From 237353568a42fa42adaff478c2a10a8ab485e620 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 23 Jun 2025 23:58:57 +0000 Subject: [PATCH] Auto-Update: 2025-06-23T23:55:20.097357+00:00 --- CVE-2021/CVE-2021-472xx/CVE-2021-47294.json | 202 +++- CVE-2021/CVE-2021-472xx/CVE-2021-47296.json | 141 ++- CVE-2021/CVE-2021-476xx/CVE-2021-47688.json | 64 ++ CVE-2023/CVE-2023-433xx/CVE-2023-43378.json | 33 +- CVE-2023/CVE-2023-470xx/CVE-2023-47029.json | 25 + CVE-2023/CVE-2023-470xx/CVE-2023-47030.json | 25 + CVE-2023/CVE-2023-470xx/CVE-2023-47031.json | 4 +- CVE-2023/CVE-2023-470xx/CVE-2023-47032.json | 4 +- CVE-2023/CVE-2023-472xx/CVE-2023-47294.json | 4 +- CVE-2023/CVE-2023-472xx/CVE-2023-47295.json | 4 +- CVE-2023/CVE-2023-472xx/CVE-2023-47297.json | 4 +- CVE-2023/CVE-2023-472xx/CVE-2023-47298.json | 4 +- CVE-2023/CVE-2023-489xx/CVE-2023-48978.json | 4 +- CVE-2023/CVE-2023-504xx/CVE-2023-50450.json | 4 +- CVE-2023/CVE-2023-527xx/CVE-2023-52722.json | 54 +- CVE-2023/CVE-2023-56xx/CVE-2023-5600.json | 8 +- CVE-2024/CVE-2024-212xx/CVE-2024-21211.json | 88 +- CVE-2024/CVE-2024-249xx/CVE-2024-24916.json | 4 +- CVE-2024/CVE-2024-291xx/CVE-2024-29120.json | 45 +- CVE-2024/CVE-2024-334xx/CVE-2024-33452.json | 34 +- CVE-2024/CVE-2024-353xx/CVE-2024-35324.json | 33 +- CVE-2024/CVE-2024-35xx/CVE-2024-3511.json | 4 +- CVE-2024/CVE-2024-364xx/CVE-2024-36428.json | 41 +- CVE-2024/CVE-2024-404xx/CVE-2024-40445.json | 43 +- CVE-2024/CVE-2024-404xx/CVE-2024-40446.json | 33 +- CVE-2024/CVE-2024-40xx/CVE-2024-4023.json | 32 +- CVE-2024/CVE-2024-40xx/CVE-2024-4025.json | 8 +- CVE-2024/CVE-2024-427xx/CVE-2024-42733.json | 32 +- CVE-2024/CVE-2024-452xx/CVE-2024-45208.json | 16 +- CVE-2024/CVE-2024-453xx/CVE-2024-45347.json | 4 +- CVE-2024/CVE-2024-465xx/CVE-2024-46546.json | 49 +- CVE-2024/CVE-2024-49xx/CVE-2024-4994.json | 8 +- CVE-2024/CVE-2024-532xx/CVE-2024-53298.json | 8 +- CVE-2024/CVE-2024-533xx/CVE-2024-53307.json | 39 +- CVE-2024/CVE-2024-535xx/CVE-2024-53591.json | 27 +- CVE-2024/CVE-2024-541xx/CVE-2024-54172.json | 8 +- CVE-2024/CVE-2024-541xx/CVE-2024-54183.json | 8 +- CVE-2024/CVE-2024-551xx/CVE-2024-55199.json | 36 +- CVE-2024/CVE-2024-75xx/CVE-2024-7586.json | 8 +- CVE-2024/CVE-2024-87xx/CVE-2024-8789.json | 43 +- CVE-2025/CVE-2025-13xx/CVE-2025-1348.json | 8 +- CVE-2025/CVE-2025-13xx/CVE-2025-1349.json | 8 +- CVE-2025/CVE-2025-19xx/CVE-2025-1987.json | 8 +- CVE-2025/CVE-2025-202xx/CVE-2025-20234.json | 8 +- CVE-2025/CVE-2025-202xx/CVE-2025-20260.json | 8 +- CVE-2025/CVE-2025-202xx/CVE-2025-20271.json | 8 +- CVE-2025/CVE-2025-214xx/CVE-2025-21495.json | 40 +- CVE-2025/CVE-2025-215xx/CVE-2025-21552.json | 27 +- CVE-2025/CVE-2025-215xx/CVE-2025-21553.json | 42 +- CVE-2025/CVE-2025-215xx/CVE-2025-21557.json | 31 +- CVE-2025/CVE-2025-215xx/CVE-2025-21568.json | 26 +- CVE-2025/CVE-2025-215xx/CVE-2025-21569.json | 26 +- CVE-2025/CVE-2025-215xx/CVE-2025-21583.json | 51 +- CVE-2025/CVE-2025-21xx/CVE-2025-2123.json | 99 +- CVE-2025/CVE-2025-21xx/CVE-2025-2148.json | 69 +- CVE-2025/CVE-2025-21xx/CVE-2025-2149.json | 60 +- CVE-2025/CVE-2025-21xx/CVE-2025-2171.json | 10 +- CVE-2025/CVE-2025-21xx/CVE-2025-2172.json | 12 +- CVE-2025/CVE-2025-230xx/CVE-2025-23049.json | 4 +- CVE-2025/CVE-2025-230xx/CVE-2025-23092.json | 25 + CVE-2025/CVE-2025-231xx/CVE-2025-23121.json | 16 +- CVE-2025/CVE-2025-231xx/CVE-2025-23168.json | 16 +- CVE-2025/CVE-2025-231xx/CVE-2025-23169.json | 16 +- CVE-2025/CVE-2025-231xx/CVE-2025-23170.json | 16 +- CVE-2025/CVE-2025-231xx/CVE-2025-23171.json | 16 +- CVE-2025/CVE-2025-231xx/CVE-2025-23172.json | 16 +- CVE-2025/CVE-2025-231xx/CVE-2025-23173.json | 16 +- CVE-2025/CVE-2025-242xx/CVE-2025-24286.json | 16 +- CVE-2025/CVE-2025-242xx/CVE-2025-24287.json | 16 +- CVE-2025/CVE-2025-242xx/CVE-2025-24288.json | 16 +- CVE-2025/CVE-2025-242xx/CVE-2025-24291.json | 16 +- CVE-2025/CVE-2025-24xx/CVE-2025-2443.json | 8 +- CVE-2025/CVE-2025-250xx/CVE-2025-25034.json | 8 +- CVE-2025/CVE-2025-250xx/CVE-2025-25037.json | 8 +- CVE-2025/CVE-2025-250xx/CVE-2025-25038.json | 8 +- CVE-2025/CVE-2025-253xx/CVE-2025-25382.json | 36 +- CVE-2025/CVE-2025-256xx/CVE-2025-25614.json | 38 +- CVE-2025/CVE-2025-256xx/CVE-2025-25620.json | 31 +- CVE-2025/CVE-2025-259xx/CVE-2025-25908.json | 26 +- CVE-2025/CVE-2025-259xx/CVE-2025-25940.json | 38 +- CVE-2025/CVE-2025-261xx/CVE-2025-26198.json | 4 +- CVE-2025/CVE-2025-261xx/CVE-2025-26199.json | 4 +- CVE-2025/CVE-2025-264xx/CVE-2025-26413.json | 44 +- CVE-2025/CVE-2025-268xx/CVE-2025-26865.json | 49 +- CVE-2025/CVE-2025-271xx/CVE-2025-27190.json | 581 +++++++++- CVE-2025/CVE-2025-272xx/CVE-2025-27206.json | 561 +++++++++- CVE-2025/CVE-2025-273xx/CVE-2025-27387.json | 4 +- CVE-2025/CVE-2025-276xx/CVE-2025-27636.json | 70 +- CVE-2025/CVE-2025-278xx/CVE-2025-27893.json | 60 +- CVE-2025/CVE-2025-280xx/CVE-2025-28056.json | 34 +- CVE-2025/CVE-2025-281xx/CVE-2025-28197.json | 27 +- CVE-2025/CVE-2025-28xx/CVE-2025-2828.json | 60 + CVE-2025/CVE-2025-295xx/CVE-2025-29547.json | 32 +- CVE-2025/CVE-2025-296xx/CVE-2025-29646.json | 4 +- CVE-2025/CVE-2025-306xx/CVE-2025-30691.json | 83 +- CVE-2025/CVE-2025-307xx/CVE-2025-30721.json | 54 +- CVE-2025/CVE-2025-316xx/CVE-2025-31698.json | 4 +- CVE-2025/CVE-2025-327xx/CVE-2025-32753.json | 8 +- CVE-2025/CVE-2025-328xx/CVE-2025-32875.json | 4 +- CVE-2025/CVE-2025-328xx/CVE-2025-32876.json | 8 +- CVE-2025/CVE-2025-328xx/CVE-2025-32877.json | 8 +- CVE-2025/CVE-2025-328xx/CVE-2025-32878.json | 8 +- CVE-2025/CVE-2025-328xx/CVE-2025-32879.json | 8 +- CVE-2025/CVE-2025-328xx/CVE-2025-32880.json | 8 +- CVE-2025/CVE-2025-328xx/CVE-2025-32896.json | 4 +- CVE-2025/CVE-2025-32xx/CVE-2025-3221.json | 8 +- CVE-2025/CVE-2025-32xx/CVE-2025-3227.json | 8 +- CVE-2025/CVE-2025-32xx/CVE-2025-3228.json | 8 +- CVE-2025/CVE-2025-331xx/CVE-2025-33117.json | 8 +- CVE-2025/CVE-2025-331xx/CVE-2025-33121.json | 8 +- CVE-2025/CVE-2025-33xx/CVE-2025-3319.json | 8 +- CVE-2025/CVE-2025-340xx/CVE-2025-34021.json | 8 +- CVE-2025/CVE-2025-340xx/CVE-2025-34022.json | 8 +- CVE-2025/CVE-2025-340xx/CVE-2025-34023.json | 4 +- CVE-2025/CVE-2025-340xx/CVE-2025-34024.json | 8 +- CVE-2025/CVE-2025-340xx/CVE-2025-34029.json | 8 +- CVE-2025/CVE-2025-340xx/CVE-2025-34030.json | 8 +- CVE-2025/CVE-2025-35xx/CVE-2025-3518.json | 57 +- CVE-2025/CVE-2025-35xx/CVE-2025-3577.json | 50 +- CVE-2025/CVE-2025-360xx/CVE-2025-36016.json | 8 +- CVE-2025/CVE-2025-360xx/CVE-2025-36048.json | 8 +- CVE-2025/CVE-2025-360xx/CVE-2025-36049.json | 8 +- CVE-2025/CVE-2025-360xx/CVE-2025-36050.json | 8 +- CVE-2025/CVE-2025-36xx/CVE-2025-3629.json | 8 +- CVE-2025/CVE-2025-37xx/CVE-2025-3795.json | 81 +- CVE-2025/CVE-2025-380xx/CVE-2025-38083.json | 8 +- CVE-2025/CVE-2025-38xx/CVE-2025-3891.json | 8 +- CVE-2025/CVE-2025-41xx/CVE-2025-4102.json | 8 +- CVE-2025/CVE-2025-435xx/CVE-2025-43585.json | 561 +++++++++- CVE-2025/CVE-2025-435xx/CVE-2025-43586.json | 561 +++++++++- CVE-2025/CVE-2025-439xx/CVE-2025-43946.json | 33 +- CVE-2025/CVE-2025-439xx/CVE-2025-43947.json | 33 +- CVE-2025/CVE-2025-43xx/CVE-2025-4367.json | 8 +- CVE-2025/CVE-2025-440xx/CVE-2025-44022.json | 48 +- CVE-2025/CVE-2025-442xx/CVE-2025-44203.json | 8 +- CVE-2025/CVE-2025-445xx/CVE-2025-44528.json | 29 + CVE-2025/CVE-2025-446xx/CVE-2025-44635.json | 8 +- CVE-2025/CVE-2025-449xx/CVE-2025-44951.json | 4 +- CVE-2025/CVE-2025-449xx/CVE-2025-44952.json | 4 +- CVE-2025/CVE-2025-44xx/CVE-2025-4479.json | 8 +- CVE-2025/CVE-2025-453xx/CVE-2025-45331.json | 8 +- CVE-2025/CVE-2025-456xx/CVE-2025-45661.json | 8 +- CVE-2025/CVE-2025-457xx/CVE-2025-45784.json | 8 +- CVE-2025/CVE-2025-457xx/CVE-2025-45786.json | 8 +- CVE-2025/CVE-2025-458xx/CVE-2025-45890.json | 8 +- CVE-2025/CVE-2025-45xx/CVE-2025-4563.json | 4 +- CVE-2025/CVE-2025-45xx/CVE-2025-4571.json | 8 +- CVE-2025/CVE-2025-461xx/CVE-2025-46101.json | 4 +- CVE-2025/CVE-2025-461xx/CVE-2025-46109.json | 8 +- CVE-2025/CVE-2025-461xx/CVE-2025-46157.json | 8 +- CVE-2025/CVE-2025-461xx/CVE-2025-46158.json | 8 +- CVE-2025/CVE-2025-461xx/CVE-2025-46179.json | 8 +- CVE-2025/CVE-2025-466xx/CVE-2025-46646.json | 32 +- CVE-2025/CVE-2025-467xx/CVE-2025-46710.json | 31 +- CVE-2025/CVE-2025-46xx/CVE-2025-4661.json | 8 +- CVE-2025/CVE-2025-471xx/CVE-2025-47110.json | 583 +++++++++- CVE-2025/CVE-2025-472xx/CVE-2025-47293.json | 8 +- CVE-2025/CVE-2025-477xx/CVE-2025-47771.json | 8 +- CVE-2025/CVE-2025-47xx/CVE-2025-4738.json | 8 +- CVE-2025/CVE-2025-480xx/CVE-2025-48026.json | 25 + CVE-2025/CVE-2025-480xx/CVE-2025-48058.json | 8 +- CVE-2025/CVE-2025-480xx/CVE-2025-48059.json | 8 +- CVE-2025/CVE-2025-487xx/CVE-2025-48700.json | 4 +- CVE-2025/CVE-2025-487xx/CVE-2025-48705.json | 4 +- CVE-2025/CVE-2025-487xx/CVE-2025-48706.json | 45 +- CVE-2025/CVE-2025-488xx/CVE-2025-48886.json | 8 +- CVE-2025/CVE-2025-489xx/CVE-2025-48945.json | 8 +- CVE-2025/CVE-2025-489xx/CVE-2025-48957.json | 10 +- CVE-2025/CVE-2025-48xx/CVE-2025-4820.json | 8 +- CVE-2025/CVE-2025-48xx/CVE-2025-4821.json | 8 +- CVE-2025/CVE-2025-490xx/CVE-2025-49014.json | 8 +- CVE-2025/CVE-2025-490xx/CVE-2025-49015.json | 8 +- CVE-2025/CVE-2025-491xx/CVE-2025-49126.json | 60 + CVE-2025/CVE-2025-491xx/CVE-2025-49132.json | 8 +- CVE-2025/CVE-2025-491xx/CVE-2025-49144.json | 72 ++ CVE-2025/CVE-2025-491xx/CVE-2025-49175.json | 6 +- CVE-2025/CVE-2025-491xx/CVE-2025-49176.json | 6 +- CVE-2025/CVE-2025-491xx/CVE-2025-49178.json | 6 +- CVE-2025/CVE-2025-491xx/CVE-2025-49179.json | 6 +- CVE-2025/CVE-2025-491xx/CVE-2025-49180.json | 6 +- CVE-2025/CVE-2025-495xx/CVE-2025-49574.json | 64 ++ CVE-2025/CVE-2025-495xx/CVE-2025-49590.json | 8 +- CVE-2025/CVE-2025-495xx/CVE-2025-49591.json | 8 +- CVE-2025/CVE-2025-497xx/CVE-2025-49715.json | 8 +- CVE-2025/CVE-2025-497xx/CVE-2025-49763.json | 4 +- CVE-2025/CVE-2025-498xx/CVE-2025-49873.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49964.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49965.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49966.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49967.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49968.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49969.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49970.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49971.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49972.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49973.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49974.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49975.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49976.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49977.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49978.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49979.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49980.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49981.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49982.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49983.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49984.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49985.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49986.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49987.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49988.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49989.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49990.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49991.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49993.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49995.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49996.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49997.json | 8 +- CVE-2025/CVE-2025-499xx/CVE-2025-49998.json | 8 +- CVE-2025/CVE-2025-49xx/CVE-2025-4965.json | 8 +- CVE-2025/CVE-2025-49xx/CVE-2025-4981.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50008.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50009.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50010.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50011.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50012.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50013.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50014.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50015.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50016.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50017.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50018.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50019.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50020.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50021.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50022.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50023.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50024.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50025.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50026.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50027.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50030.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50033.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50034.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50035.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50036.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50037.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50038.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50041.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50042.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50043.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50044.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50045.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50046.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50047.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50048.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50049.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50050.json | 8 +- CVE-2025/CVE-2025-500xx/CVE-2025-50051.json | 12 +- CVE-2025/CVE-2025-500xx/CVE-2025-50054.json | 29 +- CVE-2025/CVE-2025-501xx/CVE-2025-50181.json | 8 +- CVE-2025/CVE-2025-501xx/CVE-2025-50182.json | 8 +- CVE-2025/CVE-2025-501xx/CVE-2025-50183.json | 8 +- CVE-2025/CVE-2025-502xx/CVE-2025-50200.json | 8 +- CVE-2025/CVE-2025-502xx/CVE-2025-50201.json | 8 +- CVE-2025/CVE-2025-503xx/CVE-2025-50348.json | 21 + CVE-2025/CVE-2025-503xx/CVE-2025-50349.json | 21 + CVE-2025/CVE-2025-50xx/CVE-2025-5034.json | 37 +- CVE-2025/CVE-2025-50xx/CVE-2025-5071.json | 8 +- CVE-2025/CVE-2025-51xx/CVE-2025-5121.json | 8 +- CVE-2025/CVE-2025-51xx/CVE-2025-5125.json | 37 +- CVE-2025/CVE-2025-51xx/CVE-2025-5143.json | 8 +- CVE-2025/CVE-2025-524xx/CVE-2025-52464.json | 8 +- CVE-2025/CVE-2025-524xx/CVE-2025-52467.json | 8 +- CVE-2025/CVE-2025-524xx/CVE-2025-52474.json | 8 +- CVE-2025/CVE-2025-524xx/CVE-2025-52484.json | 8 +- CVE-2025/CVE-2025-524xx/CVE-2025-52485.json | 8 +- CVE-2025/CVE-2025-524xx/CVE-2025-52486.json | 8 +- CVE-2025/CVE-2025-524xx/CVE-2025-52487.json | 8 +- CVE-2025/CVE-2025-524xx/CVE-2025-52488.json | 8 +- CVE-2025/CVE-2025-525xx/CVE-2025-52552.json | 8 +- CVE-2025/CVE-2025-525xx/CVE-2025-52556.json | 8 +- CVE-2025/CVE-2025-525xx/CVE-2025-52557.json | 8 +- CVE-2025/CVE-2025-525xx/CVE-2025-52558.json | 82 ++ CVE-2025/CVE-2025-525xx/CVE-2025-52561.json | 86 ++ CVE-2025/CVE-2025-525xx/CVE-2025-52562.json | 64 ++ CVE-2025/CVE-2025-527xx/CVE-2025-52707.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52708.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52710.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52711.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52713.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52715.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52719.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52733.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52772.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52780.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52781.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52782.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52783.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52784.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52789.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52790.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52791.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52792.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52793.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52794.json | 8 +- CVE-2025/CVE-2025-527xx/CVE-2025-52795.json | 8 +- CVE-2025/CVE-2025-528xx/CVE-2025-52802.json | 8 +- CVE-2025/CVE-2025-528xx/CVE-2025-52821.json | 8 +- CVE-2025/CVE-2025-528xx/CVE-2025-52822.json | 8 +- CVE-2025/CVE-2025-528xx/CVE-2025-52825.json | 8 +- CVE-2025/CVE-2025-528xx/CVE-2025-52875.json | 4 +- CVE-2025/CVE-2025-528xx/CVE-2025-52876.json | 4 +- CVE-2025/CVE-2025-528xx/CVE-2025-52877.json | 4 +- CVE-2025/CVE-2025-528xx/CVE-2025-52878.json | 4 +- CVE-2025/CVE-2025-528xx/CVE-2025-52879.json | 4 +- CVE-2025/CVE-2025-529xx/CVE-2025-52916.json | 8 +- CVE-2025/CVE-2025-529xx/CVE-2025-52917.json | 8 +- CVE-2025/CVE-2025-529xx/CVE-2025-52918.json | 8 +- CVE-2025/CVE-2025-529xx/CVE-2025-52919.json | 8 +- CVE-2025/CVE-2025-529xx/CVE-2025-52920.json | 4 +- CVE-2025/CVE-2025-529xx/CVE-2025-52921.json | 4 +- CVE-2025/CVE-2025-529xx/CVE-2025-52922.json | 4 +- CVE-2025/CVE-2025-529xx/CVE-2025-52923.json | 8 +- CVE-2025/CVE-2025-529xx/CVE-2025-52926.json | 8 +- CVE-2025/CVE-2025-529xx/CVE-2025-52935.json | 4 +- CVE-2025/CVE-2025-529xx/CVE-2025-52936.json | 4 +- CVE-2025/CVE-2025-529xx/CVE-2025-52937.json | 4 +- CVE-2025/CVE-2025-529xx/CVE-2025-52938.json | 4 +- CVE-2025/CVE-2025-529xx/CVE-2025-52939.json | 4 +- CVE-2025/CVE-2025-529xx/CVE-2025-52967.json | 4 +- CVE-2025/CVE-2025-529xx/CVE-2025-52968.json | 4 +- CVE-2025/CVE-2025-529xx/CVE-2025-52969.json | 10 +- CVE-2025/CVE-2025-52xx/CVE-2025-5234.json | 8 +- CVE-2025/CVE-2025-52xx/CVE-2025-5255.json | 8 +- CVE-2025/CVE-2025-52xx/CVE-2025-5289.json | 8 +- CVE-2025/CVE-2025-54xx/CVE-2025-5416.json | 8 +- CVE-2025/CVE-2025-54xx/CVE-2025-5419.json | 25 +- CVE-2025/CVE-2025-54xx/CVE-2025-5475.json | 8 +- CVE-2025/CVE-2025-54xx/CVE-2025-5476.json | 8 +- CVE-2025/CVE-2025-54xx/CVE-2025-5477.json | 8 +- CVE-2025/CVE-2025-54xx/CVE-2025-5478.json | 8 +- CVE-2025/CVE-2025-54xx/CVE-2025-5479.json | 8 +- CVE-2025/CVE-2025-54xx/CVE-2025-5490.json | 8 +- CVE-2025/CVE-2025-55xx/CVE-2025-5524.json | 8 +- CVE-2025/CVE-2025-58xx/CVE-2025-5820.json | 8 +- CVE-2025/CVE-2025-59xx/CVE-2025-5963.json | 8 +- CVE-2025/CVE-2025-60xx/CVE-2025-6019.json | 4 +- CVE-2025/CVE-2025-61xx/CVE-2025-6143.json | 61 +- CVE-2025/CVE-2025-61xx/CVE-2025-6144.json | 67 +- CVE-2025/CVE-2025-61xx/CVE-2025-6145.json | 67 +- CVE-2025/CVE-2025-61xx/CVE-2025-6146.json | 67 +- CVE-2025/CVE-2025-61xx/CVE-2025-6147.json | 67 +- CVE-2025/CVE-2025-61xx/CVE-2025-6148.json | 67 +- CVE-2025/CVE-2025-61xx/CVE-2025-6149.json | 67 +- CVE-2025/CVE-2025-61xx/CVE-2025-6150.json | 67 +- CVE-2025/CVE-2025-61xx/CVE-2025-6162.json | 67 +- CVE-2025/CVE-2025-61xx/CVE-2025-6163.json | 67 +- CVE-2025/CVE-2025-61xx/CVE-2025-6164.json | 67 +- CVE-2025/CVE-2025-61xx/CVE-2025-6165.json | 67 +- CVE-2025/CVE-2025-61xx/CVE-2025-6191.json | 8 +- CVE-2025/CVE-2025-61xx/CVE-2025-6192.json | 8 +- CVE-2025/CVE-2025-61xx/CVE-2025-6193.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6201.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6216.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6217.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6218.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6240.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6257.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6264.json | 4 +- CVE-2025/CVE-2025-62xx/CVE-2025-6266.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6267.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6268.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6269.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6270.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6271.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6272.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6273.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6274.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6275.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6276.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6277.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6278.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6279.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6280.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6281.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6282.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6283.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6284.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6285.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6286.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6287.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6288.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6291.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6292.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6293.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6294.json | 8 +- CVE-2025/CVE-2025-62xx/CVE-2025-6295.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6296.json | 16 +- CVE-2025/CVE-2025-62xx/CVE-2025-6299.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6300.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6301.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6302.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6303.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6304.json | 16 +- CVE-2025/CVE-2025-63xx/CVE-2025-6305.json | 16 +- CVE-2025/CVE-2025-63xx/CVE-2025-6306.json | 16 +- CVE-2025/CVE-2025-63xx/CVE-2025-6307.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6308.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6309.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6310.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6311.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6312.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6313.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6314.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6315.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6316.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6317.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6318.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6319.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6320.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6321.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6322.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6323.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6328.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6329.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6330.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6331.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6332.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6333.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6334.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6335.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6336.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6337.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6339.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6340.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6341.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6342.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6343.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6344.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6345.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6346.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6347.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6351.json | 16 +- CVE-2025/CVE-2025-63xx/CVE-2025-6352.json | 16 +- CVE-2025/CVE-2025-63xx/CVE-2025-6353.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6354.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6355.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6356.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6357.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6358.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6359.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6360.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6361.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6362.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6363.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6364.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6365.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6367.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6368.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6369.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6370.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6371.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6372.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6373.json | 16 +- CVE-2025/CVE-2025-63xx/CVE-2025-6374.json | 16 +- CVE-2025/CVE-2025-63xx/CVE-2025-6375.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6384.json | 8 +- CVE-2025/CVE-2025-63xx/CVE-2025-6393.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6394.json | 4 +- CVE-2025/CVE-2025-63xx/CVE-2025-6399.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6400.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6401.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6402.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6403.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6404.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6405.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6406.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6407.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6408.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6409.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6410.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6411.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6412.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6413.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6414.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6415.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6416.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6417.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6418.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6419.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6420.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6421.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6422.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6446.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6447.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6448.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6449.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6450.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6451.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6452.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6453.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6455.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6456.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6457.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6458.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6466.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6467.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6468.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6469.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6470.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6471.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6472.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6473.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6474.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6475.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6476.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6477.json | 4 +- CVE-2025/CVE-2025-64xx/CVE-2025-6478.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6479.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6480.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6481.json | 16 +- CVE-2025/CVE-2025-64xx/CVE-2025-6482.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6483.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6484.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6485.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6486.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6487.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6489.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6490.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6492.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6493.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6494.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6496.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6497.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6498.json | 8 +- CVE-2025/CVE-2025-64xx/CVE-2025-6499.json | 8 +- CVE-2025/CVE-2025-65xx/CVE-2025-6500.json | 4 +- CVE-2025/CVE-2025-65xx/CVE-2025-6501.json | 8 +- CVE-2025/CVE-2025-65xx/CVE-2025-6502.json | 8 +- CVE-2025/CVE-2025-65xx/CVE-2025-6503.json | 8 +- CVE-2025/CVE-2025-65xx/CVE-2025-6509.json | 4 +- CVE-2025/CVE-2025-65xx/CVE-2025-6510.json | 4 +- CVE-2025/CVE-2025-65xx/CVE-2025-6511.json | 4 +- CVE-2025/CVE-2025-65xx/CVE-2025-6512.json | 4 +- CVE-2025/CVE-2025-65xx/CVE-2025-6513.json | 4 +- CVE-2025/CVE-2025-65xx/CVE-2025-6516.json | 4 +- CVE-2025/CVE-2025-65xx/CVE-2025-6517.json | 141 +++ CVE-2025/CVE-2025-65xx/CVE-2025-6518.json | 141 +++ CVE-2025/CVE-2025-65xx/CVE-2025-6524.json | 137 +++ CVE-2025/CVE-2025-65xx/CVE-2025-6525.json | 141 +++ CVE-2025/CVE-2025-65xx/CVE-2025-6526.json | 137 +++ CVE-2025/CVE-2025-65xx/CVE-2025-6527.json | 141 +++ CVE-2025/CVE-2025-65xx/CVE-2025-6528.json | 137 +++ CVE-2025/CVE-2025-65xx/CVE-2025-6529.json | 137 +++ CVE-2025/CVE-2025-65xx/CVE-2025-6530.json | 137 +++ CVE-2025/CVE-2025-65xx/CVE-2025-6545.json | 86 ++ CVE-2025/CVE-2025-65xx/CVE-2025-6547.json | 82 ++ README.md | 96 +- _state.csv | 1092 ++++++++++--------- 560 files changed, 11412 insertions(+), 1969 deletions(-) create mode 100644 CVE-2021/CVE-2021-476xx/CVE-2021-47688.json create mode 100644 CVE-2023/CVE-2023-470xx/CVE-2023-47029.json create mode 100644 CVE-2023/CVE-2023-470xx/CVE-2023-47030.json create mode 100644 CVE-2025/CVE-2025-230xx/CVE-2025-23092.json create mode 100644 CVE-2025/CVE-2025-28xx/CVE-2025-2828.json create mode 100644 CVE-2025/CVE-2025-445xx/CVE-2025-44528.json create mode 100644 CVE-2025/CVE-2025-480xx/CVE-2025-48026.json create mode 100644 CVE-2025/CVE-2025-491xx/CVE-2025-49126.json create mode 100644 CVE-2025/CVE-2025-491xx/CVE-2025-49144.json create mode 100644 CVE-2025/CVE-2025-495xx/CVE-2025-49574.json create mode 100644 CVE-2025/CVE-2025-503xx/CVE-2025-50348.json create mode 100644 CVE-2025/CVE-2025-503xx/CVE-2025-50349.json create mode 100644 CVE-2025/CVE-2025-525xx/CVE-2025-52558.json create mode 100644 CVE-2025/CVE-2025-525xx/CVE-2025-52561.json create mode 100644 CVE-2025/CVE-2025-525xx/CVE-2025-52562.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6517.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6518.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6524.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6525.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6526.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6527.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6528.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6529.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6530.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6545.json create mode 100644 CVE-2025/CVE-2025-65xx/CVE-2025-6547.json diff --git a/CVE-2021/CVE-2021-472xx/CVE-2021-47294.json b/CVE-2021/CVE-2021-472xx/CVE-2021-47294.json index 1568c29baf4..048c57448c8 100644 --- a/CVE-2021/CVE-2021-472xx/CVE-2021-47294.json +++ b/CVE-2021/CVE-2021-472xx/CVE-2021-47294.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47294", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T15:15:17.323", - "lastModified": "2024-11-21T06:35:48.923", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-23T20:19:04.490", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,71 +15,235 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netrom: Disminuir el recuento de sock cuando caducan los temporizadores de sock. La confirmaci\u00f3n 63346650c1a9 (\"netrom: cambiar a API de temporizador de sock\") cambi\u00f3 para usar la API de temporizador de sock. Reemplaza mod_timer() por sk_reset_timer() y del_timer() por sk_stop_timer(). La funci\u00f3n sk_reset_timer() aumentar\u00e1 el recuento del sock si se llama en un temporizador inactivo, por lo tanto, en caso de que el temporizador expire, debemos disminuir el recuento nosotros mismos en el controlador; de lo contrario, el recuento del calcet\u00edn se desequilibrar\u00e1 y el sock nunca ser\u00e1 liberado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-672" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.4.173", + "versionEndExcluding": "4.4.277", + "matchCriteriaId": "3E3226CA-19FE-4D01-AF65-32A8C5BF4B1D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.9.155", + "versionEndExcluding": "4.9.277", + "matchCriteriaId": "9BF1259C-DF0B-48E1-8EA8-2AB91A7AA4E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.14.98", + "versionEndExcluding": "4.14.241", + "matchCriteriaId": "E285CAFB-29D0-4687-BDD6-1EAB4F397AC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.19.20", + "versionEndExcluding": "4.19.199", + "matchCriteriaId": "1DFDBA04-2E4D-4E4A-A386-237989BB8C1E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0", + "versionEndExcluding": "5.4.136", + "matchCriteriaId": "89436D92-8C87-413A-8CD9-4CF06FCCEABD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.54", + "matchCriteriaId": "1BD5A2EE-859F-40FC-BDAC-167AAE37C870" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.13.6", + "matchCriteriaId": "512C22FC-1524-4E6F-9E62-4F4B7B6E0576" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:3.18.134:*:*:*:*:*:*:*", + "matchCriteriaId": "407D22E1-55CF-4117-B460-329990673A2A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:4.20.7:*:*:*:*:*:*:*", + "matchCriteriaId": "1AF86F57-4FAC-4E41-8FB4-F35F985F4DC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*", + "matchCriteriaId": "71268287-21A8-4488-AA4F-23C473153131" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:rc2:*:*:*:*:*:*", + "matchCriteriaId": "23B9E5C6-FAB5-4A02-9E39-27C8787B0991" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-472xx/CVE-2021-47296.json b/CVE-2021/CVE-2021-472xx/CVE-2021-47296.json index 2dc0d7a63c0..3abc50f638c 100644 --- a/CVE-2021/CVE-2021-472xx/CVE-2021-47296.json +++ b/CVE-2021/CVE-2021-472xx/CVE-2021-47296.json @@ -2,8 +2,8 @@ "id": "CVE-2021-47296", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T15:15:17.477", - "lastModified": "2024-11-21T06:35:49.233", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-23T20:19:54.287", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,47 +15,162 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: PPC: correcci\u00f3n de fuga de kvm_arch_vcpu_ioctl vcpu_load. No se llama a vcpu_put si falla la copia del usuario. Esto puede provocar da\u00f1os y bloqueos del notificador preventivo, entre otros problemas." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.18", + "versionEndExcluding": "4.19.199", + "matchCriteriaId": "A14B3FB8-763B-434E-88A7-97AC33E54F7F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.136", + "matchCriteriaId": "E1FCD98C-8886-4844-B7AF-C42731DF9465" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.54", + "matchCriteriaId": "1BD5A2EE-859F-40FC-BDAC-167AAE37C870" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.13.6", + "matchCriteriaId": "512C22FC-1524-4E6F-9E62-4F4B7B6E0576" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*", + "matchCriteriaId": "71268287-21A8-4488-AA4F-23C473153131" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:rc2:*:*:*:*:*:*", + "matchCriteriaId": "23B9E5C6-FAB5-4A02-9E39-27C8787B0991" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/9bafc34dc4ad0cef18727c557f21ed3c3304df50", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a4a488915feaad38345cc01b80d52e8200ff5209", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bc4188a2f56e821ea057aca6bf444e138d06c252", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e14ef1095387f764d95614d3ec9e4d07c82a3533", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f38527f1890543cdfca8dfd06f75f9887cce6151", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9bafc34dc4ad0cef18727c557f21ed3c3304df50", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a4a488915feaad38345cc01b80d52e8200ff5209", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bc4188a2f56e821ea057aca6bf444e138d06c252", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e14ef1095387f764d95614d3ec9e4d07c82a3533", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f38527f1890543cdfca8dfd06f75f9887cce6151", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-476xx/CVE-2021-47688.json b/CVE-2021/CVE-2021-476xx/CVE-2021-47688.json new file mode 100644 index 00000000000..149367b61c8 --- /dev/null +++ b/CVE-2021/CVE-2021-476xx/CVE-2021-47688.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2021-47688", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-23T20:15:26.957", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local access to a server can bypass the allow-list functionality because a file can be truncated in the OpenFileDescriptor action before the VerifyCanWrite action is performed." