diff --git a/2024/12xxx/CVE-2024-12604.json b/2024/12xxx/CVE-2024-12604.json index 33ffe18b80a..ba8d57ef291 100644 --- a/2024/12xxx/CVE-2024-12604.json +++ b/2024/12xxx/CVE-2024-12604.json @@ -1,17 +1,112 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-12604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@usom.gov.tr", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable", + "cweId": "CWE-526" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password", + "cweId": "CWE-640" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tapandsign Technologies", + "product": { + "product_data": [ + { + "product_name": "Tap&Sign App", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "V.1.025" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://docs.tapandsign.com/tap-and-sign/tap-and-sign-v.1.025-surum-notlari", + "refsource": "MISC", + "name": "https://docs.tapandsign.com/tap-and-sign/tap-and-sign-v.1.025-surum-notlari" + }, + { + "url": "https://www.usom.gov.tr/bildirim/tr-25-0063", + "refsource": "MISC", + "name": "https://www.usom.gov.tr/bildirim/tr-25-0063" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "advisory": "TR-25-0063", + "defect": [ + "TR-25-0063" + ], + "discovery": "UNKNOWN" + }, + "credits": [ + { + "lang": "en", + "value": "Mucahit IC" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/57xxx/CVE-2024-57492.json b/2024/57xxx/CVE-2024-57492.json index 73e65303e94..b55bb34a1ce 100644 --- a/2024/57xxx/CVE-2024-57492.json +++ b/2024/57xxx/CVE-2024-57492.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2024-57492", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2024-57492", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the round_up_to_page funciton." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.redox-os.org/redox-os/relibc/-/issues/200", + "refsource": "MISC", + "name": "https://gitlab.redox-os.org/redox-os/relibc/-/issues/200" + }, + { + "url": "https://gitlab.redox-os.org/redox-os/relibc/-/merge_requests/569", + "refsource": "MISC", + "name": "https://gitlab.redox-os.org/redox-os/relibc/-/merge_requests/569" + }, + { + "refsource": "MISC", + "name": "https://github.com/Marsman1996/pocs/blob/master/redox/CVE-2024-57492/README.md", + "url": "https://github.com/Marsman1996/pocs/blob/master/redox/CVE-2024-57492/README.md" } ] } diff --git a/2025/25xxx/CVE-2025-25614.json b/2025/25xxx/CVE-2025-25614.json index fbb23504f0a..3931b46e7bb 100644 --- a/2025/25xxx/CVE-2025-25614.json +++ b/2025/25xxx/CVE-2025-25614.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25614", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25614", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/changeweb/Unifiedtransform", + "refsource": "MISC", + "name": "https://github.com/changeweb/Unifiedtransform" + }, + { + "refsource": "MISC", + "name": "https://github.com/armaansidana2003/CVE-2025-25614", + "url": "https://github.com/armaansidana2003/CVE-2025-25614" } ] } diff --git a/2025/25xxx/CVE-2025-25615.json b/2025/25xxx/CVE-2025-25615.json index d9b45ab47d9..5fab67b4356 100644 --- a/2025/25xxx/CVE-2025-25615.json +++ b/2025/25xxx/CVE-2025-25615.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25615", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25615", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/changeweb/Unifiedtransform", + "refsource": "MISC", + "name": "https://github.com/changeweb/Unifiedtransform" + }, + { + "refsource": "MISC", + "name": "https://github.com/armaansidana2003/CVE-2025-25615", + "url": "https://github.com/armaansidana2003/CVE-2025-25615" } ] } diff --git a/2025/25xxx/CVE-2025-25616.json b/2025/25xxx/CVE-2025-25616.json index 7032b47bdff..00620ce5bba 100644 --- a/2025/25xxx/CVE-2025-25616.json +++ b/2025/25xxx/CVE-2025-25616.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25616", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25616", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/changeweb/Unifiedtransform", + "refsource": "MISC", + "name": "https://github.com/changeweb/Unifiedtransform" + }, + { + "refsource": "MISC", + "name": "https://github.com/armaansidana2003/CVE-2025-25616", + "url": "https://github.com/armaansidana2003/CVE-2025-25616" } ] } diff --git a/2025/25xxx/CVE-2025-25620.json b/2025/25xxx/CVE-2025-25620.json index 1a2b062a47b..0f6b4f78c79 100644 --- a/2025/25xxx/CVE-2025-25620.json +++ b/2025/25xxx/CVE-2025-25620.