admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-05-12 11:00:33 +00:00
parent 8028d8e980
commit f3780916f5
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 385 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
2025/22xxx/CVE-2025-22247.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-22247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@vmware.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "VMware Tools contains an insecure file handling vulnerability.\u00a0A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')",
"cweId": "CWE-59"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "VMware",
"product": {
"product_data": [
{
"product_name": "Tools",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.x.x, 11.x.x",
"version_value": "12.5.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683",
"refsource": "MISC",
"name": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
]
}

63
2025/32xxx/CVE-2025-32390.json
View File

@ -1,18 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base (KB) articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and if they submit their credentials, they get captured in plain text. The vulnerability is allowed by overly permissive HTML editing being allowed on the KB articles. Any authenticated user with the privilege to read KB articles is impacted. In an enterprise with multiple applications, the malicious KB article could be edited to match the login pages of other applications, which would make it useful for credential harvesting against other applications as well. Version 9.0.8 contains a patch for the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "espocrm",
"product": {
"product_data": [
{
"product_name": "espocrm",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 9.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-qrwp-v8v3-hqp2",
"refsource": "MISC",
"name": "https://github.com/espocrm/espocrm/security/advisories/GHSA-qrwp-v8v3-hqp2"
},
{
"url": "https://github.com/espocrm/espocrm/commit/6b58d30eec8864de52844bfb8dac346ce5c729d7",
"refsource": "MISC",
"name": "https://github.com/espocrm/espocrm/commit/6b58d30eec8864de52844bfb8dac346ce5c729d7"
}
]
},
"source": {
"advisory": "GHSA-qrwp-v8v3-hqp2",
"discovery": "UNKNOWN"
}
}

78
2025/46xxx/CVE-2025-46729.json
View File

@ -1,18 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-46729",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos's DVDProfiler software. Starting in v_20230807 and prior to v_20250511, cross-site scripting in the search function. v_20250511 contains a patch for the issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "julmud",
"product": {
"product_data": [
{
"product_name": "phpDVDProfiler",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= v_20230807, < v_20250511"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/julmud/phpDVDProfiler/security/advisories/GHSA-x3rx-6c2m-6vg9",
"refsource": "MISC",
"name": "https://github.com/julmud/phpDVDProfiler/security/advisories/GHSA-x3rx-6c2m-6vg9"
},
{
"url": "https://github.com/julmud/phpDVDProfiler/commit/c97e4b577969d5f6ca8171333b362fcdbec838a7",
"refsource": "MISC",
"name": "https://github.com/julmud/phpDVDProfiler/commit/c97e4b577969d5f6ca8171333b362fcdbec838a7"
},
{
"url": "https://github.com/julmud/phpDVDProfiler/releases/tag/v_20250511",
"refsource": "MISC",
"name": "https://github.com/julmud/phpDVDProfiler/releases/tag/v_20250511"
},
{
"url": "https://www.openbugbounty.org/reports/3456782",
"refsource": "MISC",
"name": "https://www.openbugbounty.org/reports/3456782"
},
{
"url": "https://www.openbugbounty.org/reports/3512265",
"refsource": "MISC",
"name": "https://www.openbugbounty.org/reports/3512265"
}
]
},
"source": {
"advisory": "GHSA-x3rx-6c2m-6vg9",
"discovery": "UNKNOWN"
}
}

86
2025/47xxx/CVE-2025-47270.json
View File

@ -1,17 +1,95 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47270",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The `nimiq-network-libp2p` subcrate of nimiq/core-rs-albatross is vulnerable to a Denial of Service (DoS) attack due to uncontrolled memory allocation. Specifically, the implementation of the `Discovery` network message handling allocates a buffer based on a length value provided by the peer, without enforcing an upper bound. Since this length is a `u32`, a peer can trigger allocations of up to 4 GB, potentially leading to memory exhaustion and node crashes. As Discovery messages are regularly exchanged for peer discovery, this vulnerability can be exploited repeatedly. The patch for this vulnerability is formally released as part of v1.1.0. The patch implements a limit to the discovery message size of 1 MB and also resizes the message buffer size incrementally as the data is read. No known workarounds are available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nimiq",
"product": {
"product_data": [
{
"product_name": "core-rs-albatross",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-3v6r-9cr8-q433",
"refsource": "MISC",
"name": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-3v6r-9cr8-q433"
},
{
"url": "https://github.com/nimiq/core-rs-albatross/pull/3384",
"refsource": "MISC",
"name": "https://github.com/nimiq/core-rs-albatross/pull/3384"
},
{
"url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.1.0",
"refsource": "MISC",
"name": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.1.0"
}
]
},
"source": {
"advisory": "GHSA-3v6r-9cr8-q433",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

81
2025/47xxx/CVE-2025-47271.json
View File

@ -1,18 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47271",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code. This is patched in 1.13.6. As a workaround, one may downgrade to a version prior to 1.13.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
"cweId": "CWE-95"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-1116: Inaccurate Comments",
"cweId": "CWE-1116"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OZI-Project",
"product": {
"product_data": [
{
"product_name": "publish",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 1.13.2, < 1.13.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/OZI-Project/publish/security/advisories/GHSA-2487-9f55-2vg9",
"refsource": "MISC",
"name": "https://github.com/OZI-Project/publish/security/advisories/GHSA-2487-9f55-2vg9"
},
{
"url": "https://github.com/OZI-Project/publish/commit/abd8524ec69800890529846b3ccfb09ce7c10b5c",
"refsource": "MISC",
"name": "https://github.com/OZI-Project/publish/commit/abd8524ec69800890529846b3ccfb09ce7c10b5c"
}
]
},
"source": {
"advisory": "GHSA-2487-9f55-2vg9",
"discovery": "UNKNOWN"
}
}

18
2025/4xxx/CVE-2025-4573.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4573",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}