admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-18 20:00:37 +00:00
parent 17d14525f7
commit f6bd3fa702
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 318 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2024/57xxx/CVE-2024-57493.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-57493",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-57493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gitlab.redox-os.org/redox-os/relibc/-/issues/201",
"refsource": "MISC",
"name": "https://gitlab.redox-os.org/redox-os/relibc/-/issues/201"
},
{
"url": "https://gitlab.redox-os.org/redox-os/relibc/-/merge_requests/566",
"refsource": "MISC",
"name": "https://gitlab.redox-os.org/redox-os/relibc/-/merge_requests/566"
},
{
"refsource": "MISC",
"name": "https://github.com/Marsman1996/pocs/tree/master/redox/CVE-2024-57493",
"url": "https://github.com/Marsman1996/pocs/tree/master/redox/CVE-2024-57493"
}
]
}

11
2025/25xxx/CVE-2025-25427.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A Stored cross-site scripting (XSS)\nvulnerability in upnp page of the web Interface in TP-Link WR841N <=4.19\nallows remote attackers to inject arbitrary JavaScript code via the port\nmapping description. This leads to \n\nan execution of the JavaScript payload when the upnp page is loaded."
"value": "A Stored cross-site scripting (XSS) vulnerability in upnp page of the web Interface in TP-Link WR841N v14 <= Build 231119 Rel.67074n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded."
}
]
},
@ -36,13 +36,13 @@
"product": {
"product_data": [
{
"product_name": "TL-WR841N",
"product_name": "TL-WR841N v14",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "4.19"
"version_value": "Build 231119 Rel.67074n"
}
]
}
@ -59,6 +59,11 @@
"url": "https://github.com/slin99/2025-25427",
"refsource": "MISC",
"name": "https://github.com/slin99/2025-25427"
},
{
"url": "https://www.tp-link.com/en/support/download/tl-wr841n/#Firmware",
"refsource": "MISC",
"name": "https://www.tp-link.com/en/support/download/tl-wr841n/#Firmware"
}
]
},

56
2025/28xxx/CVE-2025-28197.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-28197",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2025-28197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://gist.github.com/AndrewDzzz/f49e79b09ce0643ee1fc2a829e8875e0",
"url": "https://gist.github.com/AndrewDzzz/f49e79b09ce0643ee1fc2a829e8875e0"
}
]
}

88
2025/32xxx/CVE-2025-32377.json
View File

@ -1,17 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-32377",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models (LLMs). A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source. This issue has been patched for audiocodes, audiocodes_stream, and genesys connectors in versions 3.9.20, 3.10.19, 3.11.7 and 3.12.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "RasaHQ",
"product": {
"product_data": [
{
"product_name": "rasa-pro-security-advisories",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": ">= 3.12.0, < 3.12.6"
},
{
"version_affected": "=",
"version_value": ">= 3.11.0, < 3.11.7"
},
{
"version_affected": "=",
"version_value": ">= 3.10.0, < 3.10.19"
},
{
"version_affected": "=",
"version_value": "< 3.9.20"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/RasaHQ/security-advisories/security/advisories/GHSA-7xq5-54jp-2mfg",
"refsource": "MISC",
"name": "https://github.com/RasaHQ/security-advisories/security/advisories/GHSA-7xq5-54jp-2mfg"
}
]
},
"source": {
"advisory": "GHSA-7xq5-54jp-2mfg",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

102
2025/36xxx/CVE-2025-36625.json
View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-36625",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-117: Improper Output Neutralization for Logs",
"cweId": "CWE-117"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tenable",
"product": {
"product_data": [
{
"product_name": "Nessus",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "10.8.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tenable.com/security/tns-2025-05",
"refsource": "MISC",
"name": "https://www.tenable.com/security/tns-2025-05"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "tns-2025-05",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Tenable has released Nessus 10.8.4 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus\"><u>https://www.tenable.com/downloads/nessus</u></a>\n\n<br>"
}
],
"value": "Tenable has released Nessus 10.8.4 to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/nessus https://www.tenable.com/downloads/nessus"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

18
2025/3xxx/CVE-2025-3813.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-3813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}