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2025-25620", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2025-25620", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/changeweb/Unifiedtransform", + "refsource": "MISC", + "name": "https://github.com/changeweb/Unifiedtransform" + }, + { + "refsource": "MISC", + "name": "https://github.com/armaansidana2003/CVE-2025-25620", + "url": "https://github.com/armaansidana2003/CVE-2025-25620" } ] } diff --git a/2025/26xxx/CVE-2025-26865.json b/2025/26xxx/CVE-2025-26865.json index 3a6e444b49c..2ab669dba92 100644 --- a/2025/26xxx/CVE-2025-26865.json +++ b/2025/26xxx/CVE-2025-26865.json @@ -1,18 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26865", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: from 18.12.17 before 18.12.18.\u00a0\u00a0\n\nIt's a regression between 18.12.17 and 18.12.18.\nIn case you use something like that, which is not recommended!\nFor security, only official releases should be used.\n\nIn other words, if you use 18.12.17 you are still safe.\nThe version 18.12.17 is not a affected.\nBut something between 18.12.17 and 18.12.18 is.\n\nIn that case, users are recommended to upgrade to version 18.12.18, which fixes the issue." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine", + "cweId": "CWE-1336" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache OFBiz", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "18.12.17", + "version_value": "18.12.18" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://ofbiz.apache.org/download.html", + "refsource": "MISC", + "name": "https://ofbiz.apache.org/download.html" + }, + { + "url": "https://ofbiz.apache.org/security.html", + "refsource": "MISC", + "name": "https://ofbiz.apache.org/security.html" + }, + { + "url": "https://issues.apache.org/jira/browse/OFBIZ-12594", + "refsource": "MISC", + "name": "https://issues.apache.org/jira/browse/OFBIZ-12594" + }, + { + "url": "https://lists.apache.org/thread/prb48ztk01bflyyjbl6p56wlcc1n5sz7", + "refsource": "MISC", + "name": "https://lists.apache.org/thread/prb48ztk01bflyyjbl6p56wlcc1n5sz7" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Matei \"Mal\" Badanoiu" + } + ] } \ No newline at end of file diff --git a/2025/26xxx/CVE-2025-26910.json b/2025/26xxx/CVE-2025-26910.json index 8c15a37aa86..e7779c6b30e 100644 --- a/2025/26xxx/CVE-2025-26910.json +++ b/2025/26xxx/CVE-2025-26910.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26910", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Iqonic Design", + "product": { + "product_data": [ + { + "product_name": "WPBookit", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "1.0.1", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "1.0.2", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpbookit/vulnerability/wordpress-wpbookit-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/wpbookit/vulnerability/wordpress-wpbookit-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WPBookit wordpress plugin to the latest available version (at least 1.0.2)." + } + ], + "value": "Update the WordPress WPBookit wordpress plugin to the latest available version (at least 1.0.2)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Khang Duong (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.1, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseSeverity": "HIGH", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26916.json b/2025/26xxx/CVE-2025-26916.json index 26342e2aa68..297952a8be9 100644 --- a/2025/26xxx/CVE-2025-26916.json +++ b/2025/26xxx/CVE-2025-26916.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26916", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EPC Massive Dynamic. This issue affects Massive Dynamic: from n/a through 8.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + "cweId": "CWE-98" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "EPC", + "product": { + "product_data": [ + { + "product_name": "Massive Dynamic", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "8.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/theme/massive-dynamic/vulnerability/wordpress-massive-dynamic-theme-8-2-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/theme/massive-dynamic/vulnerability/wordpress-massive-dynamic-theme-8-2-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 9, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseSeverity": "CRITICAL", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26933.json b/2025/26xxx/CVE-2025-26933.json index 6a1f05b5eb7..d62a45b62d0 100644 --- a/2025/26xxx/CVE-2025-26933.json +++ b/2025/26xxx/CVE-2025-26933.