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-696" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/WhiteBeamSec/WhiteBeam/pull/22", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/WhiteBeamSec/WhiteBeam/security/advisories/GHSA-3f8r-9483-pfxj", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/WhiteBeamSec/WhiteBeam/security/policy", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-433xx/CVE-2023-43378.json b/CVE-2023/CVE-2023-433xx/CVE-2023-43378.json index 35fee8f82b0..f7b8323e303 100644 --- a/CVE-2023/CVE-2023-433xx/CVE-2023-43378.json +++ b/CVE-2023/CVE-2023-433xx/CVE-2023-43378.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43378", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T18:15:57.970", - "lastModified": "2025-04-23T15:15:59.213", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:15:42.937", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:digitaldruid:hoteldruid:3.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "D702D98A-1616-4D1A-90F0-CEE49FB8707F" + } + ] + } + ] + } + ], "references": [ { "url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-commento1_1-post-parameter-44ff18cb61cd4a80bbba75d5e4360ee4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-commento1_1-post-parameter-44ff18cb61cd4a80bbba75d5e4360ee4", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47029.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47029.json new file mode 100644 index 00000000000..a8dcf890751 --- /dev/null +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47029.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2023-47029", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-23T18:15:20.630", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://drive.google.com/file/d/1oX5uKnWGiYMaBxnBuqPiOA53XLxv1Ef4/view?usp=sharing", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/pwahba/cve-research/blob/main/CVE-2023-47029/CVE-2023-47029.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47030.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47030.json new file mode 100644 index 00000000000..772a61a0fbf --- /dev/null +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47030.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2023-47030", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-23T20:15:27.740", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://drive.google.com/file/d/1ujUcB8XEs78WwWzs8cmD-u1Twqi10yEh/view?usp=sharing", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/pwahba/cve-research/blob/main/CVE-2023-47030/CVE-2023-47030.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47031.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47031.json index 4f05bc8eca9..d0b97c25e9a 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47031.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47031.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47031", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-23T17:15:27.313", - "lastModified": "2025-06-23T17:15:27.313", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47032.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47032.json index ef20e9540b4..91a78884213 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47032.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47032.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47032", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-23T16:15:23.920", - "lastModified": "2025-06-23T16:15:23.920", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47294.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47294.json index c59b850f575..0cae5595967 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47294.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47294.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47294", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-23T16:15:24.493", - "lastModified": "2025-06-23T16:15:24.493", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47295.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47295.json index 5bdae31c00b..c5704085347 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47295.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47295.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47295", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-23T16:15:24.623", - "lastModified": "2025-06-23T16:15:24.623", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47297.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47297.json index e0ba8c57000..b67fff4a81c 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47297.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47297.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47297", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-23T15:15:25.940", - "lastModified": "2025-06-23T15:15:25.940", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47298.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47298.json index 68d7ab5bc75..9c4cac38d1d 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47298.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47298.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47298", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-23T15:15:26.700", - "lastModified": "2025-06-23T15:15:26.700", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-489xx/CVE-2023-48978.json b/CVE-2023/CVE-2023-489xx/CVE-2023-48978.json index 3be04592858..64ae69529ea 100644 --- a/CVE-2023/CVE-2023-489xx/CVE-2023-48978.json +++ b/CVE-2023/CVE-2023-489xx/CVE-2023-48978.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48978", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-23T15:15:26.890", - "lastModified": "2025-06-23T15:15:26.890", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-504xx/CVE-2023-50450.json b/CVE-2023/CVE-2023-504xx/CVE-2023-50450.json index 1a68c975dab..c72b262adc5 100644 --- a/CVE-2023/CVE-2023-504xx/CVE-2023-50450.json +++ b/CVE-2023/CVE-2023-504xx/CVE-2023-50450.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50450", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-23T16:15:24.743", - "lastModified": "2025-06-23T16:15:24.743", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-527xx/CVE-2023-52722.json b/CVE-2023/CVE-2023-527xx/CVE-2023-52722.json index 58477247307..ba50e467fc2 100644 --- a/CVE-2023/CVE-2023-527xx/CVE-2023-52722.json +++ b/CVE-2023/CVE-2023-527xx/CVE-2023-52722.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52722", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-28T00:15:07.270", - "lastModified": "2024-12-04T21:15:19.983", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-23T18:35:47.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,22 +39,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.03.1", + "matchCriteriaId": "62DFF97A-B408-4992-940C-5AEAFCB69A99" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/06/28/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/06/28/2", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=afd7188f74918cb51b5fb89f52b54eb16e8acfd1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5600.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5600.json index c3d95200ef0..d7cc7b062b1 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5600.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5600.json @@ -2,13 +2,17 @@ "id": "CVE-2023-5600", "sourceIdentifier": "cve@gitlab.com", "published": "2025-06-20T20:15:26.860", - "lastModified": "2025-06-20T20:15:26.860", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template." + }, + { + "lang": "es", + "value": "Se ha detectado un problema en GitLab EE que afecta a todas las versiones (desde la 16.0 hasta la 16.3.6), a todas las versiones (desde la 16.4 hasta la 16.4.2) y a todas las versiones (desde la 16.5 hasta la 16.5.1). El acceso arbitrario a los t\u00edtulos de referencias privadas espec\u00edficas podr\u00eda filtrarse a trav\u00e9s de la plantilla de correo electr\u00f3nico personalizada del servicio de asistencia." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-212xx/CVE-2024-21211.json b/CVE-2024/CVE-2024-212xx/CVE-2024-21211.json index 48dd05ba56d..aef72bb1cc1 100644 --- a/CVE-2024/CVE-2024-212xx/CVE-2024-21211.json +++ b/CVE-2024/CVE-2024-212xx/CVE-2024-21211.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21211", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-10-15T20:15:10.050", - "lastModified": "2024-11-21T08:53:58.940", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:11:06.527", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,94 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", + "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "93A899CF-69C5-46A3-BE20-E9F128FB079E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "44A007AC-88D1-4F18-B1AD-C69600AD643C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", + "matchCriteriaId": "DDDE5C6D-036C-42FC-BD31-366175914F3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "4162209C-031A-4AD9-9F19-445236332DA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", + "matchCriteriaId": "0DD0AB0E-208D-4856-9F31-3A4BB5213FB1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:23:*:*:*:*:*:*:*", + "matchCriteriaId": "9137A4EB-820C-4F05-983A-5534CFB0E019" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:23:*:*:*:*:*:*:*", + "matchCriteriaId": "5792796D-D244-4382-8DE2-30359F5CD9CD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuoct2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20241018-0008/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-249xx/CVE-2024-24916.json b/CVE-2024/CVE-2024-249xx/CVE-2024-24916.json index a1f8b7a3521..1306e50fea7 100644 --- a/CVE-2024/CVE-2024-249xx/CVE-2024-24916.json +++ b/CVE-2024/CVE-2024-249xx/CVE-2024-24916.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24916", "sourceIdentifier": "cve@checkpoint.com", "published": "2025-06-19T14:15:44.983", - "lastModified": "2025-06-20T14:15:26.667", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-291xx/CVE-2024-29120.json b/CVE-2024/CVE-2024-291xx/CVE-2024-29120.json index 986abe37274..e3eef156336 100644 --- a/CVE-2024/CVE-2024-291xx/CVE-2024-29120.json +++ b/CVE-2024/CVE-2024-291xx/CVE-2024-29120.json @@ -2,8 +2,8 @@ "id": "CVE-2024-29120", "sourceIdentifier": "security@apache.org", "published": "2024-07-17T15:15:14.090", - "lastModified": "2025-02-13T18:17:49.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:09:18.427", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,22 +61,55 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.1.4", + "matchCriteriaId": "EA1D77DB-B854-44DA-9749-A3F326BD4D06" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/07/17/4", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/17/4", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.apache.org/thread/y3oqz7l8vd7jxxx3z2khgl625nvfr60j", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-334xx/CVE-2024-33452.json b/CVE-2024/CVE-2024-334xx/CVE-2024-33452.json index d5ea04f5ff6..751f459ff2b 100644 --- a/CVE-2024/CVE-2024-334xx/CVE-2024-33452.json +++ b/CVE-2024/CVE-2024-334xx/CVE-2024-33452.json @@ -2,8 +2,8 @@ "id": "CVE-2024-33452", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T16:15:44.200", - "lastModified": "2025-04-23T14:08:13.383", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:20:26.140", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openresty:lua-nginx-module:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.10.26", + "matchCriteriaId": "8CD86BCC-0708-45D6-88A4-522BFE60E013" + } + ] + } + ] + } + ], "references": [ { "url": "https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35324.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35324.json index 7680b238484..60ff01a2eb0 100644 --- a/CVE-2024/CVE-2024-353xx/CVE-2024-35324.json +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35324.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35324", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-28T16:15:16.893", - "lastModified": "2024-11-21T09:20:08.497", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-23T18:09:30.797", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:douchat:douchat:4.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "CC284F5B-4C7A-4517-A14E-44B2BC7FF30B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/w0x68y/cve-lists/blob/main/CMS/Douchat/Douchat%204.0.5%20arbitrary%20file%20upload%20vulnerability.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Exploit" + ] }, { "url": "https://github.com/w0x68y/cve-lists/blob/main/CMS/Douchat/Douchat%204.0.5%20arbitrary%20file%20upload%20vulnerability.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link", + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3511.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3511.json index 3a3d544c7ba..e2aef6251c6 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3511.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3511.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3511", "sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "published": "2025-06-23T09:15:21.580", - "lastModified": "2025-06-23T09:15:21.580", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-364xx/CVE-2024-36428.json b/CVE-2024/CVE-2024-364xx/CVE-2024-36428.json index efc56fe97b7..08efe7b8de6 100644 --- a/CVE-2024/CVE-2024-364xx/CVE-2024-36428.json +++ b/CVE-2024/CVE-2024-364xx/CVE-2024-36428.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36428", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-27T23:15:13.120", - "lastModified": "2024-11-21T09:22:09.770", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-23T18:09:47.230", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:orangehrm:orangehrm:3.3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "4A5547F1-32CB-4404-8984-4A99F9DFE142" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/4rdr/proofs/blob/main/info/OrangeHRM_3.3.3_SQLi_via_sortOrder.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://sourceforge.net/projects/orangehrm/files/stable/3.3.3/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/4rdr/proofs/blob/main/info/OrangeHRM_3.3.3_SQLi_via_sortOrder.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] }, { "url": "https://sourceforge.net/projects/orangehrm/files/stable/3.3.3/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40445.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40445.json index fc421698289..dc100b3bfcb 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40445.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40445.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40445", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T14:15:24.173", - "lastModified": "2025-04-30T16:15:33.550", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:33:00.807", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,22 +51,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ctan:mimetex:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.77", + "matchCriteriaId": "390BB0AB-AFF9-4A3F-A1D3-0CE9125F9B64" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Oefenweb/mimetex/blob/master/mimetex.c#L12414-L12423", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "Mitigation" + ] }, { "url": "https://youtu.be/OII16TteaJw", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://youtu.be/W2KPHFNfgrg", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-404xx/CVE-2024-40446.json b/CVE-2024/CVE-2024-404xx/CVE-2024-40446.json index 46dda181afa..a2e84351aab 100644 --- a/CVE-2024/CVE-2024-404xx/CVE-2024-40446.json +++ b/CVE-2024/CVE-2024-404xx/CVE-2024-40446.json @@ -2,8 +2,8 @@ "id": "CVE-2024-40446", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T14:15:24.327", - "lastModified": "2025-04-23T15:15:59.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:31:24.940", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ctan:mimetex:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.77", + "matchCriteriaId": "390BB0AB-AFF9-4A3F-A1D3-0CE9125F9B64" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "Mitigation" + ] }, { "url": "https://youtu.be/S3cmZkWIi6o", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-40xx/CVE-2024-4023.json b/CVE-2024/CVE-2024-40xx/CVE-2024-4023.json index 5d6c9522039..c5674f891c6 100644 --- a/CVE-2024/CVE-2024-40xx/CVE-2024-4023.json +++ b/CVE-2024/CVE-2024-40xx/CVE-2024-4023.json @@ -2,8 +2,8 @@ "id": "CVE-2024-4023", "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:32.473", - "lastModified": "2025-03-20T10:15:32.473", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T20:46:33.523", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:flatpress:flatpress:1.3:*:*:*:*:*:*:*", + "matchCriteriaId": "DD15C4E9-8A2B-4104-AF8A-FFB196940AAF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/flatpressblog/flatpress/commit/3c9cc69364a45fd3f92d4bd606344b5dd1205d6a", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/ed803c13-0858-4c22-93ba-bf2384ab1e9d", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-40xx/CVE-2024-4025.json b/CVE-2024/CVE-2024-40xx/CVE-2024-4025.json index 8bcd0757207..3b7c3f54fb1 100644 --- a/CVE-2024/CVE-2024-40xx/CVE-2024-4025.json +++ b/CVE-2024/CVE-2024-40xx/CVE-2024-4025.json @@ -2,13 +2,17 @@ "id": "CVE-2024-4025", "sourceIdentifier": "cve@gitlab.com", "published": "2025-06-20T19:15:35.290", - "lastModified": "2025-06-20T19:15:35.290", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page." + }, + { + "lang": "es", + "value": "Se ha detectado una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en GitLab CE/EE que afecta a todas las versiones desde la 7.10 hasta la 16.11.5, la 17.0 hasta la 17.0.3 y la 17.1 hasta la 17.1.1. Un atacante podr\u00eda provocar una denegaci\u00f3n de servicio mediante una p\u00e1gina de Markdown manipulada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-427xx/CVE-2024-42733.json b/CVE-2024/CVE-2024-427xx/CVE-2024-42733.json index ce91964a782..2e81f490065 100644 --- a/CVE-2024/CVE-2024-427xx/CVE-2024-42733.json +++ b/CVE-2024/CVE-2024-427xx/CVE-2024-42733.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42733", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-07T21:15:17.080", - "lastModified": "2025-03-10T17:15:34.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:40:09.470", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:docmosis:tornado:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.9.7", + "matchCriteriaId": "4C02A16A-8B3B-4462-AF88-72FF3625425C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Docmosis/tornado-docker/issues/14", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/Marsman1996/pocs/blob/master/redox/CVE-2024-57492/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45208.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45208.json index baf923fa0ae..726f404fabb 100644 --- a/CVE-2024/CVE-2024-452xx/CVE-2024-45208.json +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45208.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45208", "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:21.097", - "lastModified": "2025-06-19T00:15:21.097", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], "references": [ { "url": "https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Port_4566", diff --git a/CVE-2024/CVE-2024-453xx/CVE-2024-45347.json b/CVE-2024/CVE-2024-453xx/CVE-2024-45347.json index 41897a89b18..b304f8979da 100644 --- a/CVE-2024/CVE-2024-453xx/CVE-2024-45347.json +++ b/CVE-2024/CVE-2024-453xx/CVE-2024-45347.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45347", "sourceIdentifier": "security@xiaomi.com", "published": "2025-06-23T10:15:26.397", - "lastModified": "2025-06-23T10:15:26.397", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-465xx/CVE-2024-46546.json b/CVE-2024/CVE-2024-465xx/CVE-2024-46546.json index 75d2813bff8..7397f8ad1f0 100644 --- a/CVE-2024/CVE-2024-465xx/CVE-2024-46546.json +++ b/CVE-2024/CVE-2024-465xx/CVE-2024-46546.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46546", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T14:15:24.440", - "lastModified": "2025-04-23T14:08:13.383", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:28:43.643", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nextu:fleta_ax1500_firmware:1.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "CB9EDAF4-94E1-4D1D-8C1E-7717D6C88E17" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:nextu:fleta_ax1500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "159A9402-F093-407C-9D34-7F39F6F1A760" + } + ] + } + ] + } + ], "references": [ { "url": "https://ez-net.co.kr/new_2012/customer/download_view.php?cid=&sid=&goods=&cate=&q=&seq=233", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://ez-net.co.kr/new_2012/product/view.php?cid=461&sid=467&q=%C7%C3%B7%B9%C5%B8&seq=3479&page=", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://gist.github.com/laskdjlaskdj12/5b29b8b68f8a2279c9294708f080496b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4994.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4994.json index 3b8f0379316..68f9d785b54 100644 --- a/CVE-2024/CVE-2024-49xx/CVE-2024-4994.json +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4994.json @@ -2,13 +2,17 @@ "id": "CVE-2024-4994", "sourceIdentifier": "cve@gitlab.com", "published": "2025-06-20T19:15:35.460", - "lastModified": "2025-06-20T19:15:35.460", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations." + }, + { + "lang": "es", + "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde la 16.1.0 anterior a la 16.11.5, todas las versiones desde la 17.0 anterior a la 17.0.3 y todas las versiones desde la 17.1.0 anterior a la 17.1.1, lo que permiti\u00f3 un ataque CSRF a la API GraphQL de GitLab que provoc\u00f3 la ejecuci\u00f3n de mutaciones arbitrarias de GraphQL." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53298.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53298.json index f59b7b74439..a4be38666ac 100644 --- a/CVE-2024/CVE-2024-532xx/CVE-2024-53298.json +++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53298.json @@ -2,13 +2,17 @@ "id": "CVE-2024-53298", "sourceIdentifier": "security_alert@emc.com", "published": "2025-06-20T14:15:26.827", - "lastModified": "2025-06-20T14:15:26.827", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains a missing authorization vulnerability in the NFS export. An unauthenticated attacker with remote access could potentially exploit this vulnerability leading to unauthorized filesystem access. The attacker may be able to read, modify, and delete arbitrary files. This vulnerability is considered critical as it can be leveraged to fully compromise the system. Dell recommends customers to upgrade at the earliest opportunity." + }, + { + "lang": "es", + "value": "Dell PowerScale OneFS, versiones 9.5.0.0 a 9.10.0.1, presenta una vulnerabilidad de falta de autorizaci\u00f3n en la exportaci\u00f3n de NFS. Un atacante no autenticado con acceso remoto podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda acceso no autorizado al sistema de archivos. El atacante podr\u00eda leer, modificar y eliminar archivos arbitrarios. Esta vulnerabilidad se considera cr\u00edtica, ya que puede utilizarse para comprometer completamente el sistema. Dell recomienda a los clientes actualizar a la versi\u00f3n anterior." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-533xx/CVE-2024-53307.json b/CVE-2024/CVE-2024-533xx/CVE-2024-53307.json index f008127437d..e65c84490bb 100644 --- a/CVE-2024/CVE-2024-533xx/CVE-2024-53307.json +++ b/CVE-2024/CVE-2024-533xx/CVE-2024-53307.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53307", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-10T18:15:29.373", - "lastModified": "2025-03-10T18:15:29.373", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T20:08:13.233", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:evisions:maps:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.10.2.2678", + "matchCriteriaId": "E1F7ACE1-3F90-4B87-B46A-C962868BC824" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/Xib3rR4dAr/bf754848f1cd77162f79226144b04648", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://webhelp.evisions.com/releaseguides/maps/default.htm#6.11/6.11%20Release%20Notes.htm?TocPath=MAPS%25206.11%2520Release%2520Guide%257C_____3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://gist.github.com/Xib3rR4dAr/bf754848f1cd77162f79226144b04648", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53591.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53591.json index 4d1ecc23924..052840ce72c 100644 --- a/CVE-2024/CVE-2024-535xx/CVE-2024-53591.json +++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53591.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53591", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T21:15:43.260", - "lastModified": "2025-04-21T14:23:45.950", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:41:15.590", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:seclore:seclore:3.27.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "121C5C1E-DA3A-41D8-A2DC-01AF90989750" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/aljoharasubaie/CVE-2024-53591", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54172.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54172.json index 0d1195336da..4c3f53870fd 100644 --- a/CVE-2024/CVE-2024-541xx/CVE-2024-54172.json +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54172.json @@ -2,13 +2,17 @@ "id": "CVE-2024-54172", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-18T17:15:28.160", - "lastModified": "2025-06-18T17:15:28.160", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts." + }, + { + "lang": "es", + "value": "IBM Sterling B2B Integrator e IBM Sterling File Gateway 6.0.0.0 a 6.1.2.6 y 6.2.0.0 a 6.2.0.4 son vulnerables a cross-site request forgery, lo que podr\u00eda permitir que un atacante ejecute acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web conf\u00eda." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54183.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54183.json index 2f651e1f225..a9ed74a8ca4 100644 --- a/CVE-2024/CVE-2024-541xx/CVE-2024-54183.json +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54183.json @@ -2,13 +2,17 @@ "id": "CVE-2024-54183", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-18T16:15:26.807", - "lastModified": "2025-06-18T16:15:26.807", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + }, + { + "lang": "es", + "value": "IBM Sterling B2B Integrator e IBM Sterling File Gateway (versiones 6.0.0.0 a 6.1.2.6 y 6.2.0.0 a 6.2.0.4) son vulnerables a ataques de cross-site scripting. Esta vulnerabilidad permite a un usuario autenticado incrustar c\u00f3digo JavaScript arbitrario en la interfaz web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-551xx/CVE-2024-55199.json b/CVE-2024/CVE-2024-551xx/CVE-2024-55199.json index 5124f622f37..13e296898e6 100644 --- a/CVE-2024/CVE-2024-551xx/CVE-2024-55199.json +++ b/CVE-2024/CVE-2024-551xx/CVE-2024-55199.json @@ -2,8 +2,8 @@ "id": "CVE-2024-55199", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-10T18:15:29.757", - "lastModified": "2025-03-10T18:15:29.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T20:10:31.250", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:celk:celk_saude:3.1.252.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5C0F77EE-A79E-45C1-B6A7-8B7FC318225D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-55199", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://portswigger.net/web-security/cross-site-scripting/stored", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description" + ] }, { "url": "https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-55199", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-75xx/CVE-2024-7586.json b/CVE-2024/CVE-2024-75xx/CVE-2024-7586.json index bb4d3ef9989..469ead54990 100644 --- a/CVE-2024/CVE-2024-75xx/CVE-2024-7586.json +++ b/CVE-2024/CVE-2024-75xx/CVE-2024-7586.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7586", "sourceIdentifier": "cve@gitlab.com", "published": "2025-06-20T14:15:26.983", - "lastModified": "2025-06-20T14:15:26.983", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en GitLab EE que afecta a todas las versiones desde la 17.0 anterior a la 17.0.6, desde la 17.1 anterior a la 17.1.4 y desde la 17.2 anterior a la 17.2.2, donde el registro de auditor\u00eda de eliminaci\u00f3n de webhook conservaba las credenciales de autenticaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8789.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8789.json index d5ac5da806f..0da9fef4aa0 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8789.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8789.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8789", "sourceIdentifier": "security@huntr.dev", "published": "2025-03-20T10:15:44.340", - "lastModified": "2025-03-20T10:15:44.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T20:44:47.390", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,16 +49,51 @@ "value": "CWE-400" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lunary:lunary:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.23", + "matchCriteriaId": "1867D23D-5A19-4541-8258-E7F901C5F468" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/lunary-ai/lunary/commit/7ff89b0304d191534b924cf063f3648206d497fa", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/e32f5f0d-bd46-4268-b6b1-619e07c6fda3", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1348.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1348.json index 4f82d1e5e02..e9d4d124100 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1348.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1348.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1348", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-18T17:15:28.360", - "lastModified": "2025-06-18T17:15:28.360", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user\u2019s web browser cache due to not using a suitable caching policy." + }, + { + "lang": "es", + "value": "IBM Sterling B2B Integrator e IBM Sterling File Gateway 6.0.0.0 a 6.1.2.6 y 6.2.0.0 a 6.2.0.4 podr\u00edan permitir que un usuario local obtenga informaci\u00f3n confidencial del cach\u00e9 del navegador web de un usuario debido a que no utilizan una pol\u00edtica de almacenamiento en cach\u00e9 adecuada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-13xx/CVE-2025-1349.json b/CVE-2025/CVE-2025-13xx/CVE-2025-1349.json index 2048b824c29..5b064a0bf61 100644 --- a/CVE-2025/CVE-2025-13xx/CVE-2025-1349.json +++ b/CVE-2025/CVE-2025-13xx/CVE-2025-1349.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1349", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-18T17:15:28.560", - "lastModified": "2025-06-18T17:15:28.560", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 \n\nis vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + }, + { + "lang": "es", + "value": "IBM Sterling B2B Integrator e IBM Sterling File Gateway (versiones 6.0.0.0 a 6.1.2.6 y 6.2.0.0 a 6.2.0.4) son vulnerables a Cross-site Scripting almacenado. Esta vulnerabilidad permite a un usuario con privilegios incrustar c\u00f3digo JavaScript arbitrario en la interfaz web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1987.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1987.json index c0278f97578..4f5bb0cdbac 100644 --- a/CVE-2025/CVE-2025-19xx/CVE-2025-1987.json +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1987.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1987", "sourceIdentifier": "cve-requests@bitdefender.com", "published": "2025-06-21T22:15:21.510", - "lastModified": "2025-06-21T22:15:21.510", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Cross-Site Scripting (XSS)\u00a0vulnerability has been identified in Psono-Client\u2019s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious vault entry (or trick a user into creating or importing one) with a javascript:URL. When the user interacts with this entry (for example, by clicking or opening it), the application will execute the malicious JavaScript in the context of the Psono vault. This allows an attacker to run arbitrary code in the victim\u2019s browser, potentially giving them access to the user\u2019s password vault and sensitive data." + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) en la gesti\u00f3n por parte de Psono-Client de las entradas de la b\u00f3veda de tipo \"website_password\" y \"bookmark\", utilizadas en Bitdefender SecurePass. El cliente no depura correctamente el campo URL de estas entradas. Como resultado, un atacante puede manipular una entrada de b\u00f3veda maliciosa (o enga\u00f1ar al usuario para que la cree o importe) con una URL javascript:URL. Cuando el usuario interact\u00faa con esta entrada (por ejemplo, al hacer clic o abrirla), la aplicaci\u00f3n ejecuta el JavaScript malicioso en el contexto de la b\u00f3veda de Psono. Esto permite a un atacante ejecutar c\u00f3digo arbitrario en el navegador de la v\u00edctima, lo que podr\u00eda otorgarle acceso a la b\u00f3veda de contrase\u00f1as y a datos confidenciales del usuario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-202xx/CVE-2025-20234.json b/CVE-2025/CVE-2025-202xx/CVE-2025-20234.json index cfa2703a48c..3f57729a1d5 100644 --- a/CVE-2025/CVE-2025-202xx/CVE-2025-20234.json +++ b/CVE-2025/CVE-2025-202xx/CVE-2025-20234.json @@ -2,13 +2,17 @@ "id": "CVE-2025-20234", "sourceIdentifier": "psirt@cisco.com", "published": "2025-06-18T17:15:28.833", - "lastModified": "2025-06-18T17:15:28.833", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the ." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el procesamiento de Universal Disk Format (UDF) de ClamAV podr\u00eda permitir que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una sobrelectura de memoria durante el an\u00e1lisis de archivos UDF. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un archivo manipulado con contenido UDF para que ClamAV lo analice en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante finalizar el proceso de an\u00e1lisis de ClamAV, lo que provocar\u00eda una denegaci\u00f3n de servicio (DoS) en el software afectado. Para obtener una descripci\u00f3n de esta vulnerabilidad, consulte [enlace faltante]." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-202xx/CVE-2025-20260.json b/CVE-2025/CVE-2025-202xx/CVE-2025-20260.json index 53903b026c0..c231046f0f7 100644 --- a/CVE-2025/CVE-2025-202xx/CVE-2025-20260.json +++ b/CVE-2025/CVE-2025-202xx/CVE-2025-20260.json @@ -2,13 +2,17 @@ "id": "CVE-2025-20260", "sourceIdentifier": "psirt@cisco.com", "published": "2025-06-18T18:15:23.270", - "lastModified": "2025-06-18T18:15:23.270", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.\r\n\r\nThis vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en los procesos de escaneo de PDF de ClamAV podr\u00eda permitir que un atacante remoto no autenticado provoque un desbordamiento de b\u00fafer, una denegaci\u00f3n de servicio (DoS) o ejecute c\u00f3digo arbitrario en un dispositivo afectado. Esta vulnerabilidad se debe a que los b\u00faferes de memoria se asignan incorrectamente al procesar archivos PDF. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un archivo PDF manipulado para que ClamAV lo escanee en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar un desbordamiento de b\u00fafer, lo que probablemente resultar\u00eda en la finalizaci\u00f3n del proceso de escaneo de ClamAV y una denegaci\u00f3n de servicio (DoS) en el software afectado. Aunque no se ha demostrado, tambi\u00e9n existe la posibilidad de que un atacante aproveche el desbordamiento de b\u00fafer para ejecutar c\u00f3digo arbitrario con los privilegios del proceso de ClamAV." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-202xx/CVE-2025-20271.json b/CVE-2025/CVE-2025-202xx/CVE-2025-20271.json index 4d5cb7b0e54..1c1901d9a57 100644 --- a/CVE-2025/CVE-2025-202xx/CVE-2025-20271.json +++ b/CVE-2025/CVE-2025-202xx/CVE-2025-20271.json @@ -2,13 +2,17 @@ "id": "CVE-2025-20271", "sourceIdentifier": "psirt@cisco.com", "published": "2025-06-18T17:15:29.053", - "lastModified": "2025-06-18T17:15:29.053", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an affected device.\r\n\r\nThis vulnerability is due to variable initialization errors when an SSL VPN session is established. An attacker could exploit this vulnerability by sending a sequence of crafted HTTPS requests to an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of all established SSL VPN sessions and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established, effectively making the Cisco AnyConnect VPN service unavailable for all legitimate users." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el servidor VPN Cisco AnyConnect de los dispositivos Cisco Meraki MX y Cisco Meraki Z Series Teleworker Gateway podr\u00eda permitir que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio (DoS) en el servicio Cisco AnyConnect de un dispositivo afectado. Esta vulnerabilidad se debe a errores de inicializaci\u00f3n variables al establecer una sesi\u00f3n VPN SSL. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una secuencia de solicitudes HTTPS manipuladas a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante reiniciar el servidor VPN Cisco AnyConnect, lo que provocar\u00eda el fallo de todas las sesiones VPN SSL establecidas y obligar\u00eda a los usuarios remotos a iniciar una nueva conexi\u00f3n VPN y a autenticarse de nuevo. Un ataque continuo podr\u00eda impedir el establecimiento de nuevas conexiones VPN SSL, lo que har\u00eda que el servicio VPN Cisco AnyConnect no estuviera disponible para todos los usuarios leg\u00edtimos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-214xx/CVE-2025-21495.json b/CVE-2025/CVE-2025-214xx/CVE-2025-21495.json index 7815299c0e7..bee3dd6e2e3 100644 --- a/CVE-2025/CVE-2025-214xx/CVE-2025-21495.json +++ b/CVE-2025/CVE-2025-214xx/CVE-2025-21495.