1, < 2.66.16"
},
{
"version_affected": "=",
"version_value": ">= 2.67.0-rc.1, < 2.67.13"
},
{
"version_affected": "=",
"version_value": ">= 2.68.0-rc.1, < 2.68.9"
},
{
"version_affected": "=",
"version_value": ">= 2.69.0-rc.1, < 2.69.9"
},
{
"version_affected": "=",
"version_value": ">= 2.70.0-rc.1, < 2.70.8"
},
{
"version_affected": "=",
"version_value": ">= 2.71.0-rc.1, < 2.71.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-67m4-8g4w-633q",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/security/advisories/GHSA-67m4-8g4w-633q"
},
{
"url": "https://github.com/zitadel/zitadel/commit/14de8ecac2afafee4975ed7ac26f3ca4a2b0f82c",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/commit/14de8ecac2afafee4975ed7ac26f3ca4a2b0f82c"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.63.9",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.63.9"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.64.6",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.64.6"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.65.7",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.65.7"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.66.16",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.66.16"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.67.13",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.67.13"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.68.9",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.68.9"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.69.9",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.69.9"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.70.8",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.70.8"
},
{
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.71.6",
"refsource": "MISC",
"name": "https://github.com/zitadel/zitadel/releases/tag/v2.71.6"
}
]
},
"source": {
"advisory": "GHSA-67m4-8g4w-633q",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

106
2025/31xxx/CVE-2025-31125.json
View File

@ -1,17 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31125",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vitejs",
"product": {
"product_data": [
{
"product_name": "vite",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 6.2.0, < 6.2.4"
},
{
"version_affected": "=",
"version_value": ">= 6.1.0, < 6.1.3"
},
{
"version_affected": "=",
"version_value": ">= 6.0.0, < 6.0.13"
},
{
"version_affected": "=",
"version_value": ">= 5.0.0, < 5.4.16"
},
{
"version_affected": "=",
"version_value": "< 4.5.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8",
"refsource": "MISC",
"name": "https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8"
},
{
"url": "https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949",
"refsource": "MISC",
"name": "https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949"
}
]
},
"source": {
"advisory": "GHSA-4r4m-qw57-chr8",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

63
2025/31xxx/CVE-2025-31128.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31128",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "gifplayer is a customizable jquery plugin to play and stop animated gifs. gifplayer contains a cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 0.3.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "rubentd",
"product": {
"product_data": [
{
"product_name": "gifplayer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 0.3.7"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/rubentd/gifplayer/security/advisories/GHSA-gr7w-hmch-25g7",
"refsource": "MISC",
"name": "https://github.com/rubentd/gifplayer/security/advisories/GHSA-gr7w-hmch-25g7"
},
{
"url": "https://github.com/rubentd/gifplayer/commit/2966193d4d066e5a6ba09dbdf1e1c7f8238630c8",
"refsource": "MISC",
"name": "https://github.com/rubentd/gifplayer/commit/2966193d4d066e5a6ba09dbdf1e1c7f8238630c8"
}
]
},
"source": {
"advisory": "GHSA-gr7w-hmch-25g7",
"discovery": "UNKNOWN"
}
}