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26933", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + "cweId": "CWE-98" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nitin Prakash", + "product": { + "product_data": [ + { + "product_name": "WC Place Order Without Payment", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "lessThanOrEqual": "2.6.7", + "status": "affected", + "version": "n/a", + "versionType": "custom", + "changes": [ + { + "at": "2.6.8", + "status": "unaffected" + } + ] + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wc-place-order-without-payment/vulnerability/wordpress-place-order-without-payment-for-woocommerce-plugin-2-6-7-local-file-inclusion-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/wc-place-order-without-payment/vulnerability/wordpress-place-order-without-payment-for-woocommerce-plugin-2-6-7-local-file-inclusion-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress WC Place Order Without Payment wordpress plugin to the latest available version (at least 2.6.8)." + } + ], + "value": "Update the WordPress WC Place Order Without Payment wordpress plugin to the latest available version (at least 2.6.8)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Dimas Maulana (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseSeverity": "HIGH", + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "version": "3.1" } ] } diff --git a/2025/26xxx/CVE-2025-26936.json b/2025/26xxx/CVE-2025-26936.json index 2dea3b62bf7..752bdc3eee2 100644 --- a/2025/26xxx/CVE-2025-26936.json +++ b/2025/26xxx/CVE-2025-26936.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-26936", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Fresh Framework allows Code Injection. This issue affects Fresh Framework: from n/a through 1.70.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", + "cweId": "CWE-94" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NotFound", + "product": { + "product_data": [ + { + "product_name": "Fresh Framework", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "1.70.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fresh-framework/vulnerability/wordpress-fresh-framework-plugin-1-70-0-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/fresh-framework/vulnerability/wordpress-fresh-framework-plugin-1-70-0-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Rafie Muhammad (Patchstack)" + } + ], + "impact": { + "cvss": [ + { + "baseScore": 10, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseSeverity": "CRITICAL", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "version": "3.1" } ] } diff --git a/2025/2xxx/CVE-2025-2153.json b/2025/2xxx/CVE-2025-2153.json index eb790e15ce8..182756393da 100644 --- a/2025/2xxx/CVE-2025-2153.json +++ b/2025/2xxx/CVE-2025-2153.json @@ -1,17 +1,117 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-2153", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in HDF5 1.14.6 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion H5SM_delete der Datei H5SM.c der Komponente h5 File Handler. Durch das Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based Buffer Overflow", + "cweId": "CWE-122" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption", + "cweId": "CWE-119" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HDF5", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.14.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.299064", + "refsource": "MISC", + "name": "https://vuldb.com/?id.299064" + }, + { + "url": "https://vuldb.com/?ctiid.299064", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.299064" + }, + { + "url": "https://vuldb.com/?submit.510819", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.510819" + }, + { + "url": "https://github.com/HDFGroup/hdf5/issues/5329", + "refsource": "MISC", + "name": "https://github.com/HDFGroup/hdf5/issues/5329" + }, + { + "url": "https://github.com/sae-as-me/Crashes/raw/refs/heads/main/hdf5/h5_extended_crash.h5", + "refsource": "MISC", + "name": "https://github.com/sae-as-me/Crashes/raw/refs/heads/main/hdf5/h5_extended_crash.h5" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5, + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.1, + "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ] } diff --git a/2025/2xxx/CVE-2025-2167.json b/2025/2xxx/CVE-2025-2167.json new file mode 100644 index 00000000000..36797d1fb78 --- /dev/null +++ b/2025/2xxx/CVE-2025-2167.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2167", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2168.json b/2025/2xxx/CVE-2025-2168.json new file mode 100644 index 00000000000..a8b36a5f45a --- /dev/null +++ b/2025/2xxx/CVE-2025-2168.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2168", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2169.json b/2025/2xxx/CVE-2025-2169.json new file mode 100644 index 00000000000..0571e4f938c --- /dev/null +++ b/2025/2xxx/CVE-2025-2169.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2169", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/2xxx/CVE-2025-2170.json b/2025/2xxx/CVE-2025-2170.json new file mode 100644 index 00000000000..3375324ba61 --- /dev/null +++ b/2025/2xxx/CVE-2025-2170.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-2170", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file