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21495", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-01-21T21:15:14.367", - "lastModified": "2025-01-23T17:15:22.903", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:09:07.213", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_enterprise_firewall:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.0.40", + "matchCriteriaId": "67F745C1-29A0-44A8-8BA8-DDBAD3CD15BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_enterprise_firewall:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.4.0", + "versionEndIncluding": "8.4.3", + "matchCriteriaId": "02DA6907-99B9-42EC-B338-B58323B96D96" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_enterprise_firewall:9.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D5B3569E-4453-4EAD-B3D8-54D0E9B71C60" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujan2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21552.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21552.json index 3bbe1f0f759..189763c3239 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21552.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21552.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21552", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-01-21T21:15:21.763", - "lastModified": "2025-03-13T15:15:52.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T17:50:21.420", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.9.2", + "matchCriteriaId": "E99060DC-68AB-467B-B4D6-97BF0688FCB0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujan2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21553.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21553.json index 1aab2ec3478..6378fb35db0 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21553.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21553.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21553", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-01-21T21:15:21.880", - "lastModified": "2025-02-04T16:15:41.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T17:49:50.830", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:java_virtual_machine:*:*:*:*:*:*:*:*", + "versionStartIncluding": "19.3", + "versionEndIncluding": "19.25", + "matchCriteriaId": "47D141DE-6AC9-4FD5-8421-E2FC9AB9A87F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:java_virtual_machine:*:*:*:*:*:*:*:*", + "versionStartIncluding": "21.3", + "versionEndIncluding": "21.16", + "matchCriteriaId": "77C2D127-57F1-45C5-9DBF-6014EAB6B801" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:java_virtual_machine:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.4", + "versionEndIncluding": "23.6", + "matchCriteriaId": "42837C29-D768-4AAF-B7F8-69E8ED1AA1F3" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujan2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21557.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21557.json index 8f3628b2930..2c36460e4cf 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21557.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21557.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21557", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-01-21T21:15:22.423", - "lastModified": "2025-02-04T19:15:32.943", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:08:52.383", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*", + "matchCriteriaId": "55D8B512-A82C-475B-91F8-953DB68D6716" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*", + "matchCriteriaId": "318CB2C2-CAD0-48BD-9892-5773D7B0339B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujan2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21568.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21568.json index cd7180d7ae7..1e67d8d07f3 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21568.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21568.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21568", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-01-21T21:15:23.843", - "lastModified": "2025-02-04T17:15:21.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:01:43.933", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:11.2.19.0.000:*:*:*:*:*:*:*", + "matchCriteriaId": "44D01719-77F9-4776-814D-B26C2C98988A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujan2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21569.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21569.json index 94882ddc69d..1f385544fb2 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21569.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21569.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21569", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-01-21T21:15:23.977", - "lastModified": "2025-02-04T17:15:21.423", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:01:24.330", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:11.2.19.0.000:*:*:*:*:*:*:*", + "matchCriteriaId": "44D01719-77F9-4776-814D-B26C2C98988A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujan2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21583.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21583.json index 7df2c3669c0..aa7c729fdd5 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21583.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21583.json @@ -2,8 +2,8 @@ "id": "CVE-2025-21583", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:53.797", - "lastModified": "2025-04-19T01:15:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:00:45.600", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,57 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:8.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "12C89458-F0D4-4C87-9C97-E8D5319E73AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:9.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CBFEA6CB-D404-4759-B85F-3E3C130DEEDD" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20250418-0009/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2123.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2123.json index c89b2e19fe5..192cac578b9 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2123.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2123.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2123", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-09T15:15:36.413", - "lastModified": "2025-03-10T16:15:14.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:53:22.017", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 2.1, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -122,36 +142,97 @@ "value": "CWE-94" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qbnz:geshi:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0.9.1", + "matchCriteriaId": "F99A2A40-15A0-431B-BAE6-3AC3A5B3772B" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/GeSHi/geshi-1.0/issues/159", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/GeSHi/geshi-1.0/issues/159#issue-2880408694", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.299036", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.299036", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.507418", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/GeSHi/geshi-1.0/issues/159", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/GeSHi/geshi-1.0/issues/159#issue-2880408694", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2148.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2148.json index ef5dc553899..c0880670c5a 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2148.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2148.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2148", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-10T12:15:12.617", - "lastModified": "2025-03-10T14:15:26.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:47:34.860", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -120,26 +140,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pytorch:pytorch:2.6.0\\+cu124:*:*:*:*:*:*:*", + "matchCriteriaId": "FCC3454B-502D-4866-B812-D65D3B516549" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pytorch/pytorch/issues/147722", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://vuldb.com/?ctiid.299059", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.299059", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.505959", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/pytorch/pytorch/issues/147722", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2149.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2149.json index 77115edf391..36fabc6f13e 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2149.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2149.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2149", "sourceIdentifier": "cna@vuldb.com", "published": "2025-03-10T13:15:36.290", - "lastModified": "2025-03-10T14:15:26.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:44:57.017", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -120,34 +120,76 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pytorch:pytorch:2.6.0\\+cu124:*:*:*:*:*:*:*", + "matchCriteriaId": "FCC3454B-502D-4866-B812-D65D3B516549" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pytorch/pytorch/issues/147818", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/pytorch/pytorch/issues/147818#issue-2877301660", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://vuldb.com/?ctiid.299060", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.299060", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.506563", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry", + "Exploit" + ] }, { "url": "https://github.com/pytorch/pytorch/issues/147818", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/pytorch/pytorch/issues/147818#issue-2877301660", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2171.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2171.json index cb58d3c5a14..de0f807143d 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2171.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2171.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2171", "sourceIdentifier": "mandiant-cve@google.com", "published": "2025-06-23T14:15:26.437", - "lastModified": "2025-06-23T14:15:26.437", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -18,8 +18,8 @@ "type": "Secondary", "cvssData": { "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "baseScore": 8.8, + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", @@ -32,7 +32,7 @@ "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", - "exploitMaturity": "NOT_DEFINED", + "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2172.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2172.json index 1d0403e00dc..985b938c260 100644 --- a/CVE-2025/CVE-2025-21xx/CVE-2025-2172.json +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2172.json @@ -2,8 +2,8 @@ "id": "CVE-2025-2172", "sourceIdentifier": "mandiant-cve@google.com", "published": "2025-06-23T14:15:26.607", - "lastModified": "2025-06-23T14:15:26.607", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -18,9 +18,9 @@ "type": "Secondary", "cvssData": { "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "baseScore": 7.5, - "baseSeverity": "HIGH", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", @@ -32,7 +32,7 @@ "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", - "exploitMaturity": "NOT_DEFINED", + "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", diff --git a/CVE-2025/CVE-2025-230xx/CVE-2025-23049.json b/CVE-2025/CVE-2025-230xx/CVE-2025-23049.json index 8eca38d079c..beed248297b 100644 --- a/CVE-2025/CVE-2025-230xx/CVE-2025-23049.json +++ b/CVE-2025/CVE-2025-230xx/CVE-2025-23049.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23049", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-23T12:15:22.603", - "lastModified": "2025-06-23T12:15:22.603", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-230xx/CVE-2025-23092.json b/CVE-2025/CVE-2025-230xx/CVE-2025-23092.json new file mode 100644 index 00000000000..6ed36573a54 --- /dev/null +++ b/CVE-2025/CVE-2025-230xx/CVE-2025-23092.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-23092", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-23T21:15:24.460", + "lastModified": "2025-06-23T21:15:24.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an authenticated attacker with administrative privileges to conduct a path traversal attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to upload arbitrary files and execute unauthorized commands." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0006", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mitel.com/support/security-advisories", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23121.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23121.json index 1d7b4d8a792..5ff6f5fe0bc 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23121.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23121.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23121", "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:21.260", - "lastModified": "2025-06-19T00:15:21.260", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], "references": [ { "url": "https://www.veeam.com/kb4743", diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23168.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23168.json index b8e1971b6d7..656a6a605a3 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23168.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23168.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23168", "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:21.377", - "lastModified": "2025-06-19T00:15:21.377", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], "references": [ { "url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715", diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23169.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23169.json index ea08fbf767a..0bde5da3c91 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23169.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23169.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23169", "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:21.497", - "lastModified": "2025-06-19T00:15:21.497", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://security-portal.versa-networks.com/emailbulletins/68526a08dc94d6b9f2faf716", diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23170.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23170.json index 02c962d4344..f3075536bdc 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23170.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23170.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23170", "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:21.620", - "lastModified": "2025-06-19T00:15:21.620", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://security-portal.versa-networks.com/emailbulletins/68526bc7dc94d6b9f2faf717", diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23171.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23171.json index 1bd57c7c2d1..22b44a7a217 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23171.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23171.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23171", "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:21.743", - "lastModified": "2025-06-19T00:15:21.743", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], "references": [ { "url": "https://security-portal.versa-networks.com/emailbulletins/68526dbbdc94d6b9f2faf71a", diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23172.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23172.json index 3e4a02edcc8..409a8c42f45 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23172.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23172.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23172", "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:21.857", - "lastModified": "2025-06-19T00:15:21.857", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], "references": [ { "url": "https://security-portal.versa-networks.com/emailbulletins/68526e7bdc94d6b9f2faf71b", diff --git a/CVE-2025/CVE-2025-231xx/CVE-2025-23173.json b/CVE-2025/CVE-2025-231xx/CVE-2025-23173.json index d50a2d19e55..d310a43f16e 100644 --- a/CVE-2025/CVE-2025-231xx/CVE-2025-23173.json +++ b/CVE-2025/CVE-2025-231xx/CVE-2025-23173.json @@ -2,8 +2,8 @@ "id": "CVE-2025-23173", "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:21.977", - "lastModified": "2025-06-19T00:15:21.977", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], "references": [ { "url": "https://security-portal.versa-networks.com/emailbulletins/68526ee0dc94d6b9f2faf71c", diff --git a/CVE-2025/CVE-2025-242xx/CVE-2025-24286.json b/CVE-2025/CVE-2025-242xx/CVE-2025-24286.json index 60316ef3914..3d64c477a2e 100644 --- a/CVE-2025/CVE-2025-242xx/CVE-2025-24286.json +++ b/CVE-2025/CVE-2025-242xx/CVE-2025-24286.json @@ -2,8 +2,8 @@ "id": "CVE-2025-24286", "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:22.093", - "lastModified": "2025-06-19T00:15:22.093", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], "references": [ { "url": "https://www.veeam.com/kb4743", diff --git a/CVE-2025/CVE-2025-242xx/CVE-2025-24287.json b/CVE-2025/CVE-2025-242xx/CVE-2025-24287.json index 1a11faca593..f8bfae69c04 100644 --- a/CVE-2025/CVE-2025-242xx/CVE-2025-24287.json +++ b/CVE-2025/CVE-2025-242xx/CVE-2025-24287.json @@ -2,8 +2,8 @@ "id": "CVE-2025-24287", "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:22.207", - "lastModified": "2025-06-19T00:15:22.207", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], "references": [ { "url": "https://www.veeam.com/kb4743", diff --git a/CVE-2025/CVE-2025-242xx/CVE-2025-24288.json b/CVE-2025/CVE-2025-242xx/CVE-2025-24288.json index d38b99061d2..6540472dda0 100644 --- a/CVE-2025/CVE-2025-242xx/CVE-2025-24288.json +++ b/CVE-2025/CVE-2025-242xx/CVE-2025-24288.json @@ -2,8 +2,8 @@ "id": "CVE-2025-24288", "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:22.323", - "lastModified": "2025-06-19T00:15:22.323", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1188" + } + ] + } + ], "references": [ { "url": "https://security-portal.versa-networks.com/emailbulletins/68526d12dc94d6b9f2faf719", diff --git a/CVE-2025/CVE-2025-242xx/CVE-2025-24291.json b/CVE-2025/CVE-2025-242xx/CVE-2025-24291.json index 65b3af73ede..480f1d54317 100644 --- a/CVE-2025/CVE-2025-242xx/CVE-2025-24291.json +++ b/CVE-2025/CVE-2025-242xx/CVE-2025-24291.json @@ -2,8 +2,8 @@ "id": "CVE-2025-24291", "sourceIdentifier": "support@hackerone.com", "published": "2025-06-19T00:15:22.437", - "lastModified": "2025-06-19T00:15:22.437", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], "references": [ { "url": "https://security-portal.versa-networks.com/emailbulletins/68526fc6dc94d6b9f2faf71d", diff --git a/CVE-2025/CVE-2025-24xx/CVE-2025-2443.json b/CVE-2025/CVE-2025-24xx/CVE-2025-2443.json index aa760efb048..bc5ed05aef9 100644 --- a/CVE-2025/CVE-2025-24xx/CVE-2025-2443.json +++ b/CVE-2025/CVE-2025-24xx/CVE-2025-2443.json @@ -2,13 +2,17 @@ "id": "CVE-2025-2443", "sourceIdentifier": "cve@gitlab.com", "published": "2025-06-20T18:15:28.270", - "lastModified": "2025-06-20T18:15:28.270", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1." + }, + { + "lang": "es", + "value": "Se ha descubierto un problema en GitLab EE que permite ataques de Cross-Site Scripting y eludir la pol\u00edtica de seguridad de contenido en el navegador de un usuario en condiciones espec\u00edficas, lo que afecta a todas las versiones desde la 16.6 hasta la 17.9.7, la 17.10 hasta la 17.10.5 y la 17.11 hasta la 17.11.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-250xx/CVE-2025-25034.json b/CVE-2025/CVE-2025-250xx/CVE-2025-25034.json index 0af1382b591..0bd01c461a0 100644 --- a/CVE-2025/CVE-2025-250xx/CVE-2025-25034.json +++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25034.json @@ -2,13 +2,17 @@ "id": "CVE-2025-25034", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-06-20T19:15:35.693", - "lastModified": "2025-06-20T19:15:35.693", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest_data parameter before passing it to the unserialize() function. This allows an unauthenticated attacker to submit crafted serialized data containing malicious object declarations, resulting in arbitrary code execution within the application context. Although SugarCRM released a prior fix in advisory sugarcrm-sa-2016-001, the patch was incomplete and failed to address some vectors." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de objetos PHP en versiones de SugarCRM anteriores a 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2 y 7.7.1.0 debido a una validaci\u00f3n incorrecta de la entrada serializada de PHP en el script SugarRestSerialize.php. El c\u00f3digo vulnerable no depura el par\u00e1metro rest_data antes de pasarlo a la funci\u00f3n unserialize(). Esto permite que un atacante no autenticado env\u00ede datos serializados manipulados que contienen declaraciones de objetos maliciosos, lo que provoca la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto de la aplicaci\u00f3n. Aunque SugarCRM public\u00f3 una correcci\u00f3n previa en el aviso sugarcrm-sa-2016-001, el parche estaba incompleto y no solucionaba algunos vectores." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-250xx/CVE-2025-25037.json b/CVE-2025/CVE-2025-250xx/CVE-2025-25037.json index c2ed9d93bf3..ce2a81ee424 100644 --- a/CVE-2025/CVE-2025-250xx/CVE-2025-25037.json +++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25037.json @@ -2,13 +2,17 @@ "id": "CVE-2025-25037", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-06-20T19:15:35.870", - "lastModified": "2025-06-20T19:15:35.870", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en las versiones de firmware de Aquatronica Controller System anteriores a la 5.1.6 y anteriores a la 2.0 de la interfaz web. El endpoint tcp.php no restringe el acceso no autenticado, lo que permite a atacantes remotos emitir solicitudes POST manipuladas y recuperar datos de configuraci\u00f3n confidenciales, incluyendo credenciales administrativas en texto plano. La explotaci\u00f3n de esta vulnerabilidad puede comprometer por completo el sistema, lo que permite la manipulaci\u00f3n no autorizada de los dispositivos conectados y los par\u00e1metros del acuario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-250xx/CVE-2025-25038.json b/CVE-2025/CVE-2025-250xx/CVE-2025-25038.json index 91e07381893..5daa2e6919f 100644 --- a/CVE-2025/CVE-2025-250xx/CVE-2025-25038.json +++ b/CVE-2025/CVE-2025-250xx/CVE-2025-25038.json @@ -2,13 +2,17 @@ "id": "CVE-2025-25038", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-06-20T19:15:36.050", - "lastModified": "2025-06-20T19:15:36.050", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system\u2019s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el sistema operativo MiniDVBLinux versi\u00f3n 5.4 y anteriores. La interfaz de administraci\u00f3n web del sistema no depura correctamente la entrada del usuario antes de pasarla a los comandos del sistema operativo. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para ejecutar comandos arbitrarios como usuario root, lo que podr\u00eda comprometer todo el dispositivo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-253xx/CVE-2025-25382.json b/CVE-2025/CVE-2025-253xx/CVE-2025-25382.json index 874a2f1dfed..66ac29ab117 100644 --- a/CVE-2025/CVE-2025-253xx/CVE-2025-25382.json +++ b/CVE-2025/CVE-2025-253xx/CVE-2025-25382.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25382", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-10T16:15:13.393", - "lastModified": "2025-03-20T21:15:23.030", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:49:27.087", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ikm:sanchaya:3.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "4C908E95-A0C1-435D-A8E0-FA81F33A8888" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/edwin-0990/CVE_ID/blob/main/CVE-2025-25382/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://tax.lsgkerala.gov.in/epayment/QuickPaySearch.php", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/edwin-0990/CVE_ID/blob/main/CVE-2025-25382/README.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-256xx/CVE-2025-25614.json b/CVE-2025/CVE-2025-256xx/CVE-2025-25614.json index 1ff4a7b45a2..d1bebbe7184 100644 --- a/CVE-2025/CVE-2025-256xx/CVE-2025-25614.json +++ b/CVE-2025/CVE-2025-256xx/CVE-2025-25614.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25614", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-10T15:15:37.330", - "lastModified": "2025-03-10T20:15:14.280", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:35:25.673", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:changeweb:unifiedtransform:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "883EFC82-98B6-4094-8472-3A520B2F0196" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/armaansidana2003/CVE-2025-25614", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "Exploit" + ] }, { "url": "https://github.com/changeweb/Unifiedtransform", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/armaansidana2003/CVE-2025-25614", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Third Party Advisory", + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-256xx/CVE-2025-25620.json b/CVE-2025/CVE-2025-256xx/CVE-2025-25620.json index 98b5930e3fd..2785bf87518 100644 --- a/CVE-2025/CVE-2025-256xx/CVE-2025-25620.json +++ b/CVE-2025/CVE-2025-256xx/CVE-2025-25620.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25620", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-10T15:15:37.490", - "lastModified": "2025-03-10T19:15:40.393", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:47:00.840", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:changeweb:unifiedtransform:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "883EFC82-98B6-4094-8472-3A520B2F0196" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/armaansidana2003/CVE-2025-25620", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/changeweb/Unifiedtransform", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25908.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25908.json index 5fb718f9a15..12c016dc468 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25908.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25908.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25908", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-10T22:15:27.150", - "lastModified": "2025-03-11T03:15:39.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T20:13:31.600", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tianti_project:tianti:2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "15BA6CED-60CB-45A5-8BE2-4FE8EF3F8C04" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xujeff/tianti/issues/40", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25940.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25940.json index e4166bf881e..644ad98323b 100644 --- a/CVE-2025/CVE-2025-259xx/CVE-2025-25940.json +++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25940.json @@ -2,8 +2,8 @@ "id": "CVE-2025-25940", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-10T16:15:13.520", - "lastModified": "2025-03-12T19:15:39.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T20:05:39.933", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:visicut:visicut:2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "0F8D48DD-9FFD-430E-AE40-BBD22CA1081D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/t-oster/VisiCut", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://royblume.github.io/CVE-2025-25940/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://royblume.github.io/CVE-2025-25940/", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-261xx/CVE-2025-26198.json b/CVE-2025/CVE-2025-261xx/CVE-2025-26198.json index f9b166d222e..58b6d03bfb6 100644 --- a/CVE-2025/CVE-2025-261xx/CVE-2025-26198.json +++ b/CVE-2025/CVE-2025-261xx/CVE-2025-26198.json @@ -2,8 +2,8 @@ "id": "CVE-2025-26198", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T18:15:24.097", - "lastModified": "2025-06-20T16:15:28.057", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-261xx/CVE-2025-26199.json b/CVE-2025/CVE-2025-261xx/CVE-2025-26199.json index 4b24c0da174..1ad16433284 100644 --- a/CVE-2025/CVE-2025-261xx/CVE-2025-26199.json +++ b/CVE-2025/CVE-2025-261xx/CVE-2025-26199.json @@ -2,8 +2,8 @@ "id": "CVE-2025-26199", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T20:15:19.667", - "lastModified": "2025-06-20T16:15:28.217", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-264xx/CVE-2025-26413.json b/CVE-2025/CVE-2025-264xx/CVE-2025-26413.json index 22f2cfc0f2d..94c419e4563 100644 --- a/CVE-2025/CVE-2025-264xx/CVE-2025-26413.json +++ b/CVE-2025/CVE-2025-264xx/CVE-2025-26413.json @@ -2,8 +2,8 @@ "id": "CVE-2025-26413", "sourceIdentifier": "security@apache.org", "published": "2025-04-22T08:15:28.853", - "lastModified": "2025-05-12T16:15:23.023", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:25:25.167", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -49,16 +49,52 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:kvrocks:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12.0", + "matchCriteriaId": "0866BE6A-705F-4AD3-A6A3-8D4D5FC21ADA" + } + ] + } + ] } ], "references": [ { "url": "https://lists.apache.org/thread/388743qrr8yq8qm0go8tls6rf1kog8dw", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2025/04/22/1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26865.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26865.json index 067001147ae..eaeebb1c4aa 100644 --- a/CVE-2025/CVE-2025-268xx/CVE-2025-26865.json +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26865.json @@ -2,8 +2,8 @@ "id": "CVE-2025-26865", "sourceIdentifier": "security@apache.org", "published": "2025-03-10T14:15:25.220", - "lastModified": "2025-03-11T20:15:17.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:37:09.027", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,26 +51,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:ofbiz:18.12.17:*:*:*:*:*:*:*", + "matchCriteriaId": "C07CBDF9-F52E-4C71-BDA4-F431FE8F24F0" + } + ] + } + ] + } + ], "references": [ { "url": "https://issues.apache.org/jira/browse/OFBIZ-12594", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/prb48ztk01bflyyjbl6p56wlcc1n5sz7", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://ofbiz.apache.org/download.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Product" + ] }, { "url": "https://ofbiz.apache.org/security.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2025/03/07/1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-271xx/CVE-2025-27190.json b/CVE-2025/CVE-2025-271xx/CVE-2025-27190.json index 96050ccc62c..3edae8c8838 100644 --- a/CVE-2025/CVE-2025-271xx/CVE-2025-27190.json +++ b/CVE-2025/CVE-2025-271xx/CVE-2025-27190.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27190", "sourceIdentifier": "psirt@adobe.com", "published": "2025-04-08T21:15:50.727", - "lastModified": "2025-04-09T20:02:41.860", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:30:03.177", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,585 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*", + "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*", + "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*", + "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*", + "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*", + "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*", + "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*", + "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*", + "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*", + "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*", + "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*", + "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*", + "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*", + "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*", + "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*", + "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*", + "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*", + "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*", + "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*", + "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*", + "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*", + "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*", + "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*", + "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*", + "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*", + "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*", + "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*", + "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*", + "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*", + "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*", + "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*", + "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*", + "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*", + "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*", + "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*", + "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*", + "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*", + "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*", + "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*", + "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*", + "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*", + "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*", + "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*", + "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:beta2:*:*:*:*:*:*", + "matchCriteriaId": "C9E12B43-AD3E-48A2-9042-5586186CA3BE" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*", + "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*", + "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*", + "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*", + "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*", + "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*", + "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*", + "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*", + "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*", + "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*", + "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*", + "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*", + "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*", + "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*", + "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*", + "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*", + "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*", + "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*", + "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*", + "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.1:-:*:*:*:*:*:*", + "matchCriteriaId": "C7F81CCF-0105-465B-90A3-047A57ED4B81" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:-:*:*:open_source:*:*:*", + "matchCriteriaId": "AC641EFE-3B9B-4988-A143-FE1F6FD0D689" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "5F7AA4A6-69E3-4BA4-A476-CA37F41D5482" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p10:*:*:open_source:*:*:*", + "matchCriteriaId": "3465841A-1CE5-4173-A795-48881146618B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p11:*:*:open_source:*:*:*", + "matchCriteriaId": "3252B090-DE40-4F56-B55A-BE20DA2AF606" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p12:*:*:open_source:*:*:*", + "matchCriteriaId": "42A23BF0-164F-4342-ADF5-B439B902503E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "A3D05570-FA72-4FCF-90E9-EC19731CD9F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "7DF079F1-1886-4974-A0F0-82DEA88F2E83" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "C4E7AFE2-E02D-4C7D-B9C3-CEF345F1287C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "F39BCCFC-4748-4626-8E35-4BD299CE42A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p6:*:*:open_source:*:*:*", + "matchCriteriaId": "EB9003A6-F5CC-463F-AC3A-C76F96A39F45" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p7:*:*:open_source:*:*:*", + "matchCriteriaId": "10DBD0CA-AFC2-4E12-9239-C2FBE778E6E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p8:*:*:open_source:*:*:*", + "matchCriteriaId": "FBB3AA19-BF6C-4C4B-A213-494D35F08D99" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.4:p9:*:*:open_source:*:*:*", + "matchCriteriaId": "6FE43B88-BCD6-4ADF-94E7-81EC15550A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*", + "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*", + "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*", + "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*", + "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*", + "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*", + "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*", + "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*", + "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*", + "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*", + "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*", + "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*", + "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*", + "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*", + "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*", + "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*", + "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.8:beta2:*:*:open_source:*:*:*", + "matchCriteriaId": "2957B390-52C5-48D7-A6D7-709BC76B9C69" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/magento/apsb25-26.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-272xx/CVE-2025-27206.json b/CVE-2025/CVE-2025-272xx/CVE-2025-27206.json index 101f29b2f7c..4841aebba04 100644 --- a/CVE-2025/CVE-2025-272xx/CVE-2025-27206.json +++ b/CVE-2025/CVE-2025-272xx/CVE-2025-27206.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27206", "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T16:15:36.273", - "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:25:38.097", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,565 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*", + "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*", + "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*", + "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*", + "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*", + "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*", + "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*", + "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*", + "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*", + "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*", + "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*", + "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*", + "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*", + "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*", + "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*", + "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*", + "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*", + "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*", + "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*", + "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*", + "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*", + "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*", + "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*", + "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*", + "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*", + "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*", + "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*", + "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*", + "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*", + "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*", + "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*", + "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*", + "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*", + "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*", + "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*", + "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*", + "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*", + "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*", + "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*", + "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*", + "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*", + "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*", + "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*", + "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*", + "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*", + "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*", + "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*", + "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*", + "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*", + "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*", + "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*", + "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*", + "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*", + "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*", + "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*", + "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*", + "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*", + "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*", + "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*", + "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*", + "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*", + "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*", + "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*", + "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*", + "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*", + "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*", + "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*", + "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*", + "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*", + "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*", + "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*", + "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*", + "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*", + "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*", + "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*", + "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*", + "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*", + "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*", + "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*", + "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*", + "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*", + "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*", + "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*", + "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*", + "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*", + "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*", + "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*", + "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*", + "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*", + "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-273xx/CVE-2025-27387.json b/CVE-2025/CVE-2025-273xx/CVE-2025-27387.json index 880dde0954d..d7649014ccd 100644 --- a/CVE-2025/CVE-2025-273xx/CVE-2025-27387.json +++ b/CVE-2025/CVE-2025-273xx/CVE-2025-27387.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27387", "sourceIdentifier": "security@oppo.com", "published": "2025-06-23T10:15:27.100", - "lastModified": "2025-06-23T10:15:27.100", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-276xx/CVE-2025-27636.json b/CVE-2025/CVE-2025-276xx/CVE-2025-27636.json index 83194861519..4cbf14a8161 100644 --- a/CVE-2025/CVE-2025-276xx/CVE-2025-27636.json +++ b/CVE-2025/CVE-2025-276xx/CVE-2025-27636.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27636", "sourceIdentifier": "security@apache.org", "published": "2025-03-09T13:15:34.403", - "lastModified": "2025-03-17T15:15:44.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:54:52.400", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,30 +51,84 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.10.0", + "versionEndExcluding": "3.22.4", + "matchCriteriaId": "F955C7FA-20EE-44FC-BB7F-2734A731A9DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.8.0", + "versionEndExcluding": "4.8.5", + "matchCriteriaId": "15914F75-761B-40AD-8489-EA92699F3741" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10.0", + "versionEndExcluding": "4.10.2", + "matchCriteriaId": "DB496A7D-7E5D-48DA-B49F-4494B7369026" + } + ] + } + ] + } + ], "references": [ { "url": "https://camel.apache.org/security/CVE-2025-27636.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://issues.apache.org/jira/browse/CAMEL-21828", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2025/03/09/1", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://camel.apache.org/security/CVE-2025-27636.txt.asc", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/akamai/CVE-2025-27636-Apache-Camel-PoC/blob/main/src/main/java/com/example/camel/VulnerableCamel.java", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-278xx/CVE-2025-27893.json b/CVE-2025/CVE-2025-278xx/CVE-2025-27893.json index dfff057415d..1331a159a5d 100644 --- a/CVE-2025/CVE-2025-278xx/CVE-2025-27893.json +++ b/CVE-2025/CVE-2025-278xx/CVE-2025-27893.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27893", "sourceIdentifier": "cve@mitre.org", "published": "2025-03-11T09:15:25.457", - "lastModified": "2025-03-11T14:15:26.033", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T20:15:18.907", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.4, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, @@ -51,18 +71,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:archerirm:archer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0.0", + "versionEndIncluding": "6.14.00202.10024", + "matchCriteriaId": "0C3617CA-3593-4E00-AFAF-A40F4877267E" + } + ] + } + ] + } + ], "references": [ { "url": "https://archerirm.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/NastyCrow/CVE-2025-27893", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/NastyCrow/CVE-2025-27893", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28056.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28056.json index 41e41057d61..6965cb37c23 100644 --- a/CVE-2025/CVE-2025-280xx/CVE-2025-28056.json +++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28056.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28056", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-13T16:15:29.053", - "lastModified": "2025-05-14T14:15:28.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:07:03.310", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ruifang-tech:rebuild:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.9.0", + "versionEndIncluding": "3.9.3", + "matchCriteriaId": "E0AA960E-EB6C-484D-9CC3-28989E3E7F28" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/LTLTLXEY/c34dc785fc24f4cbb026e2ef3d7660c4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/getrebuild/rebuild/issues/866", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-281xx/CVE-2025-28197.json b/CVE-2025/CVE-2025-281xx/CVE-2025-28197.json index 76e0e1ab418..877d3c6b831 100644 --- a/CVE-2025/CVE-2025-281xx/CVE-2025-28197.json +++ b/CVE-2025/CVE-2025-281xx/CVE-2025-28197.json @@ -2,8 +2,8 @@ "id": "CVE-2025-28197", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-18T20:15:16.450", - "lastModified": "2025-04-22T14:15:25.370", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:49:56.080", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.4.247", + "matchCriteriaId": "02C4B440-754A-4436-ACC0-E2EAA9A99BB4" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/AndrewDzzz/f49e79b09ce0643ee1fc2a829e8875e0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-28xx/CVE-2025-2828.json b/CVE-2025/CVE-2025-28xx/CVE-2025-2828.json new file mode 100644 index 00000000000..c5683288214 --- /dev/null +++ b/CVE-2025/CVE-2025-28xx/CVE-2025-2828.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-2828", + "sourceIdentifier": "security@huntr.dev", + "published": "2025-06-23T21:15:25.210", + "lastModified": "2025-06-23T21:15:25.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/langchain-ai/langchain/commit/e188d4ecb085d4561a0be3c583d26aa9c2c3283f", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/8f771040-7f34-420a-b96b-5b93d4a99afc", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-295xx/CVE-2025-29547.json b/CVE-2025/CVE-2025-295xx/CVE-2025-29547.json index c0d516316d0..b24c15ed8ac 100644 --- a/CVE-2025/CVE-2025-295xx/CVE-2025-29547.json +++ b/CVE-2025/CVE-2025-295xx/CVE-2025-29547.json @@ -2,8 +2,8 @@ "id": "CVE-2025-29547", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T15:16:12.447", - "lastModified": "2025-04-23T14:08:13.383", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:23:41.120", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:horizondatasys:rollback_rx_pro:12.8.0.0:*:*:*:professional:*:*:*", + "matchCriteriaId": "2E0BA57B-E5DE-4D6E-A619-6B62F9C15DCC" + } + ] + } + ] + } + ], "references": [ { "url": "https://horizondatasys.com/rollback-rx-time-machine/rollback-rx-professional/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://packetstorm.news/files/id/190491/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-296xx/CVE-2025-29646.json b/CVE-2025/CVE-2025-296xx/CVE-2025-29646.json index b8cc17b66ea..21daf08baf7 100644 --- a/CVE-2025/CVE-2025-296xx/CVE-2025-29646.json +++ b/CVE-2025/CVE-2025-296xx/CVE-2025-29646.json @@ -2,8 +2,8 @@ "id": "CVE-2025-29646", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T18:15:24.447", - "lastModified": "2025-06-20T13:15:19.197", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30691.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30691.json index 9cc97a75575..ffb3eb1b48d 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30691.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30691.json @@ -2,8 +2,8 @@ "id": "CVE-2025-30691", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:58.360", - "lastModified": "2025-04-19T01:15:44.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T17:54:13.107", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,89 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.6:*:*:*:*:*:*:*", + "matchCriteriaId": "CA3EFE25-C32C-4C77-9322-FAC4890BFA56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:24:*:*:*:*:*:*:*", + "matchCriteriaId": "1079F3AD-4178-44D9-92E9-C491DE07CD05" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:21.0.6:*:*:*:*:*:*:*", + "matchCriteriaId": "2158B240-CEE8-4A42-8D77-79215BB94924" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jdk:24:*:*:*:*:*:*:*", + "matchCriteriaId": "137F81E6-12BD-423B-9865-FB33D770337C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:21.0.6:*:*:*:*:*:*:*", + "matchCriteriaId": "39D7BAAF-CC85-4180-AC4B-40B26B876B3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:jre:24:*:*:*:*:*:*:*", + "matchCriteriaId": "20E49340-B272-4BDE-AB0D-ECE7F5133B11" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*", + "matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20250418-0004/", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30721.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30721.json index 53b3969c5ce..71d22c70fff 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30721.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30721.json @@ -2,8 +2,8 @@ "id": "CVE-2025-30721", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:01.760", - "lastModified": "2025-04-16T13:25:37.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T17:54:26.630", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,10 +39,58 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.0.41", + "matchCriteriaId": "BC7FEA08-A23D-4037-BBDB-C7FC6B533D0F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.4.0", + "versionEndIncluding": "8.4.4", + "matchCriteriaId": "3787EB95-8CCD-4905-B247-DC09A0D30899" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.2.0", + "matchCriteriaId": "B0FBFCEC-D8B3-4364-9594-BF11D7A8322C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpuapr2025.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31698.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31698.json index 5b34ba1f830..ddb095156f6 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31698.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31698.json @@ -2,8 +2,8 @@ "id": "CVE-2025-31698", "sourceIdentifier": "security@apache.org", "published": "2025-06-19T10:15:20.980", - "lastModified": "2025-06-20T14:15:27.420", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-327xx/CVE-2025-32753.json b/CVE-2025/CVE-2025-327xx/CVE-2025-32753.json index 675810279e9..44eb11972aa 100644 --- a/CVE-2025/CVE-2025-327xx/CVE-2025-32753.json +++ b/CVE-2025/CVE-2025-327xx/CVE-2025-32753.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32753", "sourceIdentifier": "security_alert@emc.com", "published": "2025-06-20T14:15:27.593", - "lastModified": "2025-06-20T14:15:27.593", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.1, contains an improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, information disclosure, and information tampering." + }, + { + "lang": "es", + "value": "Dell PowerScale OneFS, versiones 9.5.0.0 a 9.10.0.1, presenta una vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL (inyecci\u00f3n SQL). Un atacante con privilegios reducidos y acceso local podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda denegaci\u00f3n de servicio, divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32875.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32875.json index e3075c3f9e5..5d2a10dfb66 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32875.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32875.json @@ -2,8 +2,8 @@ "id": "CVE-2025-32875", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:27.730", - "lastModified": "2025-06-23T15:15:27.400", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32876.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32876.json index 88c37bebe4c..294242a79c3 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32876.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32876.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32876", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:27.877", - "lastModified": "2025-06-20T14:15:27.877", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure Connections and instead enforces BLE Legacy Pairing. In BLE Legacy Pairing, the Short-Term Key (STK) can be easily guessed. This requires knowledge of the Temporary Key (TK), which, in the case of the COROS Pace 3, is set to 0 due to the Just Works pairing method. An attacker within Bluetooth range can therefore perform sniffing attacks, allowing eavesdropping on the communication." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en los dispositivos COROS PACE 3 hasta la versi\u00f3n 3.0808.0. La implementaci\u00f3n BLE del reloj inteligente COROS no es compatible con las conexiones seguras LE y, en su lugar, aplica el emparejamiento heredado BLE. En el emparejamiento heredado BLE, la clave de corto plazo (STK) se puede adivinar f\u00e1cilmente. Esto requiere conocer la clave temporal (TK), que, en el caso del COROS Pace 3, est\u00e1 configurada a 0 debido al m\u00e9todo de emparejamiento Just Works. Por lo tanto, un atacante dentro del alcance de Bluetooth puede realizar ataques de rastreo, lo que permite interceptar la comunicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32877.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32877.json index b80236139de..392dfd65528 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32877.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32877.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32877", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:28.250", - "lastModified": "2025-06-20T14:15:28.250", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle attacks. Furthermore, this lack of authentication allows attackers to interact with the device via BLE without requiring prior authorization." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en los dispositivos COROS PACE 3 hasta la versi\u00f3n 3.0808.0. Este dispositivo se identifica como un dispositivo sin capacidades de entrada ni salida, lo que resulta en el uso del m\u00e9todo de emparejamiento Just Works. Este m\u00e9todo no implementa autenticaci\u00f3n, lo que permite ataques de m\u00e1quina en el medio. Adem\u00e1s, esta falta de autenticaci\u00f3n permite a los atacantes interactuar con el dispositivo mediante BLE sin necesidad de autorizaci\u00f3n previa." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32878.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32878.json index 9ba7263c60e..f4499b78ce4 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32878.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32878.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32878", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:28.490", - "lastModified": "2025-06-20T15:15:20.257", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading firmware files, the watch requests some information about the firmware via HTTPS from the back-end API. However, the X.509 server certificate within the TLS handshake is not validated by the device. This allows an attacker within an active machine-in-the-middle position, using a TLS proxy and a self-signed certificate, to eavesdrop and manipulate the HTTPS communication. This could be abused, for example, for stealing the API access token of the assigned user account." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en dispositivos COROS PACE 3 a trav\u00e9s de la versi\u00f3n 3.0808.0. Este problema implementa una funci\u00f3n para conectar el reloj a una red WLAN. Esta funci\u00f3n se utiliza principalmente para descargar archivos de firmware. Antes de descargarlos, el reloj solicita informaci\u00f3n sobre el firmware mediante HTTPS desde la API de backend. Sin embargo, el certificado del servidor X.509 del protocolo de enlace TLS no es validado por el dispositivo. Esto permite a un atacante en una posici\u00f3n de intermediario (MCI) activa, utilizando un proxy TLS y un certificado autofirmado, interceptar y manipular la comunicaci\u00f3n HTTPS. Esto podr\u00eda utilizarse, por ejemplo, para robar el token de acceso a la API de la cuenta de usuario asignada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32879.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32879.json index 580f69bf0f5..9dce10d8bf8 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32879.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32879.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32879", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:28.783", - "lastModified": "2025-06-20T14:15:28.783", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other device is connected. While connected, none of the BLE services and characteristics of the device require any authentication or security level. Therefore, any characteristic, depending on their mode of operation (read/write/notify), can be used by the connected attacker. This allows, for example, configuring the device, sending notifications, resetting the device to factory settings, or installing software." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en dispositivos COROS PACE 3 hasta la versi\u00f3n 3.0808.0. Este problema inicia la publicidad si no hay ning\u00fan dispositivo conectado por Bluetooth. Esto permite a un atacante conectarse al dispositivo mediante Bluetooth de baja energ\u00eda (BLE) si no hay ning\u00fan otro dispositivo conectado. Mientras est\u00e9 conectado, ninguno de los servicios ni caracter\u00edsticas de Bluetooth de este dispositivo requiere autenticaci\u00f3n ni nivel de seguridad. Por lo tanto, cualquier caracter\u00edstica, seg\u00fan su modo de funcionamiento (lectura/escritura/notificaci\u00f3n), puede ser utilizada por el atacante conectado. Esto permite, por ejemplo, configurar el dispositivo, enviar notificaciones, restablecer la configuraci\u00f3n de f\u00e1brica o instalar software." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32880.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32880.json index da0965e886b..bab8b223a26 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32880.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32880.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32880", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:28.967", - "lastModified": "2025-06-20T14:15:28.967", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However, the communication is not encrypted and allows sniffing and machine-in-the-middle attacks." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en los dispositivos COROS PACE 3 a trav\u00e9s de la versi\u00f3n 3.0808.0. Este problema implementa una funci\u00f3n para conectar el reloj a una red WLAN. Con acceso a la red WLAN, el COROS Pace 3 descarga archivos de firmware mediante HTTP. Sin embargo, la comunicaci\u00f3n no est\u00e1 cifrada y permite el rastreo de dispositivos y ataques de intermediario." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json b/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json index 199f8e10455..bc4f350472a 100644 --- a/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json +++ b/CVE-2025/CVE-2025-328xx/CVE-2025-32896.json @@ -2,8 +2,8 @@ "id": "CVE-2025-32896", "sourceIdentifier": "security@apache.org", "published": "2025-06-19T11:15:24.190", - "lastModified": "2025-06-20T14:15:29.090", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3221.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3221.json index f20e01e91ea..9db58845297 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3221.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3221.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3221", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-21T13:15:21.850", - "lastModified": "2025-06-21T13:15:21.850", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources." + }, + { + "lang": "es", + "value": "IBM InfoSphere Information Server 11.7.0.0 a 11.7.1.6 podr\u00eda permitir que un atacante remoto provoque una denegaci\u00f3n de servicio debido a una validaci\u00f3n insuficiente de los recursos de solicitud entrantes." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3227.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3227.json index 73d45d2b6d6..a2c9f76e5c5 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3227.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3227.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3227", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-06-20T15:15:20.430", - "lastModified": "2025-06-20T15:15:20.430", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public and private channels by manipulating playbook run participants when the run is linked to a channel." + }, + { + "lang": "es", + "value": "Las versiones de Mattermost 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 no aplican correctamente los permisos de administraci\u00f3n de miembros del canal en las ejecuciones del libro de estrategias, lo que permite que los usuarios autenticados sin el permiso \"Administrar miembros del canal\" agreguen o eliminen usuarios de canales p\u00fablicos y privados mediante la manipulaci\u00f3n de los participantes de la ejecuci\u00f3n del libro de estrategias cuando la ejecuci\u00f3n est\u00e1 vinculada a un canal." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3228.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3228.json index 1817adc946c..f53cebf8445 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3228.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3228.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3228", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-06-20T15:15:20.573", - "lastModified": "2025-06-20T15:15:20.573", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run." + }, + { + "lang": "es", + "value": "Las versiones de Mattermost 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 no pueden recuperar correctamente requestorInfo del controlador de playbooks para usuarios invitados, lo que permite que un atacante acceda a la ejecuci\u00f3n del playbook." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-331xx/CVE-2025-33117.json b/CVE-2025/CVE-2025-331xx/CVE-2025-33117.json index ba4f366e680..69b33f14397 100644 --- a/CVE-2025/CVE-2025-331xx/CVE-2025-33117.json +++ b/CVE-2025/CVE-2025-331xx/CVE-2025-33117.json @@ -2,13 +2,17 @@ "id": "CVE-2025-33117", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-19T18:15:21.280", - "lastModified": "2025-06-19T18:15:21.280", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands." + }, + { + "lang": "es", + "value": "El paquete de actualizaci\u00f3n 12 de IBM QRadar SIEM 7.5 a 7.5.0 podr\u00eda permitir que un usuario privilegiado modifique archivos de configuraci\u00f3n que permitir\u00edan la carga de un archivo de actualizaci\u00f3n autom\u00e1tica malicioso para ejecutar comandos arbitrarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-331xx/CVE-2025-33121.json b/CVE-2025/CVE-2025-331xx/CVE-2025-33121.json index f94fa7cacae..5aca29faeb3 100644 --- a/CVE-2025/CVE-2025-331xx/CVE-2025-33121.json +++ b/CVE-2025/CVE-2025-331xx/CVE-2025-33121.json @@ -2,13 +2,17 @@ "id": "CVE-2025-33121", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-19T18:15:21.470", - "lastModified": "2025-06-19T18:15:21.470", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources." + }, + { + "lang": "es", + "value": "El paquete de actualizaci\u00f3n 12 de IBM QRadar SIEM 7.5 a 7.5.0 es vulnerable a un ataque de inyecci\u00f3n de entidad externa (XXE) al procesar datos XML. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3319.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3319.json index 42733546185..55506c00ba1 100644 --- a/CVE-2025/CVE-2025-33xx/CVE-2025-3319.json +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3319.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3319", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-20T15:15:20.717", - "lastModified": "2025-06-20T15:15:20.717", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources." + }, + { + "lang": "es", + "value": "IBM Spectrum Protect Server 8.1 a 8.1.26 podr\u00eda permitir que un atacante evite la autenticaci\u00f3n debido a una autenticaci\u00f3n de sesi\u00f3n incorrecta, lo que puede resultar en el acceso a recursos no autorizados." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34021.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34021.json index ccac3abb89f..5068e341cdb 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34021.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34021.json @@ -2,13 +2,17 @@ "id": "CVE-2025-34021", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-06-20T19:15:36.530", - "lastModified": "2025-06-20T19:15:36.530", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de server-side request forgery (SSRF) en varios modelos de Selea Targa IP OCR-ANPR camera, como iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750 y Targa 704 ILB. La aplicaci\u00f3n no valida la entrada del usuario en par\u00e1metros JSON POST, como ipnotify_address y url, que utilizan los mecanismos internos para obtener im\u00e1genes y realizar b\u00fasquedas DNS. Esto permite a atacantes remotos no autenticados inducir al sistema a realizar solicitudes HTTP arbitrarias a sistemas internos o externos, lo que podr\u00eda eludir las pol\u00edticas del firewall o realizar la enumeraci\u00f3n interna de servicios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34022.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34022.json index 3caa80316f2..434d26940f5 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34022.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34022.json @@ -2,13 +2,17 @@ "id": "CVE-2025-34022", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-06-20T19:15:36.720", - "lastModified": "2025-06-20T19:15:36.720", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the \u201cDownload Archive in Storage\u201d page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en varios modelos Selea Targa IP OCR-ANPR cameras, como iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750 y Targa 704 ILB. El script /common/get_file.php de la p\u00e1gina \"Descargar archivo en almacenamiento\" no valida correctamente la entrada del usuario en el par\u00e1metro \"file\". Atacantes remotos no autenticados pueden explotar esta vulnerabilidad para leer archivos arbitrarios en el dispositivo, incluyendo archivos confidenciales del sistema que contienen credenciales en texto plano, lo que podr\u00eda provocar la omisi\u00f3n de la autenticaci\u00f3n y la exposici\u00f3n de la informaci\u00f3n del sistema. " } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34023.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34023.json index 314a4ee389b..a59b749d20f 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34023.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34023.json @@ -2,8 +2,8 @@ "id": "CVE-2025-34023", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-06-20T19:15:36.887", - "lastModified": "2025-06-20T19:15:36.887", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34024.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34024.json index bc5fb8b6e63..c3594645802 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34024.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34024.json @@ -2,13 +2,17 @@ "id": "CVE-2025-34024", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-06-20T19:15:37.053", - "lastModified": "2025-06-20T19:15:37.053", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el firmware 1.13 y anteriores del Edimax EW-7438RPn a trav\u00e9s del controlador de formularios mp.asp. El endpoint /goform/mp gestiona incorrectamente la entrada del usuario al par\u00e1metro de comando. Un atacante autenticado puede inyectar comandos de shell utilizando metacaracteres de shell para ejecutar comandos arbitrarios como usuario root." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34029.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34029.json index 3fb10a28c5f..58dcb272e52 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34029.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34029.json @@ -2,13 +2,17 @@ "id": "CVE-2025-34029", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-06-20T19:15:37.210", - "lastModified": "2025-06-20T19:15:37.210", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el firmware 1.13 y anteriores del Edimax EW-7438RPn Mini a trav\u00e9s del controlador de formularios syscmd.asp. El endpoint /goform/formSysCmd expone una interfaz de comandos del sistema mediante el par\u00e1metro sysCmd. Un atacante remoto autenticado puede enviar comandos de shell arbitrarios directamente, lo que resulta en la ejecuci\u00f3n del comando como usuario root." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-340xx/CVE-2025-34030.json b/CVE-2025/CVE-2025-340xx/CVE-2025-34030.json index 1b4f6013fef..8aa98502f10 100644 --- a/CVE-2025/CVE-2025-340xx/CVE-2025-34030.json +++ b/CVE-2025/CVE-2025-340xx/CVE-2025-34030.json @@ -2,13 +2,17 @@ "id": "CVE-2025-34030", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2025-06-20T19:15:37.343", - "lastModified": "2025-06-20T19:15:37.343", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to the plot parameter (e.g., ?plot=;id) in a crafted GET request. The output of the command is displayed in the application's interface after interacting with the host selection UI. Successful exploitation leads to arbitrary command execution on the underlying system." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en sar2html versi\u00f3n 3.2.2 y anteriores a trav\u00e9s del par\u00e1metro plot en index.php. La aplicaci\u00f3n no depura la entrada proporcionada por el usuario antes de usarla en un contexto a nivel de sistema. Atacantes remotos no autenticados pueden inyectar comandos de shell a\u00f1adi\u00e9ndolos al par\u00e1metro plot (p. ej., ?plot=;id) en una solicitud GET manipulada. La salida del comando se muestra en la interfaz de la aplicaci\u00f3n tras interactuar con la interfaz de selecci\u00f3n de host. Una explotaci\u00f3n exitosa conlleva la ejecuci\u00f3n de comandos arbitrarios en el sistema subyacente." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3518.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3518.json index 950d9459e65..537456df62d 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3518.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3518.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3518", "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2025-04-22T09:15:15.510", - "lastModified": "2025-04-24T15:15:58.393", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:22:37.767", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,6 +59,28 @@ "providerUrgency": "NOT_DEFINED" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } ] }, "weaknesses": [ @@ -73,10 +95,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:unblu:spark:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.1", + "versionEndExcluding": "7.54.1", + "matchCriteriaId": "6C64D108-B923-4F22-BFDB-B50D706C26FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:unblu:spark:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.1", + "versionEndExcluding": "8.13.1", + "matchCriteriaId": "AF5DC7CA-0A8C-4C5B-8137-33DF32739B34" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.unblu.com/en/docs/latest/security-bulletins/#UBL-2025-002", - "source": "vulnerability@ncsc.ch" + "source": "vulnerability@ncsc.ch", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3577.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3577.json index 252e4dc6ac4..12285810072 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3577.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3577.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3577", "sourceIdentifier": "security@zyxel.com.tw", "published": "2025-04-22T03:15:21.637", - "lastModified": "2025-04-23T14:08:13.383", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:29:59.393", + "vulnStatus": "Analyzed", "cveTags": [ { "sourceIdentifier": "security@zyxel.com.tw", @@ -58,18 +58,58 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zyxel:amg1302-t10b_firmware:2.00\\(aajc.16\\)c0:*:*:*:*:*:*:*", + "matchCriteriaId": "824D36A3-0CB6-4BCA-939E-BECE269BC2D1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:amg1302-t10b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "879BFC87-77C5-4762-8E6B-D3623476FC95" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Jiangxiazhe/IOT_Vulnerability/blob/main/README.md", - "source": "security@zyxel.com.tw" + "source": "security@zyxel.com.tw", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.zyxel.com/service-provider/global/en/security-advisories/end-of-life", - "source": "security@zyxel.com.tw" + "source": "security@zyxel.com.tw", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Jiangxiazhe/IOT_Vulnerability/blob/main/README.md", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-360xx/CVE-2025-36016.json b/CVE-2025/CVE-2025-360xx/CVE-2025-36016.json index f9ebf4e7bf0..d80e8262c5b 100644 --- a/CVE-2025/CVE-2025-360xx/CVE-2025-36016.json +++ b/CVE-2025/CVE-2025-360xx/CVE-2025-36016.json @@ -2,13 +2,17 @@ "id": "CVE-2025-36016", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-21T13:15:20.913", - "lastModified": "2025-06-21T13:15:20.913", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Process Mining 2.0.1 IF001 and 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim." + }, + { + "lang": "es", + "value": "IBM Process Mining 2.0.1 IF001 y 2.0.1 podr\u00edan permitir que un atacante remoto realice ataques de phishing mediante un ataque de redirecci\u00f3n abierta. Al persuadir a la v\u00edctima para que visite un sitio web especialmente manipulado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para falsificar la URL mostrada y redirigir al usuario a un sitio web malicioso aparentemente confiable. Esto podr\u00eda permitirle obtener informaci\u00f3n altamente sensible o realizar nuevos ataques contra la v\u00edctima." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-360xx/CVE-2025-36048.json b/CVE-2025/CVE-2025-360xx/CVE-2025-36048.json index 6a3dc512781..03341c629b0 100644 --- a/CVE-2025/CVE-2025-360xx/CVE-2025-36048.json +++ b/CVE-2025/CVE-2025-360xx/CVE-2025-36048.json @@ -2,13 +2,17 @@ "id": "CVE-2025-36048", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-18T16:15:27.080", - "lastModified": "2025-06-18T16:15:27.080", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges." + }, + { + "lang": "es", + "value": "IBM webMethods Integration Server 10.5, 10.7, 10.11 y 10.15 podr\u00edan permitir que un usuario privilegiado aumente sus privilegios al manejar entidades externas debido a la ejecuci\u00f3n con privilegios innecesarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-360xx/CVE-2025-36049.json b/CVE-2025/CVE-2025-360xx/CVE-2025-36049.json index caad7d870ea..f2f6bfe1502 100644 --- a/CVE-2025/CVE-2025-360xx/CVE-2025-36049.json +++ b/CVE-2025/CVE-2025-360xx/CVE-2025-36049.json @@ -2,13 +2,17 @@ "id": "CVE-2025-36049", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-18T16:15:27.233", - "lastModified": "2025-06-18T16:15:27.233", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 \n\nis vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands." + }, + { + "lang": "es", + "value": "IBM webMethods Integration Server 10.5, 10.7, 10.11 y 10.15 es vulnerable a un ataque de inyecci\u00f3n de entidad externa (XXE) XML al procesar datos XML. Un atacante remoto autenticado podr\u00eda aprovechar esta vulnerabilidad para ejecutar comandos arbitrarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-360xx/CVE-2025-36050.json b/CVE-2025/CVE-2025-360xx/CVE-2025-36050.json index ca503776635..aeb21bff806 100644 --- a/CVE-2025/CVE-2025-360xx/CVE-2025-36050.json +++ b/CVE-2025/CVE-2025-360xx/CVE-2025-36050.json @@ -2,13 +2,17 @@ "id": "CVE-2025-36050", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-19T18:15:21.630", - "lastModified": "2025-06-19T18:15:21.630", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user." + }, + { + "lang": "es", + "value": "El paquete de actualizaci\u00f3n 12 de IBM QRadar SIEM 7.5 a 7.5.0 almacena informaci\u00f3n potencialmente confidencial en archivos de registro que un usuario local podr\u00eda leer." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3629.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3629.json index f507d117fe5..12e65e3e73e 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3629.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3629.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3629", "sourceIdentifier": "psirt@us.ibm.com", "published": "2025-06-21T13:15:21.993", - "lastModified": "2025-06-21T13:15:21.993", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 \n\ncould allow an authenticated user to delete another user's comments due to improper ownership management." + }, + { + "lang": "es", + "value": "IBM InfoSphere Information Server 11.7.0.0 a 11.7.1.6 podr\u00eda permitir que un usuario autenticado elimine los comentarios de otro usuario debido a una gesti\u00f3n de propiedad inadecuada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-37xx/CVE-2025-3795.json b/CVE-2025/CVE-2025-37xx/CVE-2025-3795.json index ac2497f2922..d4abf8e0264 100644 --- a/CVE-2025/CVE-2025-37xx/CVE-2025-3795.json +++ b/CVE-2025/CVE-2025-37xx/CVE-2025-3795.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3795", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-18T20:15:16.947", - "lastModified": "2025-04-21T14:23:45.950", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:49:33.320", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -80,6 +80,26 @@ }, "exploitabilityScore": 0.9, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N", + "baseScore": 3.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 1.4 } ], "cvssMetricV2": [ @@ -122,28 +142,75 @@ "value": "CWE-94" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:daicuo:daicuo:1.3.13:*:*:*:*:*:*:*", + "matchCriteriaId": "955C183A-BCCB-426E-9E29-429EA6B48DD6" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/daicuo/cms/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://vuldb.com/?ctiid.305648", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.305648", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.554639", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/daicuo/cms/issues/1", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-380xx/CVE-2025-38083.json b/CVE-2025/CVE-2025-380xx/CVE-2025-38083.json index 0590a0b3265..b5c487e6e10 100644 --- a/CVE-2025/CVE-2025-380xx/CVE-2025-38083.json +++ b/CVE-2025/CVE-2025-380xx/CVE-2025-38083.json @@ -2,13 +2,17 @@ "id": "CVE-2025-38083", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-06-20T12:15:21.470", - "lastModified": "2025-06-20T12:15:21.470", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: prio: fix a race in prio_tune()\n\nGerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent's qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net_sched: prio: corrige una ejecuci\u00f3n en prio_tune() Gerrard Tai inform\u00f3 una condici\u00f3n de ejecuci\u00f3n en PRIO, siempre que el temporizador de perturbaci\u00f3n SFQ se dispara en el momento equivocado. La ejecuci\u00f3n es la siguiente: CPU 0 CPU 1 [1]: ra\u00edz de bloqueo [2]: qdisc_tree_flush_backlog() [3]: ra\u00edz de desbloqueo | | [5]: ra\u00edz de bloqueo | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() Esto se puede abusar para desbordar el qlen de un padre. Llamar a qdisc_purge_queue() en lugar de qdisc_tree_flush_backlog() deber\u00eda corregir la ejecuci\u00f3n, porque todos los paquetes se purgar\u00e1n del qdisc antes de liberar el bloqueo." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3891.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3891.json index d48b7fc2ed1..8d64a1b2ae9 100644 --- a/CVE-2025/CVE-2025-38xx/CVE-2025-3891.json +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3891.json @@ -2,7 +2,7 @@ "id": "CVE-2025-3891", "sourceIdentifier": "secalert@redhat.com", "published": "2025-04-29T12:15:32.137", - "lastModified": "2025-06-06T10:15:21.750", + "lastModified": "2025-06-23T19:15:22.770", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", @@ -146,6 +146,10 @@ "Third Party Advisory" ] }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9396", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-3891", "source": "secalert@redhat.com", diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4102.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4102.json index 0aaf1427163..35287c758b9 100644 --- a/CVE-2025/CVE-2025-41xx/CVE-2025-4102.json +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4102.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4102", "sourceIdentifier": "security@wordfence.com", "published": "2025-06-20T12:15:22.140", - "lastModified": "2025-06-20T12:15:22.140", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_enabled_icons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 2.9.1." + }, + { + "lang": "es", + "value": "El complemento Beaver Builder Plugin (Starter Version) para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n \"save_enabled_icons\" en todas las versiones hasta la 2.9.1 (incluida). Esto permite que atacantes autenticados, con acceso de administrador o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad se corrigi\u00f3 parcialmente en la versi\u00f3n 2.9.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-435xx/CVE-2025-43585.json b/CVE-2025/CVE-2025-435xx/CVE-2025-43585.json index 561afe92f04..e57767897fc 100644 --- a/CVE-2025/CVE-2025-435xx/CVE-2025-43585.json +++ b/CVE-2025/CVE-2025-435xx/CVE-2025-43585.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43585", "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T16:15:40.043", - "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:22:41.517", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,565 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*", + "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*", + "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*", + "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*", + "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*", + "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*", + "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*", + "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*", + "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*", + "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*", + "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*", + "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*", + "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*", + "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*", + "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*", + "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*", + "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*", + "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*", + "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*", + "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*", + "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*", + "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*", + "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*", + "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*", + "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*", + "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*", + "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*", + "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*", + "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*", + "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*", + "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*", + "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*", + "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*", + "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*", + "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*", + "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*", + "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*", + "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*", + "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*", + "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*", + "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*", + "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*", + "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*", + "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*", + "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*", + "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*", + "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*", + "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*", + "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*", + "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*", + "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*", + "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*", + "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*", + "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*", + "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*", + "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*", + "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*", + "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*", + "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*", + "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*", + "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*", + "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*", + "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*", + "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*", + "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*", + "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*", + "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*", + "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*", + "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*", + "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*", + "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*", + "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*", + "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*", + "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*", + "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*", + "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*", + "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*", + "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*", + "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*", + "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*", + "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*", + "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*", + "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*", + "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*", + "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*", + "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*", + "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*", + "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*", + "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*", + "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-435xx/CVE-2025-43586.json b/CVE-2025/CVE-2025-435xx/CVE-2025-43586.json index ccf65ddc975..feee7ebc384 100644 --- a/CVE-2025/CVE-2025-435xx/CVE-2025-43586.json +++ b/CVE-2025/CVE-2025-435xx/CVE-2025-43586.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43586", "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T16:15:40.207", - "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:22:26.633", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,565 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*", + "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*", + "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*", + "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*", + "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*", + "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*", + "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*", + "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*", + "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*", + "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*", + "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*", + "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*", + "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*", + "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*", + "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*", + "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*", + "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*", + "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*", + "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*", + "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*", + "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*", + "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*", + "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*", + "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*", + "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*", + "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*", + "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*", + "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*", + "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*", + "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*", + "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*", + "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*", + "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*", + "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*", + "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*", + "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*", + "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*", + "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*", + "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*", + "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*", + "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*", + "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*", + "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*", + "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*", + "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*", + "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*", + "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*", + "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*", + "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*", + "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*", + "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*", + "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*", + "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*", + "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*", + "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*", + "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*", + "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*", + "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*", + "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*", + "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*", + "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*", + "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*", + "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*", + "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*", + "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*", + "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*", + "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*", + "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*", + "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*", + "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*", + "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*", + "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*", + "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*", + "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*", + "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*", + "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*", + "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*", + "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*", + "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*", + "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*", + "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*", + "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*", + "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*", + "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*", + "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*", + "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*", + "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*", + "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*", + "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*", + "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-439xx/CVE-2025-43946.json b/CVE-2025/CVE-2025-439xx/CVE-2025-43946.json index d9fb362e782..4e75327e53b 100644 --- a/CVE-2025/CVE-2025-439xx/CVE-2025-43946.json +++ b/CVE-2025/CVE-2025-439xx/CVE-2025-43946.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43946", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T18:16:01.047", - "lastModified": "2025-04-25T15:15:40.050", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T18:03:44.927", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tcpwave:ddi:*:*:*:*:*:*:*:*", + "versionEndIncluding": "11.34p1c2", + "matchCriteriaId": "A50C354C-0500-4C5B-B639-0A6BE8459169" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43946", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://tcpwave.com/ddi-dns-dhcp-ipam", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-439xx/CVE-2025-43947.json b/CVE-2025/CVE-2025-439xx/CVE-2025-43947.json index 4e79a373c9e..bdcb31f12bb 100644 --- a/CVE-2025/CVE-2025-439xx/CVE-2025-43947.json +++ b/CVE-2025/CVE-2025-439xx/CVE-2025-43947.json @@ -2,8 +2,8 @@ "id": "CVE-2025-43947", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-22T18:16:01.170", - "lastModified": "2025-04-23T14:08:13.383", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-23T17:59:17.940", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codemers:klims:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.6_dev", + "matchCriteriaId": "D3B292FC-1B49-41E8-AD4A-52E793229C4E" + } + ] + } + ] + } + ], "references": [ { "url": "https://de.linkedin.com/company/codemers", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2025-43947", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-43xx/CVE-2025-4367.json b/CVE-2025/CVE-2025-43xx/CVE-2025-4367.json index c97e59dc0e3..dea0dce4a78 100644 --- a/CVE-2025/CVE-2025-43xx/CVE-2025-4367.json +++ b/CVE-2025/CVE-2025-43xx/CVE-2025-4367.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4367", "sourceIdentifier": "security@wordfence.com", "published": "2025-06-19T04:15:36.313", - "lastModified": "2025-06-19T04:15:36.313", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Download Manager para WordPress es vulnerable a Cross-site Scripting almacenado a trav\u00e9s del shortcode wpdm_user_dashboard del plugin en todas las versiones hasta la 3.3.18 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de autor o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-440xx/CVE-2025-44022.json b/CVE-2025/CVE-2025-440xx/CVE-2025-44022.json index 58ce9c885a5..8249b682923 100644 --- a/CVE-2025/CVE-2025-440xx/CVE-2025-44022.json +++ b/CVE-2025/CVE-2025-440xx/CVE-2025-44022.json @@ -2,8 +2,8 @@ "id": "CVE-2025-44022", "sourceIdentifier": "cve@mitre.org", "published": "2025-05-12T16:15:25.070", - "lastModified": "2025-05-12T22:15:25.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:15:17.153", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,26 +51,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vvveb:vvveb:1.0.6:*:*:*:*:*:*:*", + "matchCriteriaId": "B228E786-F967-434D-9C79-01BE6894F968" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-44022", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/givanz/Vvveb/commit/dd74abcae88f658779f61338b9f4c123884eef0d", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/givanz/Vvveb/issues/289", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/chimmeee/vulnerability-research/blob/main/CVE-2025-44022", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/givanz/Vvveb/issues/289", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-442xx/CVE-2025-44203.json b/CVE-2025/CVE-2025-442xx/CVE-2025-44203.json index e39341972fc..deae200028f 100644 --- a/CVE-2025/CVE-2025-442xx/CVE-2025-44203.json +++ b/CVE-2025/CVE-2025-442xx/CVE-2025-44203.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44203", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T16:15:28.700", - "lastModified": "2025-06-20T16:15:28.700", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials." + }, + { + "lang": "es", + "value": "En HotelDruid 3.0.7, un atacante no autenticado puede explotar mensajes de error SQL detallados en creadb.php antes de pulsar el bot\u00f3n \"Crear base de datos\". Al enviar solicitudes POST mal formadas a este endpoint, el atacante puede obtener el nombre de usuario, el hash de la contrase\u00f1a y la sal del administrador. En algunos casos, el ataque resulta en una denegaci\u00f3n de servicio (DoS), impidiendo que el administrador inicie sesi\u00f3n incluso con las credenciales correctas. " } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-445xx/CVE-2025-44528.json b/CVE-2025/CVE-2025-445xx/CVE-2025-44528.json new file mode 100644 index 00000000000..0c5594e42ea --- /dev/null +++ b/CVE-2025/CVE-2025-445xx/CVE-2025-44528.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2025-44528", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-23T20:15:27.880", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service (DoS) via sending a crafted LL_Pause_Enc_Req packet during the authentication and connection phase, causing a Denial of Service (DoS)." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://lp-cc2652rb.com", + "source": "cve@mitre.org" + }, + { + "url": "http://texas.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/TI/Accept_Pause_Enc_Req.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-446xx/CVE-2025-44635.json b/CVE-2025/CVE-2025-446xx/CVE-2025-44635.json index 7e576498779..2480fe70eb3 100644 --- a/CVE-2025/CVE-2025-446xx/CVE-2025-44635.json +++ b/CVE-2025/CVE-2025-446xx/CVE-2025-44635.json @@ -2,13 +2,17 @@ "id": "CVE-2025-44635", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T17:15:40.400", - "lastModified": "2025-06-20T17:15:40.400", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before ERHMG2-MNW100-R1126; GR3200, GR5200, GR8300 and other series routers before MiniGR1B0V100R018L50; GR-1800AX before MiniGRW1B0V100R009L50; GR-3000AX before SWBRW1A0V100R007L50; and GR-5400AX before SWBRW1B0V100R009L50. Attackers can bypass authentication by including specially crafted text in the request URL or message header, and then inject arbitrary malicious commands into some fields related to ACL access control list and user group functions and execute to obtain the highest ROOT privileges of remote devices, thereby completely taking over the remote target devices." + }, + { + "lang": "es", + "value": "Hay varias vulnerabilidades de ejecuci\u00f3n remota de comandos no autorizados en los enrutadores de las series H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W y NR1200W anteriores a ERG2AW-MNW100-R1117, los enrutadores de las series H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2 y ER8300G2-X anteriores a ERHMG2-MNW100-R1126, los enrutadores GR3200, GR5200, GR8300 y otros modelos anteriores a MiniGR1B0V100R018L50. GR-1800AX anterior a MiniGRW1B0V100R009L50; GR-3000AX anterior a SWBRW1A0V100R007L50; y GR-5400AX anterior a SWBRW1B0V100R009L50. Los atacantes pueden eludir la autenticaci\u00f3n incluyendo texto especialmente manipulado en la URL de solicitud o en el encabezado del mensaje, y luego inyectar comandos maliciosos arbitrarios en algunos campos relacionados con la lista de control de acceso ACL y las funciones de grupo de usuarios, y ejecutarlos para obtener los privilegios ROOT m\u00e1s altos de los dispositivos remotos, controlando as\u00ed completamente los dispositivos objetivo remotos." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-449xx/CVE-2025-44951.json b/CVE-2025/CVE-2025-449xx/CVE-2025-44951.json index 0e1b5d71f77..4ba8f520e94 100644 --- a/CVE-2025/CVE-2025-449xx/CVE-2025-44951.json +++ b/CVE-2025/CVE-2025-449xx/CVE-2025-44951.json @@ -2,8 +2,8 @@ "id": "CVE-2025-44951", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T16:15:27.413", - "lastModified": "2025-06-20T14:15:29.413", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-449xx/CVE-2025-44952.json b/CVE-2025/CVE-2025-449xx/CVE-2025-44952.json index 9c70112adeb..570cadee2d1 100644 --- a/CVE-2025/CVE-2025-449xx/CVE-2025-44952.json +++ b/CVE-2025/CVE-2025-449xx/CVE-2025-44952.json @@ -2,8 +2,8 @@ "id": "CVE-2025-44952", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T16:15:27.520", - "lastModified": "2025-06-20T13:15:19.377", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-44xx/CVE-2025-4479.json b/CVE-2025/CVE-2025-44xx/CVE-2025-4479.json index c8b81086487..393ac8f02e3 100644 --- a/CVE-2025/CVE-2025-44xx/CVE-2025-4479.json +++ b/CVE-2025/CVE-2025-44xx/CVE-2025-4479.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4479", "sourceIdentifier": "security@wordfence.com", "published": "2025-06-19T04:15:49.147", - "lastModified": "2025-06-19T04:15:49.147", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento ElementsKit Elementor Addons and Templates para WordPress es vulnerable a Cross-site Scripting almacenado a trav\u00e9s de las etiquetas antes/despu\u00e9s del widget de comparaci\u00f3n de im\u00e1genes en todas las versiones hasta la 3.5.2 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-453xx/CVE-2025-45331.json b/CVE-2025/CVE-2025-453xx/CVE-2025-45331.json index 26b33a60ac6..460e0c9d9be 100644 --- a/CVE-2025/CVE-2025-453xx/CVE-2025-45331.json +++ b/CVE-2025/CVE-2025-453xx/CVE-2025-45331.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45331", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T16:15:29.083", - "lastModified": "2025-06-20T16:15:29.083", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "brplot v420.69.1 contains a Null Pointer Dereference (NPD) vulnerability in the br_dagens_handle_once function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes." + }, + { + "lang": "es", + "value": "brplot v420.69.1 contiene una vulnerabilidad de desreferencia de puntero nulo (NPD) en la funci\u00f3n br_dagens_handle_once de su m\u00f3dulo de procesamiento de datos, lo que genera un comportamiento impredecible del programa, causando fallas de segmentaci\u00f3n y fallas del programa." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-456xx/CVE-2025-45661.json b/CVE-2025/CVE-2025-456xx/CVE-2025-45661.json index fe27c32850d..382a3a43805 100644 --- a/CVE-2025/CVE-2025-456xx/CVE-2025-45661.json +++ b/CVE-2025/CVE-2025-456xx/CVE-2025-45661.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45661", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T14:15:44.423", - "lastModified": "2025-06-18T15:15:26.513", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-site Scripting (XSS) en miniTCG v1.3.1 beta permite a los atacantes ejecutar scripts web arbitrarios o HTML mediante la inyecci\u00f3n de un payload manipulado en el par\u00e1metro id en /members/edit.php." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-457xx/CVE-2025-45784.json b/CVE-2025/CVE-2025-457xx/CVE-2025-45784.json index 3ba43265e66..03ab5fd2e24 100644 --- a/CVE-2025/CVE-2025-457xx/CVE-2025-45784.json +++ b/CVE-2025/CVE-2025-457xx/CVE-2025-45784.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45784", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T14:15:44.553", - "lastModified": "2025-06-18T15:15:26.710", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary." + }, + { + "lang": "es", + "value": "D-Link DPH-400S/SE VoIP Phone v1.01 contiene variables de aprovisionamiento codificadas, como PROVIS_USER_PASSWORD, que pueden exponer credenciales de usuario confidenciales. Un atacante con acceso a la imagen del firmware puede extraer estas credenciales mediante herramientas de an\u00e1lisis est\u00e1tico como cadenas o xxd, lo que podr\u00eda provocar acceso no autorizado a funciones del dispositivo o cuentas de usuario. Esta vulnerabilidad se debe al almacenamiento inseguro de informaci\u00f3n confidencial en el binario del firmware." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-457xx/CVE-2025-45786.json b/CVE-2025/CVE-2025-457xx/CVE-2025-45786.json index 0bc1f0319fc..a0b7dbac2be 100644 --- a/CVE-2025/CVE-2025-457xx/CVE-2025-45786.json +++ b/CVE-2025/CVE-2025-457xx/CVE-2025-45786.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45786", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T15:15:27.230", - "lastModified": "2025-06-18T15:15:27.230", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Real Estate Management 1.0 is vulnerable to Cross Site Scripting (XSS) in /store/index.php." + }, + { + "lang": "es", + "value": "Real Estate Management 1.0 es vulnerable a Cross Site Scripting (XSS) en /store/index.php." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-458xx/CVE-2025-45890.json b/CVE-2025/CVE-2025-458xx/CVE-2025-45890.json index 4d5a9167b2a..41cfb60c59d 100644 --- a/CVE-2025/CVE-2025-458xx/CVE-2025-45890.json +++ b/CVE-2025/CVE-2025-458xx/CVE-2025-45890.json @@ -2,13 +2,17 @@ "id": "CVE-2025-45890", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T16:15:29.240", - "lastModified": "2025-06-20T16:15:29.240", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter" + }, + { + "lang": "es", + "value": "La vulnerabilidad de Directory Traversal en novel plus anterior a v.5.1.0 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro filePath" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-45xx/CVE-2025-4563.json b/CVE-2025/CVE-2025-45xx/CVE-2025-4563.json index d145190ea42..73e4b41b1b1 100644 --- a/CVE-2025/CVE-2025-45xx/CVE-2025-4563.json +++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4563.json @@ -2,8 +2,8 @@ "id": "CVE-2025-4563", "sourceIdentifier": "jordan@liggitt.net", "published": "2025-06-23T16:15:27.350", - "lastModified": "2025-06-23T16:15:27.350", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-45xx/CVE-2025-4571.json b/CVE-2025/CVE-2025-45xx/CVE-2025-4571.json index 44349621a66..811b1704fac 100644 --- a/CVE-2025/CVE-2025-45xx/CVE-2025-4571.json +++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4571.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4571", "sourceIdentifier": "security@wordfence.com", "published": "2025-06-19T07:15:27.383", - "lastModified": "2025-06-19T07:15:27.383", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors' data, modify campaign events, etc." + }, + { + "lang": "es", + "value": "El complemento GiveWP \u2013 Donation Plugin and Fundraising Platform para WordPress es vulnerable a la visualizaci\u00f3n y modificaci\u00f3n no autorizada de datos debido a una comprobaci\u00f3n insuficiente de la capacidad de las funciones de comprobaci\u00f3n de permisos en todas las versiones hasta la 4.3.0 incluida. Esto permite a atacantes autenticados, con acceso de colaborador o superior, ver o eliminar campa\u00f1as de recaudaci\u00f3n de fondos, consultar los datos de los donantes, modificar eventos de campa\u00f1a, etc." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-461xx/CVE-2025-46101.json b/CVE-2025/CVE-2025-461xx/CVE-2025-46101.json index e1ab14f3b74..a9874f97867 100644 --- a/CVE-2025/CVE-2025-461xx/CVE-2025-46101.json +++ b/CVE-2025/CVE-2025-461xx/CVE-2025-46101.json @@ -2,8 +2,8 @@ "id": "CVE-2025-46101", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-23T15:15:27.793", - "lastModified": "2025-06-23T15:15:27.793", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-461xx/CVE-2025-46109.json b/CVE-2025/CVE-2025-461xx/CVE-2025-46109.json index 675e8df5866..761d4ac72a5 100644 --- a/CVE-2025/CVE-2025-461xx/CVE-2025-46109.json +++ b/CVE-2025/CVE-2025-461xx/CVE-2025-46109.json @@ -2,13 +2,17 @@ "id": "CVE-2025-46109", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T15:15:27.430", - "lastModified": "2025-06-18T16:15:27.607", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request" + }, + { + "lang": "es", + "value": "La vulnerabilidad de inyecci\u00f3n SQL en pbootCMS v.3.2.5 y v.3.2.10 permite que un atacante remoto obtenga informaci\u00f3n confidencial mediante una solicitud GET manipulada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-461xx/CVE-2025-46157.json b/CVE-2025/CVE-2025-461xx/CVE-2025-46157.json index a9bfb373366..1337228621d 100644 --- a/CVE-2025/CVE-2025-461xx/CVE-2025-46157.json +++ b/CVE-2025/CVE-2025-461xx/CVE-2025-46157.json @@ -2,13 +2,17 @@ "id": "CVE-2025-46157", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T14:15:44.687", - "lastModified": "2025-06-18T14:15:44.687", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form" + }, + { + "lang": "es", + "value": "Un problema en EfroTech Time Trax v.1.0 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n de adjuntar archivos en el formulario de solicitud de licencia." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-461xx/CVE-2025-46158.json b/CVE-2025/CVE-2025-461xx/CVE-2025-46158.json index dea42cf6bfc..52a6d0d4a36 100644 --- a/CVE-2025/CVE-2025-461xx/CVE-2025-46158.json +++ b/CVE-2025/CVE-2025-461xx/CVE-2025-46158.json @@ -2,13 +2,17 @@ "id": "CVE-2025-46158", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T18:15:28.440", - "lastModified": "2025-06-20T18:15:28.440", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in redoxOS kernel before commit 5d41cd7c allows a local attacker to cause a denial of service via the `setitimer` syscall" + }, + { + "lang": "es", + "value": "Un problema en el kernel de redoxOS antes del commit 5d41cd7c permite que un atacante local provoque una denegaci\u00f3n de servicio a trav\u00e9s de la llamada al sistema `setitimer`" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-461xx/CVE-2025-46179.json b/CVE-2025/CVE-2025-461xx/CVE-2025-46179.json index 6bcef892190..2a81163d40c 100644 --- a/CVE-2025/CVE-2025-461xx/CVE-2025-46179.json +++ b/CVE-2025/CVE-2025-461xx/CVE-2025-46179.json @@ -2,13 +2,17 @@ "id": "CVE-2025-46179", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T15:15:20.860", - "lastModified": "2025-06-20T15:15:20.860", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en el archivo askquery.php de CloudClassroom-PHP Project v1.0. El par\u00e1metro squeryx acepta entradas no depuradas, que se pasan directamente a las consultas SQL del backend." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-466xx/CVE-2025-46646.json b/CVE-2025/CVE-2025-466xx/CVE-2025-46646.json index b5d5545e6a1..28ac9908ebc 100644 --- a/CVE-2025/CVE-2025-466xx/CVE-2025-46646.json +++ b/CVE-2025/CVE-2025-466xx/CVE-2025-46646.json @@ -2,8 +2,8 @@ "id": "CVE-2025-46646", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-26T15:15:45.057", - "lastModified": "2025-04-29T13:52:10.697", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-06-23T18:36:04.753", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.05.0", + "matchCriteriaId": "E4CF93EA-5061-4D2F-8495-EBF07779A730" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.ghostscript.com/show_bug.cgi?id=708311", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f14ea81e6c3d2f51593f23cdf13c4679a18f1a3f", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-467xx/CVE-2025-46710.json b/CVE-2025/CVE-2025-467xx/CVE-2025-46710.json index 3f6d7e1fe75..f52c1390913 100644 --- a/CVE-2025/CVE-2025-467xx/CVE-2025-46710.json +++ b/CVE-2025/CVE-2025-467xx/CVE-2025-46710.json @@ -2,16 +2,43 @@ "id": "CVE-2025-46710", "sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce", "published": "2025-06-16T12:15:19.453", - "lastModified": "2025-06-16T12:32:18.840", + "lastModified": "2025-06-23T18:15:21.103", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Possible kernel exceptions caused by reading and writing kernel heap data after free." + }, + { + "lang": "es", + "value": "Posibles excepciones del kernel causadas por la lectura y escritura de datos del mont\u00f3n del kernel despu\u00e9s de la liberaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 4.7 + } + ] + }, "weaknesses": [ { "source": "367425dc-4d06-4041-9650-c2dc6aaa27ce", diff --git a/CVE-2025/CVE-2025-46xx/CVE-2025-4661.json b/CVE-2025/CVE-2025-46xx/CVE-2025-4661.json index 8de017f24fa..cbb984e9ab1 100644 --- a/CVE-2025/CVE-2025-46xx/CVE-2025-4661.json +++ b/CVE-2025/CVE-2025-46xx/CVE-2025-4661.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4661", "sourceIdentifier": "sirt@brocade.com", "published": "2025-06-19T03:15:25.530", - "lastModified": "2025-06-19T03:15:25.530", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A path transversal vulnerability in \nBrocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to \ngain access to files outside the intended directory potentially leading \nto the disclosure of sensitive information.\n\n\nNote: Admin level privilege is required on the switch in order to exploit" + }, + { + "lang": "es", + "value": "Una vulnerabilidad path transversal en Brocade Fabric OS 9.1.0 a 9.2.2 podr\u00eda permitir que un usuario administrador local acceda a archivos fuera del directorio previsto, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n confidencial. Nota: Se requieren privilegios de administrador en el switch para explotarla." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-471xx/CVE-2025-47110.json b/CVE-2025/CVE-2025-471xx/CVE-2025-47110.json index 0a6abec3793..cee25254664 100644 --- a/CVE-2025/CVE-2025-471xx/CVE-2025-47110.json +++ b/CVE-2025/CVE-2025-471xx/CVE-2025-47110.json @@ -2,8 +2,8 @@ "id": "CVE-2025-47110", "sourceIdentifier": "psirt@adobe.com", "published": "2025-06-10T16:15:41.210", - "lastModified": "2025-06-12T16:06:39.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-06-23T19:22:00.757", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,7 +19,7 @@ "cvssMetricV31": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 } ] }, @@ -51,10 +71,565 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:-:*:*:*:*:*:*", + "matchCriteriaId": "D258D9EF-94FB-41F0-A7A5-7F66FA7A0055" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p1:*:*:*:*:*:*", + "matchCriteriaId": "4E5CF6F0-2388-4D3F-8FE1-43B8AF148564" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p10:*:*:*:*:*:*", + "matchCriteriaId": "1C3D7164-1C5F-40BC-9EEC-B0E00CD45808" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p11:*:*:*:*:*:*", + "matchCriteriaId": "68AAE162-5957-42AF-BE20-40F341837FAC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p12:*:*:*:*:*:*", + "matchCriteriaId": "D9D01159-3309-4F6B-93B0-2D89DDD33DEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p13:*:*:*:*:*:*", + "matchCriteriaId": "91736E79-D8E7-4AF2-8E01-A7B4EB8AD6F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p2:*:*:*:*:*:*", + "matchCriteriaId": "D6D6F1A7-ABB5-4EDC-9EA8-98B74518847A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p3:*:*:*:*:*:*", + "matchCriteriaId": "CFEBDDF2-6443-4482-83B2-3CD272CF599F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p4:*:*:*:*:*:*", + "matchCriteriaId": "6661093F-8D22-450F-BC6C-A8894A52E6A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p5:*:*:*:*:*:*", + "matchCriteriaId": "2515DA6D-2E74-4A05-BD29-FEEF3322BCB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p6:*:*:*:*:*:*", + "matchCriteriaId": "69A1F1F7-E53C-40F3-B3D9-DC011FC353BF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p7:*:*:*:*:*:*", + "matchCriteriaId": "6A56E96C-6CE5-442C-AA88-F0059B02B5E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p8:*:*:*:*:*:*", + "matchCriteriaId": "8867F510-201C-4199-8554-53DE156CE669" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.4:p9:*:*:*:*:*:*", + "matchCriteriaId": "23988132-DD4E-4968-B6B8-954122F76081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:-:*:*:*:*:*:*", + "matchCriteriaId": "9B07F7B2-E915-4EFF-8FFC-91143CEF082E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p1:*:*:*:*:*:*", + "matchCriteriaId": "7F5E9DB6-1386-4274-8270-2FE0F0CAF7FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p10:*:*:*:*:*:*", + "matchCriteriaId": "5764CC97-C866-415D-A3A1-5B5B9E1C06A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p11:*:*:*:*:*:*", + "matchCriteriaId": "E82D10D8-2894-4E5B-B47B-F00964DD5CDE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p12:*:*:*:*:*:*", + "matchCriteriaId": "B044F2D9-E888-4852-8A40-DCE688860ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p2:*:*:*:*:*:*", + "matchCriteriaId": "8605E4E6-0F7D-42C8-B35B-2349A0BEFC69" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p3:*:*:*:*:*:*", + "matchCriteriaId": "B6318F97-E59A-4425-8DC7-045C78A644F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p4:*:*:*:*:*:*", + "matchCriteriaId": "324A573E-DBC8-42A0-8CB8-EDD8FBAB7115" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p5:*:*:*:*:*:*", + "matchCriteriaId": "54151A00-CFB8-4E6A-8E74-497CB67BF7E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p6:*:*:*:*:*:*", + "matchCriteriaId": "6DF0E74D-9293-4209-97D1-A3BA13C3DDE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p7:*:*:*:*:*:*", + "matchCriteriaId": "8922D646-1A97-47ED-91C6-5A426781C98A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p8:*:*:*:*:*:*", + "matchCriteriaId": "952787C6-9BF1-49FB-9824-1236678E1902" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.5:p9:*:*:*:*:*:*", + "matchCriteriaId": "898A8679-3C46-4718-9EDF-583ADDFCF2EC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:-:*:*:*:*:*:*", + "matchCriteriaId": "7C7AFBB1-F9C9-4BDE-BCEF-94C9F0AC6798" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p1:*:*:*:*:*:*", + "matchCriteriaId": "D6086841-C175-46A1-8414-71C6163A0E7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p10:*:*:*:*:*:*", + "matchCriteriaId": "E57889CC-3E90-46AF-9CD6-3328DD501AD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p2:*:*:*:*:*:*", + "matchCriteriaId": "D2E0DDD1-0F4A-4F96-B25D-40A39A1A535A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p3:*:*:*:*:*:*", + "matchCriteriaId": "A576B1B5-73A2-431E-998F-7E5458B51D6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p4:*:*:*:*:*:*", + "matchCriteriaId": "0E05F4AC-2A28-47E3-96DE-0E31AF73CD43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p5:*:*:*:*:*:*", + "matchCriteriaId": "3A9A62EE-1649-4815-8EC9-7AEF7949EB2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p6:*:*:*:*:*:*", + "matchCriteriaId": "E58690F9-FA9C-42A0-B4CD-91FD1197A53E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p7:*:*:*:*:*:*", + "matchCriteriaId": "77D01D8B-1FBC-43CA-90F9-C89D9B4D18F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p8:*:*:*:*:*:*", + "matchCriteriaId": "8B83729E-80AF-47CE-A70C-32BF83024A40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.6:p9:*:*:*:*:*:*", + "matchCriteriaId": "73D22D42-646D-4955-A6F9-9B7BA63DC0A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:-:*:*:*:*:*:*", + "matchCriteriaId": "B5D04853-0C2F-47DD-A939-3A8F6E22CB7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b1:*:*:*:*:*:*", + "matchCriteriaId": "6EBB0608-034B-4F07-A59B-9E6A989BA260" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:b2:*:*:*:*:*:*", + "matchCriteriaId": "B3BF9B08-84E3-4974-9DEB-F4285995D796" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:beta3:*:*:*:*:*:*", + "matchCriteriaId": "7771BEDB-05E2-430E-B2A2-E2F7574B7114" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p1:*:*:*:*:*:*", + "matchCriteriaId": "2E05341A-C70C-4B3D-AF30-9520D6B97D30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p2:*:*:*:*:*:*", + "matchCriteriaId": "4D98B52E-3B59-4327-AC7E-DDBB0ADA08F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p3:*:*:*:*:*:*", + "matchCriteriaId": "95026AA9-A28B-4D94-BD77-7628429EBA30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p4:*:*:*:*:*:*", + "matchCriteriaId": "83FD1220-7D46-42B2-8110-30A934144572" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.7:p5:*:*:*:*:*:*", + "matchCriteriaId": "3F1439CE-8A3B-414A-B974-559209FF480C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce:2.4.8:-:*:*:*:*:*:*", + "matchCriteriaId": "1EE12F4B-5607-4790-A29B-EE23383BCC1A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:*:*:*:*:*:*", + "matchCriteriaId": "C4667AA3-4CC9-41C0-8E0C-19B0FCE1CF79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:*:*:*:*:*:*", + "matchCriteriaId": "2ADE32D1-2845-4030-BE1F-ECE28189D0F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:*:*:*:*:*:*", + "matchCriteriaId": "F2E771C9-86C4-455C-98D4-6F4FE7A9A822" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:*:*:*:*:*:*", + "matchCriteriaId": "491AB715-F62A-46DB-A56E-055CF7CB7BEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:*:*:*:*:*:*", + "matchCriteriaId": "6FE364A8-4780-426F-9E8A-284A31FE2623" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:*:*:*:*:*:*", + "matchCriteriaId": "1C90C433-6655-4038-9AB3-0304C1AFF360" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:*:*:*:*:*:*", + "matchCriteriaId": "89BAB227-03E6-4776-ADE4-9D9CB666EFD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:*:*:*:*:*:*", + "matchCriteriaId": "0E5ACABA-D6D6-4F29-A9DD-5A04A44ABE64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:*:*:*:*:*:*", + "matchCriteriaId": "FA80AFCE-2663-46C0-AEC0-C16C8E675E6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:*:*:*:*:*:*", + "matchCriteriaId": "6E94B136-7A2C-47F0-BCE4-6BB8E776A305" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:*:*:*:*:*:*", + "matchCriteriaId": "3C5C3F26-24F0-4CF5-AA2E-7CA13E9D17DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:*:*:*:*:*:*", + "matchCriteriaId": "A4BE67D7-6463-4179-8C68-298CF960DBC2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:*:*:*:*:*:*", + "matchCriteriaId": "66F3EA5F-08A2-4A1E-82D3-BBE7FFA2667E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:*:*:*:*:*:*", + "matchCriteriaId": "7930F188-A689-4041-BF4F-FBCA579D2E49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:*:*:*:*:*:*", + "matchCriteriaId": "45090787-93BF-4683-B1E2-7D12FB18BEED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:*:*:*:*:*:*", + "matchCriteriaId": "15C638A8-EFE0-47DB-B1F9-34093AF0FC17" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:*:*:*:*:*:*", + "matchCriteriaId": "CB863404-A9D7-4692-AB43-08945E669928" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:*:*:*:*:*:*", + "matchCriteriaId": "D8CFA8F4-D57D-4D0F-88D5-00A72E3AD8DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:*:*:*:*:*:*", + "matchCriteriaId": "A21F608C-C356-47B8-8FBB-DB28BABFC4C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:*:*:*:*:*:*", + "matchCriteriaId": "E14195F1-5016-46BE-A614-6FB4E312FC93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:*:*:*:*:*:*", + "matchCriteriaId": "9C360EA8-B18F-4327-90EF-7EED2892BE4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:*:*:*:*:*:*", + "matchCriteriaId": "D855D141-7876-4F5A-91BE-6350DD379879" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:-:*:*:open_source:*:*:*", + "matchCriteriaId": "7A41C717-4B9F-4972-ABA3-2294EEC20F3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "3FA80BBC-2DF2-46E1-84CE-8A899415114E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p10:*:*:open_source:*:*:*", + "matchCriteriaId": "783E4AF1-52F3-446B-B003-8079EDA78CBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p11:*:*:open_source:*:*:*", + "matchCriteriaId": "08B7898F-E25A-4D16-A007-6D4543E80C58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p12:*:*:open_source:*:*:*", + "matchCriteriaId": "313CB0C1-2E8C-46AC-B72B-AFA9E0A6E064" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "510B1840-AE77-4BDD-9C09-26C64CC8FC81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "FA1EDF58-8384-48C4-A584-54D24F6F7973" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "9D2D9715-3A6B-4BE0-B1C5-8D19A683A083" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "1C99B578-5DD6-476D-BB75-4DCAD7F79535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p6:*:*:open_source:*:*:*", + "matchCriteriaId": "7C1B2897-79A5-4A5B-9137-7A4B6B85AA84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p7:*:*:open_source:*:*:*", + "matchCriteriaId": "B9E8299D-FA97-483A-8E1B-BA7B869E467D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p8:*:*:open_source:*:*:*", + "matchCriteriaId": "9A1B92EC-E83A-43B3-8F14-5C1A52B579B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.5:p9:*:*:open_source:*:*:*", + "matchCriteriaId": "E5F2B6F1-AE8F-4AEE-9AB3-080976AE48B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:-:*:*:open_source:*:*:*", + "matchCriteriaId": "789BD987-9DAD-4EAE-93DE-0E267D54F124" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "A3F113C0-00C5-4BC2-B42B-8AE3756252F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p10:*:*:open_source:*:*:*", + "matchCriteriaId": "AE842CC8-7795-4238-B727-0BA2FFFBF62C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "02592D65-2D2C-460A-A970-8A18F9B156ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "457B89CF-C75E-4ED6-8603-9C52BA462A9E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "A572A2DC-2DAB-4ABE-8FC2-5AF2340C826F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "2A2DD9C6-BAF5-4DF5-9C14-3478923B2019" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p6:*:*:open_source:*:*:*", + "matchCriteriaId": "BA9CFC70-24CF-4DFA-AEF9-9B5A9DAF837D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p7:*:*:open_source:*:*:*", + "matchCriteriaId": "2AA0B806-ABB8-4C18-9F9C-8291BE208F52" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p8:*:*:open_source:*:*:*", + "matchCriteriaId": "AA9D4DAB-7567-48D7-BE60-2A10B35CFF27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.6:p9:*:*:open_source:*:*:*", + "matchCriteriaId": "A91E797D-63F6-4DE8-869C-AF0133DC6C03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:-:*:*:open_source:*:*:*", + "matchCriteriaId": "0E06FE04-8844-4409-92D9-4972B47C921B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b1:*:*:open_source:*:*:*", + "matchCriteriaId": "99C620F3-40ED-4D7F-B6A1-205E948FD6F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:b2:*:*:open_source:*:*:*", + "matchCriteriaId": "FBCFE5FB-FAB7-4BF0-90AE-79F9590FD872" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:beta3:*:*:open_source:*:*:*", + "matchCriteriaId": "7EB4B9C5-513C-4039-8087-5E8880894318" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p1:*:*:open_source:*:*:*", + "matchCriteriaId": "9C77154A-DBFE-48C3-A274-03075A0DB040" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p2:*:*:open_source:*:*:*", + "matchCriteriaId": "F5AAC414-623C-444F-9BD5-EE0ACE2B2246" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p3:*:*:open_source:*:*:*", + "matchCriteriaId": "8292888D-B0B0-4DF3-8719-EA4CDCAB39D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p4:*:*:open_source:*:*:*", + "matchCriteriaId": "9830E074-FDCF-41E9-98C7-10C20424EF4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.7:p5:*:*:open_source:*:*:*", + "matchCriteriaId": "9D0C8648-B39E-47C7-AA5C-3AFED22F8D40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:magento:2.4.8:-:*:*:open_source:*:*:*", + "matchCriteriaId": "00E8284F-10CD-449C-AEF1-688B8287292F" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/magento/apsb25-50.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-472xx/CVE-2025-47293.json b/CVE-2025/CVE-2025-472xx/CVE-2025-47293.json index 1687941b8b2..87db4ff19a6 100644 --- a/CVE-2025/CVE-2025-472xx/CVE-2025-47293.json +++ b/CVE-2025/CVE-2025-472xx/CVE-2025-47293.json @@ -2,13 +2,17 @@ "id": "CVE-2025-47293", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-19T22:15:19.983", - "lastModified": "2025-06-19T22:15:19.983", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity (XXE) attack and to a server-side request forgery (SSRF) attack. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive files on the system. The vulnerable class is com.powsybl.commons.xml.XmlReader which is considered to be untrusted in use cases where untrusted users can submit their XML to the vulnerable methods. This can be a multi-tenant application that hosts many different users perhaps with different privilege levels. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2." + }, + { + "lang": "es", + "value": "PowSyBl (Power System Blocks) es un framework para crear software orientado a sistemas de energ\u00eda. Antes de la versi\u00f3n 6.7.2, en ciertas \u00e1reas, el an\u00e1lisis de XML de powsybl-core era vulnerable a ataques de entidad externa XML (XXE) y a server-side request forgery (SSRF). Esto permite a un atacante elevar sus privilegios para leer archivos para los que no tiene permiso, incluyendo archivos confidenciales del sistema. La clase vulnerable es com.powsybl.commons.xml.XmlReader, que se considera no confiable en casos donde usuarios no confiables pueden enviar su XML a los m\u00e9todos vulnerables. Esto puede ocurrir en una aplicaci\u00f3n multiusuario que aloja a muchos usuarios diferentes, posiblemente con diferentes niveles de privilegio. Este problema se ha corregido en com.powsybl:powsybl-commons: 6.7.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-477xx/CVE-2025-47771.json b/CVE-2025/CVE-2025-477xx/CVE-2025-47771.json index 300052a412e..890dbec9567 100644 --- a/CVE-2025/CVE-2025-477xx/CVE-2025-47771.json +++ b/CVE-2025/CVE-2025-477xx/CVE-2025-47771.json @@ -2,13 +2,17 @@ "id": "CVE-2025-47771", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-20T00:15:29.730", - "lastModified": "2025-06-20T00:15:29.730", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "PowSyBl (Power System Blocks) is a framework to build power system oriented software. In versions 6.3.0 to 6.7.1, there is a deserialization issue in the read method of the SparseMatrix class that can lead to a wide range of privilege escalations depending on the circumstances. This method takes in an InputStream and returns a SparseMatrix object. This issue has been patched in com.powsybl:powsybl-math: 6.7.2. A workaround for this issue involves not using SparseMatrix deserialization (SparseMatrix.read(...) methods)." + }, + { + "lang": "es", + "value": "PowSyBl (Power System Blocks) es un framework para crear software orientado a sistemas de energ\u00eda. En las versiones 6.3.0 a 6.7.1, existe un problema de deserializaci\u00f3n en el m\u00e9todo de lectura de la clase SparseMatrix que puede provocar diversas escaladas de privilegios seg\u00fan las circunstancias. Este m\u00e9todo recibe un InputStream y devuelve un objeto SparseMatrix. Este problema se ha corregido en com.powsybl:powsybl-math: 6.7.2. Una soluci\u00f3n alternativa consiste en no utilizar la deserializaci\u00f3n de SparseMatrix (m\u00e9todos SparseMatrix.read(...))." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-47xx/CVE-2025-4738.json b/CVE-2025/CVE-2025-47xx/CVE-2025-4738.json index f8691de1229..4ddd093a4fd 100644 --- a/CVE-2025/CVE-2025-47xx/CVE-2025-4738.json +++ b/CVE-2025/CVE-2025-47xx/CVE-2025-4738.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4738", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2025-06-19T13:15:51.840", - "lastModified": "2025-06-19T13:15:51.840", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: before 1.170." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Yirmibes Software MY ERP permite la inyecci\u00f3n SQL. Este problema afecta a MY ERP: antes de 1.170." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-480xx/CVE-2025-48026.json b/CVE-2025/CVE-2025-480xx/CVE-2025-48026.json new file mode 100644 index 00000000000..822a3e6749d --- /dev/null +++ b/CVE-2025/CVE-2025-480xx/CVE-2025-48026.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2025-48026", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-06-23T20:15:28.007", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the WebApl component of Mitel OpenScape Xpressions through V7R1 FR5 HF43 P913 could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to read files from the underlying OS and obtain sensitive information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0005", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mitel.com/support/security-advisories", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-480xx/CVE-2025-48058.json b/CVE-2025/CVE-2025-480xx/CVE-2025-48058.json index c93c342c77c..dda84b1699f 100644 --- a/CVE-2025/CVE-2025-480xx/CVE-2025-48058.json +++ b/CVE-2025/CVE-2025-480xx/CVE-2025-48058.json @@ -2,13 +2,17 @@ "id": "CVE-2025-48058", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-20T01:15:38.530", - "lastModified": "2025-06-20T01:15:38.530", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause significant CPU consumption due to regex backtracking \u2014 even with polynomial patterns. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2." + }, + { + "lang": "es", + "value": "PowSyBl (Power System Blocks) es un framework para crear software orientado a sistemas de energ\u00eda. Antes de la versi\u00f3n 6.7.2, exist\u00eda una posible vulnerabilidad de denegaci\u00f3n de servicio por expresiones regulares (ReDoS) polin\u00f3mica en el mecanismo DataSource de PowSyBl. Si se explota con \u00e9xito, un agente malicioso puede causar un consumo significativo de CPU debido al retroceso de expresiones regulares, incluso con patrones polin\u00f3micos. Este problema se ha corregido en com.powsybl:powsybl-commons: 6.7.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-480xx/CVE-2025-48059.json b/CVE-2025/CVE-2025-480xx/CVE-2025-48059.json index 6614b59639f..46381caf42a 100644 --- a/CVE-2025/CVE-2025-480xx/CVE-2025-48059.json +++ b/CVE-2025/CVE-2025-480xx/CVE-2025-48059.json @@ -2,13 +2,17 @@ "id": "CVE-2025-48059", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-20T17:15:40.560", - "lastModified": "2025-06-20T17:15:40.560", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "PowSyBl (Power System Blocks) is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the RegexCriterion class. This class compiles and evaluates an unvalidated, user-supplied regular expression against the identifier of an Identifiable object via Pattern.compile(regex).matcher(id).find(). If successfully exploited, a malicious actor can cause significant CPU exhaustion through repeated or recursive filter(...) calls \u2014 especially if performed over large network models or filtering operations. This issue has been patched in com.powsybl:powsybl-iidm-criteria 6.7.2." + }, + { + "lang": "es", + "value": "PowSyBl (Power System Blocks) es un framework para crear software orientado a sistemas de energ\u00eda. En com.powsybl:powsybl-iidm-criteria, versiones 6.3.0 y anteriores a la 6.7.2, y com.powsybl:powsybl-contingency-api, versiones 5.0.0 y anteriores a la 6.3.0, existe una posible vulnerabilidad de denegaci\u00f3n de servicio de expresiones regulares (ReDoS) polin\u00f3mica en la clase RegexCriterion. Esta clase compila y eval\u00faa una expresi\u00f3n regular no validada, proporcionada por el usuario, contra el identificador de un objeto identificable mediante Pattern.compile(regex).matcher(id).find(). Si se explota con \u00e9xito, un agente malicioso puede causar un agotamiento significativo de la CPU mediante llamadas repetidas o recursivas a filter(...), especialmente si se realizan sobre modelos de red u operaciones de filtrado de gran tama\u00f1o. Este problema se ha solucionado en com.powsybl:powsybl-iidm-criteria 6.7.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-487xx/CVE-2025-48700.json b/CVE-2025/CVE-2025-487xx/CVE-2025-48700.json index 0e9fe5d35c0..17d99231337 100644 --- a/CVE-2025/CVE-2025-487xx/CVE-2025-48700.json +++ b/CVE-2025/CVE-2025-487xx/CVE-2025-48700.json @@ -2,8 +2,8 @@ "id": "CVE-2025-48700", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-23T15:15:27.930", - "lastModified": "2025-06-23T15:15:27.930", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-487xx/CVE-2025-48705.json b/CVE-2025/CVE-2025-487xx/CVE-2025-48705.json index 5b420e5ce2d..cc6a3d4c5cd 100644 --- a/CVE-2025/CVE-2025-487xx/CVE-2025-48705.json +++ b/CVE-2025/CVE-2025-487xx/CVE-2025-48705.json @@ -2,8 +2,8 @@ "id": "CVE-2025-48705", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:29.633", - "lastModified": "2025-06-23T15:15:28.067", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-487xx/CVE-2025-48706.json b/CVE-2025/CVE-2025-487xx/CVE-2025-48706.json index 7be05919bfb..c4b72d8f18e 100644 --- a/CVE-2025/CVE-2025-487xx/CVE-2025-48706.json +++ b/CVE-2025/CVE-2025-487xx/CVE-2025-48706.json @@ -2,16 +2,55 @@ "id": "CVE-2025-48706", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-20T14:15:29.750", - "lastModified": "2025-06-20T14:15:29.750", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an out-of-bounds read vulnerability, sending a crafted BLE message forces the device to reboot." + }, + { + "lang": "es", + "value": "Se detect\u00f3 un problema en COROS PACE 3 a 3.0808.0. Debido a una vulnerabilidad de lectura fuera de los l\u00edmites, el env\u00edo de un mensaje BLE manipulado obliga al dispositivo a reiniciarse." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://syss.de", diff --git a/CVE-2025/CVE-2025-488xx/CVE-2025-48886.json b/CVE-2025/CVE-2025-488xx/CVE-2025-48886.json index 4c6cdcb509e..b6c98e203de 100644 --- a/CVE-2025/CVE-2025-488xx/CVE-2025-48886.json +++ b/CVE-2025/CVE-2025-488xx/CVE-2025-48886.json @@ -2,13 +2,17 @@ "id": "CVE-2025-48886", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-19T15:15:20.473", - "lastModified": "2025-06-19T15:15:20.473", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra considers those events as finalized as soon as they are recognized by the node participants making such transactions the target of re-org attacks. The system does not currently consider the fact that failed transactions on the Cardano L1 can indeed appear in blocks because these transactions are so infrequent. This issue has been patched in version 0.22.0." + }, + { + "lang": "es", + "value": "Hydra es una soluci\u00f3n de escalabilidad de capa dos para Cardano. Antes de la versi\u00f3n 0.22.0, el proceso asum\u00eda la finalizaci\u00f3n de los eventos L1 y no consideraba las transacciones fallidas. Actualmente, Cardano L1 se monitoriza para detectar ciertos eventos necesarios para la progresi\u00f3n del estado. Hydra considera estos eventos como finalizados en cuanto los reconocen los participantes del nodo, lo que convierte a estas transacciones en blanco de ataques de reorganizaci\u00f3n. El sistema no considera que las transacciones fallidas en Cardano L1 puedan aparecer en bloques debido a su baja frecuencia. Este problema se ha corregido en la versi\u00f3n 0.22.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48945.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48945.json index 8addf06831f..cb31da36b05 100644 --- a/CVE-2025/CVE-2025-489xx/CVE-2025-48945.json +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48945.json @@ -2,13 +2,17 @@ "id": "CVE-2025-48945", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-20T20:15:33.570", - "lastModified": "2025-06-20T20:15:33.570", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism." + }, + { + "lang": "es", + "value": "Pycares es un m\u00f3dulo de Python que proporciona una interfaz para c-ares. C-ares es una librer\u00eda de C que realiza solicitudes DNS y resoluciones de nombres de forma as\u00edncrona. En versiones anteriores a la 4.9.0, Pycares era vulnerable a una condici\u00f3n de use-after-free que se produce cuando un objeto de canal se recolecta como basura mientras las consultas DNS a\u00fan est\u00e1n pendientes. Esto provoca un error fatal de Python y un fallo del int\u00e9rprete. Esta vulnerabilidad se ha corregido en Pycares 4.9.0 mediante la implementaci\u00f3n de un mecanismo seguro de destrucci\u00f3n de canales." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-489xx/CVE-2025-48957.json b/CVE-2025/CVE-2025-489xx/CVE-2025-48957.json index b96340dff7a..b0ee1595b8c 100644 --- a/CVE-2025/CVE-2025-489xx/CVE-2025-48957.json +++ b/CVE-2025/CVE-2025-489xx/CVE-2025-48957.json @@ -2,7 +2,7 @@ "id": "CVE-2025-48957", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-02T12:15:25.680", - "lastModified": "2025-06-02T17:32:17.397", + "lastModified": "2025-06-23T18:15:21.347", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -68,6 +68,14 @@ "url": "https://github.com/AstrBotDevs/AstrBot/security/advisories/GHSA-cq37-g2qp-3c2p", "source": "security-advisories@github.com" }, + { + "url": "https://www.vicarius.io/vsociety/posts/cve-2025-48957-detect-astrbot-dashboard-vulnerability?prevUrl=wizard", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://www.vicarius.io/vsociety/posts/cve-2025-48957-mitigate-astrbot-dashboard-vulnerability?prevUrl=wizard", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://github.com/AstrBotDevs/AstrBot/security/advisories/GHSA-cq37-g2qp-3c2p", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0" diff --git a/CVE-2025/CVE-2025-48xx/CVE-2025-4820.json b/CVE-2025/CVE-2025-48xx/CVE-2025-4820.json index 35a0a6bad21..19d734dcfa5 100644 --- a/CVE-2025/CVE-2025-48xx/CVE-2025-4820.json +++ b/CVE-2025/CVE-2025-48xx/CVE-2025-4820.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4820", "sourceIdentifier": "cna@cloudflare.com", "published": "2025-06-18T16:15:28.403", - "lastModified": "2025-06-18T16:15:28.403", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Impact\n\nCloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.\n\nAn unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames exercising an opportunistic ACK attack; see RFC 9000 Section 21.4. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support.\n\n\n\nPatches\n\n\nquiche 0.24.4 is the earliest version containing the fix for this issue." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Quiche de Cloudflare era vulnerable a un crecimiento incorrecto de la ventana de congesti\u00f3n, lo que podr\u00eda provocar que enviara datos a una velocidad superior a la que la ruta realmente admite. Un atacante remoto no autenticado puede explotar esta vulnerabilidad completando primero un protocolo de enlace e iniciando una transferencia de datos controlada por congesti\u00f3n hacia s\u00ed mismo. Posteriormente, podr\u00eda manipular el estado de control de congesti\u00f3n de la v\u00edctima enviando tramas ACK, lo que implica un ataque ACK oportunista (v\u00e9ase RFC 9000, secci\u00f3n 21.4). La v\u00edctima podr\u00eda aumentar la ventana de congesti\u00f3n m\u00e1s all\u00e1 de lo esperado y permitir m\u00e1s bytes en tr\u00e1nsito de los que la ruta realmente admite. La versi\u00f3n 0.24.4 de Quiche es la m\u00e1s reciente que corrige este problema." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-48xx/CVE-2025-4821.json b/CVE-2025/CVE-2025-48xx/CVE-2025-4821.json index 3beb3a80f48..790eda2333d 100644 --- a/CVE-2025/CVE-2025-48xx/CVE-2025-4821.json +++ b/CVE-2025/CVE-2025-48xx/CVE-2025-4821.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4821", "sourceIdentifier": "cna@cloudflare.com", "published": "2025-06-18T16:15:28.527", - "lastModified": "2025-06-18T16:15:28.527", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Impact\n\nCloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.\n\nAn unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames covering a large range of packet numbers (including packet numbers that had never been sent); see RFC 9000 Section 19.3. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. In extreme cases, the window might grow beyond the limit of the internal variable's type, leading to an overflow panic.\n\n\n\nPatches\n\n\nquiche 0.24.4 is the earliest version containing the fix for this issue." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Quiche de Cloudflare era vulnerable a un crecimiento incorrecto de la ventana de congesti\u00f3n, lo que podr\u00eda provocar el env\u00edo de datos a una velocidad superior a la que la ruta realmente admite. Un atacante remoto no autenticado puede explotar esta vulnerabilidad completando primero un protocolo de enlace e iniciando una transferencia de datos controlada por congesti\u00f3n hacia s\u00ed mismo. Posteriormente, podr\u00eda manipular el estado de control de congesti\u00f3n de la v\u00edctima enviando tramas ACK que abarcan una amplia gama de n\u00fameros de paquetes (incluidos los que nunca se enviaron); consulte la secci\u00f3n 19.3 de RFC 9000. La v\u00edctima podr\u00eda ampliar la ventana de congesti\u00f3n m\u00e1s all\u00e1 de lo esperado y permitir m\u00e1s bytes en tr\u00e1nsito de los que la ruta realmente admite. En casos extremos, la ventana podr\u00eda sobrepasar el l\u00edmite del tipo de la variable interna, lo que provocar\u00eda un p\u00e1nico por desbordamiento. Parches: Quiche 0.24.4 es la versi\u00f3n m\u00e1s antigua que contiene la soluci\u00f3n para este problema." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-490xx/CVE-2025-49014.json b/CVE-2025/CVE-2025-490xx/CVE-2025-49014.json index 3b418287ec6..0545a6f43f9 100644 --- a/CVE-2025/CVE-2025-490xx/CVE-2025-49014.json +++ b/CVE-2025/CVE-2025-490xx/CVE-2025-49014.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49014", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-19T15:15:20.650", - "lastModified": "2025-06-19T15:15:20.650", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function f_strflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication." + }, + { + "lang": "es", + "value": "jq es un procesador JSON de l\u00ednea de comandos. En la versi\u00f3n 1.8.0 existe una vulnerabilidad de heap use after free en la funci\u00f3n f_strflocaltime de /src/builtin.c. Este problema se ha corregido en el commit 499c91b; no se conoce ninguna versi\u00f3n al momento de la publicaci\u00f3n. " } ], "metrics": { diff --git a/CVE-2025/CVE-2025-490xx/CVE-2025-49015.json b/CVE-2025/CVE-2025-490xx/CVE-2025-49015.json index eee5a62cf18..42fdb29d5c4 100644 --- a/CVE-2025/CVE-2025-490xx/CVE-2025-49015.json +++ b/CVE-2025/CVE-2025-490xx/CVE-2025-49015.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49015", "sourceIdentifier": "cve@mitre.org", "published": "2025-06-18T14:15:44.870", - "lastModified": "2025-06-18T15:15:27.550", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default." + }, + { + "lang": "es", + "value": "El SDK de Couchbase .NET (librer\u00eda cliente) anterior a la versi\u00f3n 3.7.1 no habilita correctamente la verificaci\u00f3n de nombres de host para certificados TLS. De hecho, el SDK tambi\u00e9n usaba direcciones IP en lugar de nombres de host debido a una opci\u00f3n de configuraci\u00f3n incorrectamente habilitada por defecto." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-491xx/CVE-2025-49126.json b/CVE-2025/CVE-2025-491xx/CVE-2025-49126.json new file mode 100644 index 00000000000..522dc103917 --- /dev/null +++ b/CVE-2025/CVE-2025-491xx/CVE-2025-49126.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-49126", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-23T18:15:21.517", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Visionatrix is an AI Media processing tool using ComfyUI. In versions 1.5.0 to before 2.5.1, the /docs/flows endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack allowing full takeover of the application and exfiltration of secrets stored in the application. The implementation uses the get_swagger_ui_html function from FastAPI. This function does not encode or sanitize its arguments before using them to generate the HTML for the swagger documentation page and is not intended to be used with user-controlled arguments. Any user of this application can be targeted with a one-click attack that can takeover their session and all the secrets that may be contained within it. This issue has been patched in version 2.5.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Visionatrix/Visionatrix/commit/63aafe6e4d1bffe4bf69e73b6fdfc65c71a8f5b8", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Visionatrix/Visionatrix/security/advisories/GHSA-w36r-9jvx-q48v", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-491xx/CVE-2025-49132.json b/CVE-2025/CVE-2025-491xx/CVE-2025-49132.json index ab48fba7a3c..228b930c442 100644 --- a/CVE-2025/CVE-2025-491xx/CVE-2025-49132.json +++ b/CVE-2025/CVE-2025-491xx/CVE-2025-49132.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49132", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-20T17:15:41.140", - "lastModified": "2025-06-20T17:15:41.140", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack." + }, + { + "lang": "es", + "value": "Pterodactyl es un panel de administraci\u00f3n de servidores de juegos gratuito y de c\u00f3digo abierto. Antes de la versi\u00f3n 1.11.11, al usar el archivo /locales/locale.json con los par\u00e1metros de consulta de configuraci\u00f3n regional y espacio de nombres, un actor malicioso pod\u00eda ejecutar c\u00f3digo arbitrario sin estar autenticado. Esta capacidad de ejecutar c\u00f3digo arbitrario pod\u00eda utilizarse para acceder al servidor del panel, leer credenciales de su configuraci\u00f3n, extraer informaci\u00f3n confidencial de la base de datos, acceder a los archivos de los servidores administrados por el panel, etc. Este problema se ha corregido en la versi\u00f3n 1.11.11. No existen soluciones alternativas de software para esta vulnerabilidad, pero el uso de un firewall de aplicaciones web (WAF) externo podr\u00eda ayudar a mitigar este ataque." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-491xx/CVE-2025-49144.json b/CVE-2025/CVE-2025-491xx/CVE-2025-49144.json new file mode 100644 index 00000000000..22a9f918492 --- /dev/null +++ b/CVE-2025/CVE-2025-491xx/CVE-2025-49144.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2025-49144", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-23T19:15:23.727", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder - which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges. This issue has been fixed and will be released in version 8.8.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-272" + }, + { + "lang": "en", + "value": "CWE-276" + }, + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/drive/folders/11yeUSWgqHvt4Bz5jO3ilRRfcpQZ6Gvpn", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/notepad-plus-plus/notepad-plus-plus/commit/f2346ea00d5b4d907ed39d8726b38d77c8198f30", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/notepad-plus-plus/notepad-plus-plus/security/advisories/GHSA-9vx8-v79m-6m24", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-491xx/CVE-2025-49175.json b/CVE-2025/CVE-2025-491xx/CVE-2025-49175.json index 0dacc46c95e..2c056e8a530 100644 --- a/CVE-2025/CVE-2025-491xx/CVE-2025-49175.json +++ b/CVE-2025/CVE-2025-491xx/CVE-2025-49175.json @@ -2,7 +2,7 @@ "id": "CVE-2025-49175", "sourceIdentifier": "secalert@redhat.com", "published": "2025-06-17T15:15:45.290", - "lastModified": "2025-06-23T07:15:19.810", + "lastModified": "2025-06-23T19:15:23.943", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -68,6 +68,10 @@ "url": "https://access.redhat.com/errata/RHSA-2025:9306", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9392", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-49175", "source": "secalert@redhat.com" diff --git a/CVE-2025/CVE-2025-491xx/CVE-2025-49176.json b/CVE-2025/CVE-2025-491xx/CVE-2025-49176.json index 8edc4990224..815f60c531a 100644 --- a/CVE-2025/CVE-2025-491xx/CVE-2025-49176.json +++ b/CVE-2025/CVE-2025-491xx/CVE-2025-49176.json @@ -2,7 +2,7 @@ "id": "CVE-2025-49176", "sourceIdentifier": "secalert@redhat.com", "published": "2025-06-17T15:15:45.470", - "lastModified": "2025-06-23T07:15:19.967", + "lastModified": "2025-06-23T19:15:24.090", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -68,6 +68,10 @@ "url": "https://access.redhat.com/errata/RHSA-2025:9306", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9392", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-49176", "source": "secalert@redhat.com" diff --git a/CVE-2025/CVE-2025-491xx/CVE-2025-49178.json b/CVE-2025/CVE-2025-491xx/CVE-2025-49178.json index 166e34b0625..6ae9a6edb35 100644 --- a/CVE-2025/CVE-2025-491xx/CVE-2025-49178.json +++ b/CVE-2025/CVE-2025-491xx/CVE-2025-49178.json @@ -2,7 +2,7 @@ "id": "CVE-2025-49178", "sourceIdentifier": "secalert@redhat.com", "published": "2025-06-17T15:15:45.813", - "lastModified": "2025-06-23T07:15:20.257", + "lastModified": "2025-06-23T19:15:24.233", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -68,6 +68,10 @@ "url": "https://access.redhat.com/errata/RHSA-2025:9306", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9392", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-49178", "source": "secalert@redhat.com" diff --git a/CVE-2025/CVE-2025-491xx/CVE-2025-49179.json b/CVE-2025/CVE-2025-491xx/CVE-2025-49179.json index 63980c3ac32..a1609272eca 100644 --- a/CVE-2025/CVE-2025-491xx/CVE-2025-49179.json +++ b/CVE-2025/CVE-2025-491xx/CVE-2025-49179.json @@ -2,7 +2,7 @@ "id": "CVE-2025-49179", "sourceIdentifier": "secalert@redhat.com", "published": "2025-06-17T15:15:46.000", - "lastModified": "2025-06-23T07:15:20.387", + "lastModified": "2025-06-23T19:15:24.383", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -68,6 +68,10 @@ "url": "https://access.redhat.com/errata/RHSA-2025:9306", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9392", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-49179", "source": "secalert@redhat.com" diff --git a/CVE-2025/CVE-2025-491xx/CVE-2025-49180.json b/CVE-2025/CVE-2025-491xx/CVE-2025-49180.json index 6390a75626b..84b2223a1de 100644 --- a/CVE-2025/CVE-2025-491xx/CVE-2025-49180.json +++ b/CVE-2025/CVE-2025-491xx/CVE-2025-49180.json @@ -2,7 +2,7 @@ "id": "CVE-2025-49180", "sourceIdentifier": "secalert@redhat.com", "published": "2025-06-17T15:15:46.183", - "lastModified": "2025-06-23T07:15:20.507", + "lastModified": "2025-06-23T19:15:24.517", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -68,6 +68,10 @@ "url": "https://access.redhat.com/errata/RHSA-2025:9306", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:9392", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2025-49180", "source": "secalert@redhat.com" diff --git a/CVE-2025/CVE-2025-495xx/CVE-2025-49574.json b/CVE-2025/CVE-2025-495xx/CVE-2025-49574.json new file mode 100644 index 00000000000..152cf8fdbf5 --- /dev/null +++ b/CVE-2025/CVE-2025-495xx/CVE-2025-49574.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-49574", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-06-23T20:15:28.170", + "lastModified": "2025-06-23T20:16:21.633", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. In versions prior to 3.24.0, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation. With the new semantic data from one transaction can leak to the data from another transaction. From a Vert.x point of view, this new semantic clarifies the behavior. A significant amount of data is stored in the duplicated context, including request scope, security details, and metadata. Duplicating a duplicated context is rather rare and is only done in a few places. This issue has been patched in version 3.24.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/quarkusio/quarkus/issues/48227", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-495xx/CVE-2025-49590.json b/CVE-2025/CVE-2025-495xx/CVE-2025-49590.json index b10a01e3e90..898f813a32f 100644 --- a/CVE-2025/CVE-2025-495xx/CVE-2025-49590.json +++ b/CVE-2025/CVE-2025-495xx/CVE-2025-49590.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49590", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-18T23:15:19.200", - "lastModified": "2025-06-18T23:15:19.200", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CryptPad is a collaboration suite. Prior to version 2025.3.0, the \"Link Bouncer\" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an \"early allow\" code path that happens before the URI's protocol/scheme is checked, which a maliciously crafted URI can follow. This issue has been patched in version 2025.3.0." + }, + { + "lang": "es", + "value": "CryptPad es una suite de colaboraci\u00f3n. Antes de la versi\u00f3n 2025.3.0, la funci\u00f3n \"Link Bouncer\" intentaba filtrar las URI de JavaScript para evitar el Cross-Site Scripting (XSS); sin embargo, esto se puede omitir. Existe una ruta de c\u00f3digo de \"permiso anticipado\" que se ejecuta antes de que se verifique el protocolo/esquema de la URI, la cual una URI maliciosa puede seguir. Este problema se ha corregido en la versi\u00f3n 2025.3.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-495xx/CVE-2025-49591.json b/CVE-2025/CVE-2025-495xx/CVE-2025-49591.json index e2161e0e7ab..5fc59352b75 100644 --- a/CVE-2025/CVE-2025-495xx/CVE-2025-49591.json +++ b/CVE-2025/CVE-2025-495xx/CVE-2025-49591.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49591", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-18T23:15:19.403", - "lastModified": "2025-06-18T23:15:19.403", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the victim has 2FA set up. This is due to 2FA not being enforced if the path parameter is not 44 characters long, which can be bypassed by simply URL encoding a single character in the path. This issue has been patched in version 2025.3.0." + }, + { + "lang": "es", + "value": "CryptPad es una suite de colaboraci\u00f3n. Antes de la versi\u00f3n 2025.3.0, la aplicaci\u00f3n de la autenticaci\u00f3n de dos factores (2FA) en CryptPad pod\u00eda eludirse f\u00e1cilmente debido a la implementaci\u00f3n deficiente de los controles de acceso. Un atacante que compromete las credenciales de un usuario puede acceder a la cuenta de la v\u00edctima, incluso si esta tiene configurada la 2FA. Esto se debe a que la 2FA no se aplica si el par\u00e1metro de ruta no tiene 44 caracteres, lo cual puede eludirse simplemente codificando un solo car\u00e1cter en la ruta. Este problema se ha corregido en la versi\u00f3n 2025.3.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-497xx/CVE-2025-49715.json b/CVE-2025/CVE-2025-497xx/CVE-2025-49715.json index 0e3c7657a64..88ad949c506 100644 --- a/CVE-2025/CVE-2025-497xx/CVE-2025-49715.json +++ b/CVE-2025/CVE-2025-497xx/CVE-2025-49715.json @@ -2,8 +2,8 @@ "id": "CVE-2025-49715", "sourceIdentifier": "secure@microsoft.com", "published": "2025-06-20T01:15:38.707", - "lastModified": "2025-06-20T01:15:38.707", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "secure@microsoft.com", @@ -16,6 +16,10 @@ { "lang": "en", "value": "Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network." + }, + { + "lang": "es", + "value": "La exposici\u00f3n de informaci\u00f3n personal privada a un actor no autorizado en Dynamics 365 FastTrack Implementation Assets permite que un atacante no autorizado divulgue informaci\u00f3n a trav\u00e9s de una red." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-497xx/CVE-2025-49763.json b/CVE-2025/CVE-2025-497xx/CVE-2025-49763.json index 8fc06620c8f..6109fdbc9b6 100644 --- a/CVE-2025/CVE-2025-497xx/CVE-2025-49763.json +++ b/CVE-2025/CVE-2025-497xx/CVE-2025-49763.json @@ -2,8 +2,8 @@ "id": "CVE-2025-49763", "sourceIdentifier": "security@apache.org", "published": "2025-06-19T10:15:21.887", - "lastModified": "2025-06-20T14:15:30.187", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-498xx/CVE-2025-49873.json b/CVE-2025/CVE-2025-498xx/CVE-2025-49873.json index 7faed7b0adc..e8b72eac7fd 100644 --- a/CVE-2025/CVE-2025-498xx/CVE-2025-49873.json +++ b/CVE-2025/CVE-2025-498xx/CVE-2025-49873.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49873", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:20.990", - "lastModified": "2025-06-20T15:15:20.990", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Elessi allows Reflected XSS. This issue affects Elessi: from n/a through 6.3.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NasaTheme Elessi permite XSS reflejado. Este problema afecta a Elessi desde n/d hasta la versi\u00f3n 6.3.9." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49964.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49964.json index 509ecaf2227..48984889d30 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49964.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49964.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49964", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:21.137", - "lastModified": "2025-06-20T15:15:21.137", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in indgeek ClipLink allows Cross Site Request Forgery. This issue affects ClipLink: from n/a through 1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en indgeek ClipLink permite Cross-Site Request Forgery. Este problema afecta a ClipLink desde la versi\u00f3n n/d hasta la 1.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49965.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49965.json index 4a35b21e9d5..f44b5b4fe91 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49965.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49965.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49965", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:21.287", - "lastModified": "2025-06-20T15:15:21.287", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Oganro PixelBeds Channel Manager and Hotel Booking Engine allows Cross Site Request Forgery. This issue affects PixelBeds Channel Manager and Hotel Booking Engine: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Oganro PixelBeds Channel Manager and Hotel Booking Engine permite Cross-Site Request Forgery. Este problema afecta a PixelBeds Channel Manager y al motor de reservas de hoteles desde la versi\u00f3n n/d hasta la 1.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49966.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49966.json index dc885b53eab..8b80e3992cf 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49966.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49966.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49966", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:21.430", - "lastModified": "2025-06-20T15:15:21.430", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API allows Cross Site Request Forgery. This issue affects Oganro Travel Portal Search Widget for HotelBeds APITUDE API: from n/a through 1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Oganro Oganro Travel Portal Search Widget for HotelBeds APITUDE API permite Cross-Site Request Forgery. Este problema afecta al widget de b\u00fasqueda del portal de viajes Oganro para la API APITUDE de HotelBeds: desde n/d hasta la versi\u00f3n 1.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49967.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49967.json index 5c83e1861b9..63b6e08e57b 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49967.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49967.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49967", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:21.583", - "lastModified": "2025-06-20T15:15:21.583", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in marcusjansen Live Sports Streamthunder allows Cross Site Request Forgery. This issue affects Live Sports Streamthunder: from n/a through 2.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en marcusjansen Live Sports Streamthunder permite Cross-Site Request Forgery. Este problema afecta a Live Sports Streamthunder desde n/d hasta la versi\u00f3n 2.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49968.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49968.json index 9703b82dd91..2ad670a8d2e 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49968.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49968.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49968", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:21.753", - "lastModified": "2025-06-20T15:15:21.753", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Oganro XML Travel Portal Widget allows Cross Site Request Forgery. This issue affects XML Travel Portal Widget: from n/a through 2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Oganro XML Travel Portal Widget permite Cross-Site Request Forgery. Este problema afecta al widget XML del portal de viajes desde la versi\u00f3n n/d hasta la 2.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49969.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49969.json index 5932f51a801..686117e009a 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49969.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49969.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49969", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:21.933", - "lastModified": "2025-06-20T15:15:21.933", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zara 4 Image Compression: from n/a through 1.2.17.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Zara 4 Zara 4 Image Compression permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Zara 4 Image Compression desde n/d hasta la versi\u00f3n 1.2.17.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49970.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49970.json index 092684562a4..571895dc4d7 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49970.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49970.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49970", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:22.113", - "lastModified": "2025-06-20T15:15:22.113", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hello FSE Blog: from n/a through 1.0.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en sparklewpthemes Hello FSE Blog permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al blog Hello FSE desde la versi\u00f3n n/d hasta la 1.0.6." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49971.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49971.json index 915a334a766..606c16af061 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49971.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49971.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49971", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:22.300", - "lastModified": "2025-06-20T15:15:22.300", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in aThemeArt Translations eDS Responsive Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects eDS Responsive Menu: from n/a through 1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en aThemeArt Translations eDS Responsive Menu permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al men\u00fa adaptable de eDS desde la versi\u00f3n n/d hasta la 1.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49972.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49972.json index 1afe69fc2b0..14616bd7f73 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49972.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49972.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49972", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:22.463", - "lastModified": "2025-06-20T15:15:22.463", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in David Wood TM Replace Howdy allows Cross Site Request Forgery. This issue affects TM Replace Howdy: from n/a through 1.4.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en David Wood TM Replace Howdy permite Cross-Site Request Forgery. Este problema afecta a TM Replace Howdy desde n/d hasta la versi\u00f3n 1.4.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49973.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49973.json index 4d5ff1fad35..5a5eda6c365 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49973.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49973.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49973", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:22.647", - "lastModified": "2025-06-20T15:15:22.647", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes: from n/a through 1.0.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en GrandPlugins Image Sizes Controller, Create Custom Image Sizes, Disable Image Sizes, permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al controlador de tama\u00f1os de imagen, \"Crear tama\u00f1os de imagen personalizados\", \"Deshabilitar tama\u00f1os de imagen\": desde n/d hasta la versi\u00f3n 1.0.9." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49974.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49974.json index a91469a7b8e..1498b00c3c0 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49974.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49974.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49974", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:22.807", - "lastModified": "2025-06-20T15:15:22.807", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in upstreamplugin UpStream: a Project Management Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects UpStream: a Project Management Plugin for WordPress: from n/a through 2.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de autorizaci\u00f3n en upstreamplugin UpStream: a Project Management Plugin for WordPress permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a UpStream, un plugin de gesti\u00f3n de proyectos para WordPress, desde la versi\u00f3n n/d hasta la 2.1.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49975.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49975.json index 8f3ad3b788a..4bf77f761dd 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49975.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49975.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49975", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:22.973", - "lastModified": "2025-06-20T15:15:22.973", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak JobWP allows Cross Site Request Forgery. This issue affects JobWP: from n/a through 2.4.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Hossni Mubarak JobWP permite Cross-Site Request Forgery. Este problema afecta a JobWP desde la versi\u00f3n n/a hasta la 2.4.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49976.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49976.json index 87efabf4755..6667a112533 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49976.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49976.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49976", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:23.127", - "lastModified": "2025-06-20T15:15:23.127", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in WANotifier WANotifier allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WANotifier: from n/a through 2.7.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de autorizaci\u00f3n en WANotifier WANotifier permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WANotifier desde la versi\u00f3n n/d hasta la 2.7.7." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49977.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49977.json index 9149c69bc68..e538473fa4f 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49977.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49977.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49977", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:23.277", - "lastModified": "2025-06-20T15:15:23.277", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory WP Inventory Manager allows Cross Site Request Forgery. This issue affects WP Inventory Manager: from n/a through 2.3.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WP Inventory WP Inventory Manager permite Cross-Site Request Forgery. Este problema afecta a WP Inventory Manager desde n/d hasta la versi\u00f3n 2.3.4." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49978.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49978.json index 0d76b04e9df..2606b78e2ab 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49978.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49978.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49978", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:23.420", - "lastModified": "2025-06-20T15:15:23.420", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobSearch: from n/a through 2.9.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n mediante clave controlada por el usuario en Eyecix JobSearch permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a JobSearch desde n/d hasta la versi\u00f3n 2.9.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49979.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49979.json index ef8828f6b55..cd4b43f0846 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49979.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49979.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49979", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:23.570", - "lastModified": "2025-06-20T15:15:23.570", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in slui Media Hygiene allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Media Hygiene: from n/a through 4.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en slui Media Hygiene permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Media Hygiene desde n/d hasta la versi\u00f3n 4.0.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49980.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49980.json index d2178f49da3..152896a9677 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49980.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49980.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49980", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:23.710", - "lastModified": "2025-06-20T15:15:23.710", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in WP Event Manager WP User Profile Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Profile Avatar: from n/a through 1.0.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de autorizaci\u00f3n en WP Event Manager WP User Profile Avatar permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP User Profile Avatar desde n/d hasta la versi\u00f3n 1.0.6." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49981.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49981.json index 7fe12376c12..d5e38480d7b 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49981.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49981.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49981", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:23.857", - "lastModified": "2025-06-20T15:15:23.857", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in mahabub81 User Roles and Capabilities allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects User Roles and Capabilities: from n/a through 1.2.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en mahabub81 User Roles and Capabilities permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los roles y capacidades de usuario desde n/d hasta la versi\u00f3n 1.2.6." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49982.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49982.json index 49d2fd184c5..3125cf29c35 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49982.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49982.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49982", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:24.000", - "lastModified": "2025-06-20T15:15:24.000", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in aguilatechnologies WP Customer Area allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Customer Area: from n/a through 8.2.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en aguilatechnologies WP Customer Area permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al \u00c1rea de Clientes de WP desde n/d hasta la versi\u00f3n 8.2.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49983.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49983.json index c6fadea6710..150803e7e05 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49983.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49983.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49983", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:24.143", - "lastModified": "2025-06-20T15:15:24.143", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Joe Hoyle WPThumb allows Server Side Request Forgery. This issue affects WPThumb: from n/a through 0.10." + }, + { + "lang": "es", + "value": "La vulnerabilidad de server-side request forgery (SSRF) en Joe Hoyle WPThumb permite server-side request forgery. Este problema afecta a WPThumb desde n/d hasta la versi\u00f3n 0.10." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49984.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49984.json index 82e6e5b8267..a7bd8f42a7b 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49984.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49984.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49984", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:24.290", - "lastModified": "2025-06-20T15:15:24.290", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Angelo Mandato PowerPress Podcasting allows Server Side Request Forgery. This issue affects PowerPress Podcasting: from n/a through 11.12.11." + }, + { + "lang": "es", + "value": "La vulnerabilidad de server-side request forgery (SSRF) en Angelo Mandato PowerPress Podcasting permite server-side request forgery. Este problema afecta a PowerPress Podcasting desde n/d hasta la versi\u00f3n 11.12.11." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49985.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49985.json index e0f101976bd..6a67f4f4fa4 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49985.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49985.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49985", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:24.430", - "lastModified": "2025-06-20T15:15:24.430", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in Ali Irani Auto Upload Images allows Server Side Request Forgery. This issue affects Auto Upload Images: from n/a through 3.3.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de server-side request forgery (SSRF) en Ali Irani Auto Upload Images permite server-side request forgery. Este problema afecta a la carga autom\u00e1tica de im\u00e1genes desde la versi\u00f3n n/d hasta la 3.3.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49986.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49986.json index a7d7785d9f3..b0a3e5984c6 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49986.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49986.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49986", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:24.577", - "lastModified": "2025-06-20T15:15:24.577", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in thanhtungtnt Video List Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Video List Manager: from n/a through 1.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en thanhtungtnt Video List Manager permite acceder a funciones no restringidas correctamente por las ACL. Este problema afecta a Video List Manager desde n/d hasta la versi\u00f3n 1.7." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49987.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49987.json index 05597e00602..772fafa9c3d 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49987.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49987.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49987", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:24.723", - "lastModified": "2025-06-20T15:15:24.723", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in WPFactory CRM ERP Business Solution allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CRM ERP Business Solution: from n/a through 1.13." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en WPFactory CRM ERP Business Solution permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a CRM ERP Business Solution desde n/d hasta la versi\u00f3n 1.13." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49988.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49988.json index d79a368d5c5..1b007c548b2 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49988.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49988.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49988", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:24.877", - "lastModified": "2025-06-20T15:15:24.877", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Renzo Contact Form 7 AWeber Extension allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Contact Form 7 AWeber Extension: from n/a through 0.1.38." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Renzo Contact Form 7 AWeber Extension permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a la extensi\u00f3n AWeber de Contact Form 7 desde n/d hasta la versi\u00f3n 0.1.38." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49989.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49989.json index 852db9b40a0..51699d13ae8 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49989.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49989.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49989", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:25.027", - "lastModified": "2025-06-20T15:15:25.027", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in App Cheap App Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects App Builder: from n/a through 5.5.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en App Cheap App Builder permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a App Builder desde n/d hasta la versi\u00f3n 5.5.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49990.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49990.json index 1499b3b4ecc..1f301e1ce2a 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49990.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49990.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49990", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:25.170", - "lastModified": "2025-06-20T15:15:25.170", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in contentstudio ContentStudio allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ContentStudio: from n/a through 1.3.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de autorizaci\u00f3n en contentstudio ContentStudio permite acceder a funcionalidades no restringidas correctamente por las ACL. Este problema afecta a ContentStudio desde la versi\u00f3n n/d hasta la 1.3.4." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49991.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49991.json index 238c3969b16..70c1c89b6f9 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49991.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49991.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49991", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:25.320", - "lastModified": "2025-06-20T15:15:25.320", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in tggfref WP-Recall allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP-Recall: from n/a through 16.26.14." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en tggfref de WP-Recall permite acceder a funcionalidades no restringidas correctamente por las ACL. Este problema afecta a WP-Recall desde n/d hasta la versi\u00f3n 16.26.14." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49993.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49993.json index 673652959c8..ec3f79756ee 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49993.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49993.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49993", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:25.470", - "lastModified": "2025-06-20T15:15:25.470", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Cookie Script Cookie-Script.com allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cookie-Script.com: from n/a through 1.2.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de autorizaci\u00f3n en Cookie Script Cookie-Script.com permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Cookie-Script.com desde la versi\u00f3n n/d hasta la 1.2.1. " } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49995.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49995.json index b47c11869cb..cd7ac9141a3 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49995.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49995.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49995", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:25.620", - "lastModified": "2025-06-20T15:15:25.620", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Download Attachments: from n/a through 1.3.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de una clave controlada por el usuario en dFactory Download Attachments permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los archivos adjuntos de descarga desde la versi\u00f3n n/d hasta la 1.3.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49996.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49996.json index 97958a9df8d..dd14c4cba40 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49996.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49996.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49996", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:25.767", - "lastModified": "2025-06-20T15:15:25.767", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en osama.esh WP Visitor Statistics (Real Time Traffic) permite acceder a funcionalidades no restringidas correctamente por las ACL. Este problema afecta a WP Visitor Statistics (Tr\u00e1fico en tiempo real): desde n/d hasta la versi\u00f3n 7.8." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49997.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49997.json index 667b79007a8..e27cca2f1c6 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49997.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49997.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49997", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:25.917", - "lastModified": "2025-06-20T15:15:25.917", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Syed Balkhi Giveaways and Contests by RafflePress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.17." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Syed Balkhi Giveaways and Contests by RafflePress permite acceder a funcionalidades no restringidas correctamente por las ACL. Este problema afecta a los sorteos y concursos de RafflePress desde n/d hasta la versi\u00f3n 1.12.17. " } ], "metrics": { diff --git a/CVE-2025/CVE-2025-499xx/CVE-2025-49998.json b/CVE-2025/CVE-2025-499xx/CVE-2025-49998.json index 2c9881d99ce..bbac42e3396 100644 --- a/CVE-2025/CVE-2025-499xx/CVE-2025-49998.json +++ b/CVE-2025/CVE-2025-499xx/CVE-2025-49998.json @@ -2,13 +2,17 @@ "id": "CVE-2025-49998", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:26.063", - "lastModified": "2025-06-20T15:15:26.063", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Wetail WooCommerce Fortnox Integration allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Wetail WooCommerce Fortnox Integration permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a la integraci\u00f3n de WooCommerce Fortnox desde la versi\u00f3n n/d hasta la 4.5.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-49xx/CVE-2025-4965.json b/CVE-2025/CVE-2025-49xx/CVE-2025-4965.json index f7a8f9e6b48..f51db642857 100644 --- a/CVE-2025/CVE-2025-49xx/CVE-2025-4965.json +++ b/CVE-2025/CVE-2025-49xx/CVE-2025-4965.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4965", "sourceIdentifier": "security@wordfence.com", "published": "2025-06-19T07:15:30.313", - "lastModified": "2025-06-19T07:15:30.313", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WPBakery Page Builder para WordPress es vulnerable a Cross-site Scripting almacenado a trav\u00e9s de la funci\u00f3n Grid Builder en todas las versiones hasta la 8.4.1 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de autor o superior, inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-49xx/CVE-2025-4981.json b/CVE-2025/CVE-2025-49xx/CVE-2025-4981.json index 6066aa87c53..f56dfca5a0c 100644 --- a/CVE-2025/CVE-2025-49xx/CVE-2025-4981.json +++ b/CVE-2025/CVE-2025-49xx/CVE-2025-4981.json @@ -2,13 +2,17 @@ "id": "CVE-2025-4981", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-06-20T11:15:20.993", - "lastModified": "2025-06-20T11:15:20.993", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default." + }, + { + "lang": "es", + "value": "Las versiones de Mattermost 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2 y 10.6.x <= 10.6.5 no depuran los nombres de archivo en el extractor de archivos, lo que permite a los usuarios autenticados escribir archivos en ubicaciones arbitrarias del sistema de archivos mediante la carga de archivos con secuencias de path traversal en los nombres de archivo, lo que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad afecta a las instancias donde la carga de archivos y la b\u00fasqueda de documentos por contenido est\u00e1n habilitadas (FileSettings.EnableFileAttachments = true y FileSettings.ExtractContent = true). Estas opciones de configuraci\u00f3n est\u00e1n habilitadas por defecto." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50008.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50008.json index 1d805b70b52..646e45e2b0e 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50008.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50008.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50008", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:26.210", - "lastModified": "2025-06-20T15:15:26.210", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in cscode WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily: from n/a through 1.2.4.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en cscode WooCommerce Manager \u2013 Customize and Control Cart page, Add to Cart button, Checkout fields easily permite explotar f\u00e1cilmente los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WooCommerce Manager (Personalizar y controlar la p\u00e1gina del carrito, el bot\u00f3n A\u00f1adir al carrito y los campos de pago): desde n/d hasta la versi\u00f3n 1.2.4.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50009.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50009.json index 2ae3095c891..d7829661b10 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50009.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50009.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50009", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:26.360", - "lastModified": "2025-06-20T15:15:26.360", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Climax Themes Kata Plus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Kata Plus: from n/a through 1.5.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Climax Themes Kata Plus permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Kata Plus desde la versi\u00f3n n/d hasta la 1.5.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50010.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50010.json index 9eb1e090f58..9f8eeb79ce0 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50010.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50010.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50010", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:26.507", - "lastModified": "2025-06-20T15:15:26.507", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Zapier Zapier for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zapier for WordPress: from n/a through 1.5.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de falta de autorizaci\u00f3n en Zapier Zapier for WordPress permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Zapier para WordPress desde la versi\u00f3n n/d hasta la 1.5.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50011.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50011.json index f4981f88546..45df9166852 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50011.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50011.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50011", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:26.647", - "lastModified": "2025-06-20T15:15:26.647", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in F\u00e9lix Mart\u00ednez Recipes manager - WPH allows Stored XSS. This issue affects Recipes manager - WPH: from n/a through 1.0.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en F\u00e9lix Mart\u00ednez Recipes manager - WPH permite XSS almacenado. Este problema afecta al gestor de recetas (WPH) desde n/d hasta la versi\u00f3n 1.0.4." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50012.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50012.json index 0eb9d6cf6bc..1eeb1cdaf23 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50012.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50012.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50012", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:26.797", - "lastModified": "2025-06-20T15:15:26.797", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fridaysystems Inventory Presser allows Stored XSS. This issue affects Inventory Presser: from n/a through 15.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en fridaysystems Inventory Presser permite XSS almacenado. Este problema afecta a Inventory Presser desde n/d hasta la versi\u00f3n 15.0.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50013.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50013.json index 37de6ed6bbf..113208279e2 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50013.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50013.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50013", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:26.950", - "lastModified": "2025-06-20T15:15:26.950", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Judge CSV Importer Improved allows Stored XSS. This issue affects CSV Importer Improved: from n/a through 0.6.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Jason Judge CSV Importer Improved permite XSS almacenado. Este problema afecta a CSV Importer Improved: desde n/d hasta la versi\u00f3n 0.6.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50014.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50014.json index 35e92a5fc2c..c0069d88723 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50014.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50014.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50014", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:27.110", - "lastModified": "2025-06-20T15:15:27.110", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan PDPA Consent for Thailand allows Stored XSS. This issue affects PDPA Consent for Thailand: from n/a through 1.1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en iamapinan PDPA Consent for Thailand permite XSS almacenado. Este problema afecta al consentimiento PDPA para Tailandia desde n/d hasta la versi\u00f3n 1.1.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50015.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50015.json index c2cc52e00ff..fac5e8fa378 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50015.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50015.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50015", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:27.253", - "lastModified": "2025-06-20T15:15:27.253", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rodrigo Bastos Hand Talk allows Stored XSS. This issue affects Hand Talk: from n/a through 6.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Rodrigo Bastos Hand Talk permite XSS almacenado. Este problema afecta a Hand Talk desde n/d hasta la versi\u00f3n 6.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50016.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50016.json index cd8c553797e..dac8a687a27 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50016.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50016.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50016", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:27.400", - "lastModified": "2025-06-20T15:15:27.400", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brijeshk89 IP Based Login allows Stored XSS. This issue affects IP Based Login: from n/a through 2.4.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en brijeshk89 IP Based Login permite XSS almacenado. Este problema afecta al inicio de sesi\u00f3n basado en IP desde n/d hasta la versi\u00f3n 2.4.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50017.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50017.json index b3f77d0739e..ea166134dc4 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50017.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50017.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50017", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:27.547", - "lastModified": "2025-06-20T15:15:27.547", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt WP Voting Contest allows Stored XSS. This issue affects WP Voting Contest: from n/a through 5.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Matt WP Voting Contest permite XSS almacenado. Este problema afecta a WP Voting Contest desde n/d hasta la versi\u00f3n 5.8." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50018.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50018.json index d30d961060a..d3c5329c455 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50018.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50018.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50018", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:27.690", - "lastModified": "2025-06-20T15:15:27.690", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tealium Tealium allows Stored XSS. This issue affects Tealium: from n/a through 2.1.17." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Tealium Tealium permite XSS almacenado. Este problema afecta a Tealium desde n/d hasta la versi\u00f3n 2.1.17." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50019.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50019.json index f0f71e7fcda..5f1b6830fdb 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50019.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50019.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50019", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:27.837", - "lastModified": "2025-06-20T15:15:27.837", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sandor Kovacs Simple Sticky Footer allows Stored XSS. This issue affects Simple Sticky Footer : from n/a through 1.3.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Sandor Kovacs Simple Sticky Footer permite XSS almacenado. Este problema afecta a Simple Sticky Footer desde n/d hasta la versi\u00f3n 1.3.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50020.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50020.json index 0d1e01d7c00..8803596ac2f 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50020.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50020.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50020", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:27.970", - "lastModified": "2025-06-20T15:15:27.970", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nitin Yawalkar RDFa Breadcrumb allows Stored XSS. This issue affects RDFa Breadcrumb: from n/a through 2.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Nitin Yawalkar RDFa Breadcrumb permite XSS almacenado. Este problema afecta a RDFa Breadcrumb desde n/d hasta la versi\u00f3n 2.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50021.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50021.json index e430b1470af..6a21ef6e321 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50021.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50021.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50021", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:28.110", - "lastModified": "2025-06-20T15:15:28.110", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Peake Better Random Redirect allows Stored XSS. This issue affects Better Random Redirect: from n/a through 1.3.20." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Robert Peake Better Random Redirect permite XSS almacenado. Este problema afecta a Better Random Redirect desde n/d hasta la versi\u00f3n 1.3.20." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50022.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50022.json index ef65c713d1f..b99e21a8935 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50022.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50022.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50022", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:28.257", - "lastModified": "2025-06-20T15:15:28.257", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in justin_k WP-FB-AutoConnect allows Stored XSS. This issue affects WP-FB-AutoConnect: from n/a through 4.6.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en justin_k WP-FB-AutoConnect permite XSS almacenado. Este problema afecta a WP-FB-AutoConnect desde la versi\u00f3n n/d hasta la 4.6.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50023.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50023.json index 6342f5dc074..ce62c108a23 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50023.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50023.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50023", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:28.403", - "lastModified": "2025-06-20T15:15:28.403", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Coyier CodePen Embed Block allows Stored XSS. This issue affects CodePen Embed Block: from n/a through 1.1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Chris Coyier CodePen Embed Block permite XSS almacenado. Este problema afecta al bloque de inserci\u00f3n de CodePen desde n/d hasta la versi\u00f3n 1.1.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50024.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50024.json index 7509e4f3988..615f4e89e1d 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50024.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50024.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50024", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:28.550", - "lastModified": "2025-06-20T15:15:28.550", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Truong Thanh ATP Call Now allows Stored XSS. This issue affects ATP Call Now: from n/a through 1.0.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Truong Thanh ATP Call Now permite XSS almacenado. Este problema afecta a ATP Call Now desde n/d hasta la versi\u00f3n 1.0.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50025.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50025.json index 1aaac6c87db..e580fee8874 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50025.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50025.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50025", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:28.737", - "lastModified": "2025-06-20T15:15:28.737", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls allows Stored XSS. This issue affects CP Polls: from n/a through 1.0.81." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en codepeople CP Polls permite XSS almacenado. Este problema afecta a CP Polls desde n/d hasta la versi\u00f3n 1.0.81." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50026.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50026.json index f5d5c7c645e..3713e955c3e 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50026.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50026.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50026", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:28.907", - "lastModified": "2025-06-20T15:15:28.907", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spoki Spoki allows Stored XSS. This issue affects Spoki: from n/a through 2.16.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en spoki Spoki permite XSS almacenado. Este problema afecta a Spoki desde la versi\u00f3n n/d hasta la 2.16.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50027.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50027.json index 71c897b29df..ce156039084 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50027.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50027.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50027", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:29.053", - "lastModified": "2025-06-20T15:15:29.053", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xootix Login/Signup Popup allows Stored XSS. This issue affects Login/Signup Popup: from n/a through 2.9.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en xootix Login/Signup Popup permite XSS almacenado. Este problema afecta a la ventana emergente de inicio de sesi\u00f3n/registro desde n/d hasta la versi\u00f3n 2.9.4." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50030.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50030.json index 4b19acf396c..be0c7fafe33 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50030.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50030.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50030", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:29.197", - "lastModified": "2025-06-20T15:15:29.197", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Spark Multipurpose allows DOM-Based XSS. This issue affects Spark Multipurpose: from n/a through 1.0.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Sparkle Themes Spark Multipurpose permite XSS basado en DOM. Este problema afecta a Spark Multipurpose desde n/d hasta la versi\u00f3n 1.0.7." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50033.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50033.json index a86fb0ef6e3..06e2fb76b20 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50033.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50033.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50033", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:29.350", - "lastModified": "2025-06-20T15:15:29.350", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Fitness Park allows DOM-Based XSS. This issue affects Fitness Park: from n/a through 1.1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Sparkle Themes Fitness Park permite XSS basado en DOM. Este problema afecta a Fitness Park desde n/d hasta la versi\u00f3n 1.1.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50034.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50034.json index a698c6d7800..4ac22a49932 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50034.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50034.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50034", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:29.533", - "lastModified": "2025-06-20T15:15:29.533", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in Mahmudul Hasan Arif Enhanced Blocks – Page Builder Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Enhanced Blocks – Page Builder Blocks for Gutenberg: from n/a through 1.4.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Mahmudul Hasan Arif Enhanced Blocks \u2013 Page Builder Blocks for Gutenberg permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a los Bloques Mejorados (Bloques del Constructor de P\u00e1ginas para Gutenberg) desde n/d hasta la versi\u00f3n 1.4.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50035.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50035.json index 7289183e0f6..87fc82d0593 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50035.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50035.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50035", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:29.687", - "lastModified": "2025-06-20T15:15:29.687", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 3.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en CyrilG Fyrebox Quizzes permite XSS almacenado. Este problema afecta a Fyrebox Quizzes desde n/d hasta la versi\u00f3n 3.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50036.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50036.json index 9c48bd7bb52..f60fddde1bb 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50036.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50036.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50036", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:29.837", - "lastModified": "2025-06-20T15:15:29.837", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Yamna Khawaja Mailing Group Listserv allows Cross Site Request Forgery. This issue affects Mailing Group Listserv: from n/a through 3.0.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Yamna Khawaja Mailing Group Listserv permite Cross-Site Request Forgery. Este problema afecta al servidor de listas de correo desde la versi\u00f3n n/d hasta la 3.0.5. " } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50037.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50037.json index 03b05c7bb06..65018e2d837 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50037.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50037.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50037", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:29.980", - "lastModified": "2025-06-20T15:15:29.980", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Buying Buddy Buying Buddy IDX CRM allows DOM-Based XSS. This issue affects Buying Buddy IDX CRM: from n/a through 2.3.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Buying Buddy Buying Buddy IDX CRM permite XSS basado en DOM. Este problema afecta a Buying Buddy IDX CRM desde n/d hasta la versi\u00f3n 2.3.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50038.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50038.json index a9ddea9b0c6..2153ec23875 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50038.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50038.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50038", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:30.130", - "lastModified": "2025-06-20T15:15:30.130", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anantaddons Anant Addons for Elementor allows Stored XSS. This issue affects Anant Addons for Elementor: from n/a through 1.2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en anantaddons Anant Addons for Elementor permite XSS almacenado. Este problema afecta a Anant Addons para Elementor desde n/d hasta la versi\u00f3n 1.2.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50041.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50041.json index 4c107ca783c..f438ce33529 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50041.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50041.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50041", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:30.277", - "lastModified": "2025-06-20T15:15:30.277", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Engine Gutenberg Blocks \u2013 ACF Blocks Suite allows Stored XSS. This issue affects Gutenberg Blocks \u2013 ACF Blocks Suite: from n/a through 2.6.11." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WP Engine Gutenberg Blocks \u2013 ACF Blocks Suite permite XSS almacenado. Este problema afecta a Gutenberg Blocks \u2013 ACF Blocks Suite desde n/d hasta la versi\u00f3n 2.6.11." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50042.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50042.json index 80e49a54507..32aaa6b2f30 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50042.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50042.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50042", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:30.430", - "lastModified": "2025-06-20T15:15:30.430", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com WP Register Profile With Shortcode allows Stored XSS. This issue affects WP Register Profile With Shortcode: from n/a through 3.6.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en aviplugins.com WP Register Profile With Shortcode permite XSS almacenado. Este problema afecta a WP Register Profile With Shortcode desde la versi\u00f3n n/d hasta la 3.6.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50043.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50043.json index c3dcde514c3..a665b39b2d5 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50043.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50043.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50043", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:30.577", - "lastModified": "2025-06-20T15:15:30.577", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Code Engine allows Stored XSS. This issue affects Code Engine: from n/a through 0.3.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Jordy Meow Code Engine permite XSS almacenado. Este problema afecta a Code Engine desde n/d hasta la versi\u00f3n 0.3.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50044.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50044.json index 73a3ae8b5ec..a0a6676a6bb 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50044.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50044.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50044", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:30.717", - "lastModified": "2025-06-20T15:15:30.717", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager allows Cross Site Request Forgery. This issue affects Real Estate Manager: from n/a through 7.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Rameez Iqbal Real Estate Manager permite Cross-Site Request Forgery. Este problema afecta a Real Estate Manager desde n/d hasta la versi\u00f3n 7.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50045.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50045.json index a3a15fc206b..1dc41423094 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50045.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50045.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50045", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:30.863", - "lastModified": "2025-06-20T15:15:30.863", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Related Products Manager for WooCommerce allows DOM-Based XSS. This issue affects Related Products Manager for WooCommerce: from n/a through 1.6.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ProWCPlugins Related Products Manager for WooCommerce permite XSS basado en DOM. Este problema afecta al Administrador de Productos Relacionados para WooCommerce desde n/d hasta la versi\u00f3n 1.6.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50046.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50046.json index 8e48254e7ed..7c076661e7d 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50046.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50046.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50046", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:31.003", - "lastModified": "2025-06-20T15:15:31.003", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP WPComplete allows Stored XSS. This issue affects WPComplete: from n/a through 2.9.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en StellarWP WPComplete permite XSS almacenado. Este problema afecta a WPComplete desde la versi\u00f3n n/d hasta la 2.9.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50047.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50047.json index 708224eae33..1b51f30e47e 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50047.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50047.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50047", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:31.150", - "lastModified": "2025-06-20T15:15:31.150", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Sitekit allows Stored XSS. This issue affects Sitekit: from n/a through 1.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Webvitaly Sitekit que permite XSS almacenado. Este problema afecta a Sitekit desde n/d hasta la versi\u00f3n 1.9." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50048.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50048.json index 9a99aa20ef3..b9eaa9607d3 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50048.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50048.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50048", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:31.297", - "lastModified": "2025-06-20T15:15:31.297", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS. This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Atakan Au Automatically Hierarchic Categories in Menu permite XSS almacenado. Este problema afecta a la jerarquizaci\u00f3n autom\u00e1tica de categor\u00edas en el men\u00fa desde n/d hasta la versi\u00f3n 2.0.9." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50049.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50049.json index 914fd724138..83c0b2ee4d2 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50049.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50049.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50049", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:31.440", - "lastModified": "2025-06-20T15:15:31.440", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prismtechstudios Modern Footnotes allows Stored XSS. This issue affects Modern Footnotes: from n/a through 1.4.19." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en prismtechstudios Modern Footnotes permite XSS almacenado. Este problema afecta a Modern Footnotes desde n/d hasta la versi\u00f3n 1.4.19." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50050.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50050.json index 14eb20e7bd5..e2d1db658bb 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50050.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50050.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50050", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:31.590", - "lastModified": "2025-06-20T15:15:31.590", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress allows Stored XSS. This issue affects Jobs for WordPress: from n/a through 2.7.12." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') BlueGlass Interactive AG Jobs for WordPress permite XSS almacenado. Este problema afecta a Jobs for WordPress desde la versi\u00f3n n/d hasta la 2.7.12." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50051.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50051.json index f4fc7ef0d38..bd57ce0f456 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50051.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50051.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50051", "sourceIdentifier": "audit@patchstack.com", "published": "2025-06-20T15:15:31.747", - "lastModified": "2025-06-20T15:15:31.747", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chad Butler WP-Members allows Stored XSS. This issue affects WP-Members: from n/a through 3.5.4." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chad Butler WP-Members allows Stored XSS.This issue affects WP-Members: from n/a through 3.5.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Chad Butler WP-Members permite XSS almacenado. Este problema afecta a WP-Members desde n/d hasta la versi\u00f3n 3.5.4." } ], "metrics": { @@ -38,7 +42,7 @@ "weaknesses": [ { "source": "audit@patchstack.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-500xx/CVE-2025-50054.json b/CVE-2025/CVE-2025-500xx/CVE-2025-50054.json index 10c564e64d8..a0410597886 100644 --- a/CVE-2025/CVE-2025-500xx/CVE-2025-50054.json +++ b/CVE-2025/CVE-2025-500xx/CVE-2025-50054.json @@ -2,8 +2,8 @@ "id": "CVE-2025-50054", "sourceIdentifier": "security@openvpn.net", "published": "2025-06-20T07:15:26.367", - "lastModified": "2025-06-20T07:15:26.367", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:40.143", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -15,7 +15,30 @@ "value": "El desbordamiento de b\u00fafer en OpenVPN ovpn-dco-win versi\u00f3n 1.3.0 y anteriores y versi\u00f3n 2.5.8 y anteriores permite que un proceso de usuario local env\u00ede un b\u00fafer de mensaje de control demasiado grande al controlador del kernel, lo que provoca un bloqueo del sistema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "security@openvpn.net", diff --git a/CVE-2025/CVE-2025-501xx/CVE-2025-50181.json b/CVE-2025/CVE-2025-501xx/CVE-2025-50181.json index 2977bc8190e..616e2f70db5 100644 --- a/CVE-2025/CVE-2025-501xx/CVE-2025-50181.json +++ b/CVE-2025/CVE-2025-501xx/CVE-2025-50181.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50181", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-19T01:15:24.453", - "lastModified": "2025-06-19T01:15:24.453", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0." + }, + { + "lang": "es", + "value": "urllib3 es una librer\u00eda cliente HTTP intuitiva para Python. Antes de la versi\u00f3n 2.5.0, era posible deshabilitar las redirecciones para todas las solicitudes instanciando un PoolManager y especificando reintentos para deshabilitarlas. Por defecto, las solicitudes y los usuarios de botocore no se ven afectados. Una aplicaci\u00f3n que intente mitigar vulnerabilidades de SSRF o de redirecci\u00f3n abierta deshabilitando las redirecciones a nivel de PoolManager seguir\u00e1 siendo vulnerable. Este problema se ha corregido en la versi\u00f3n 2.5.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-501xx/CVE-2025-50182.json b/CVE-2025/CVE-2025-501xx/CVE-2025-50182.json index b3bd8cce07b..111843ee496 100644 --- a/CVE-2025/CVE-2025-501xx/CVE-2025-50182.json +++ b/CVE-2025/CVE-2025-501xx/CVE-2025-50182.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50182", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-19T02:15:17.967", - "lastModified": "2025-06-19T02:15:17.967", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0." + }, + { + "lang": "es", + "value": "urllib3 es una librer\u00eda cliente HTTP intuitiva para Python. Antes de la versi\u00f3n 2.5.0, urllib3 no controlaba las redirecciones en navegadores ni en Node.js. urllib3 admite su uso en un entorno de ejecuci\u00f3n de Pyodide mediante la API Fetch de JavaScript o recurriendo a XMLHttpRequest. Esto significa que las librer\u00edas de Python pueden usarse para realizar solicitudes HTTP desde un navegador o Node.js. Adem\u00e1s, urllib3 proporciona un mecanismo para controlar las redirecciones, pero los reintentos y los par\u00e1metros de redirecci\u00f3n se ignoran con Pyodide; el propio entorno de ejecuci\u00f3n determina el comportamiento de la redirecci\u00f3n. Este problema se ha corregido en la versi\u00f3n 2.5.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-501xx/CVE-2025-50183.json b/CVE-2025/CVE-2025-501xx/CVE-2025-50183.json index 273afd47de7..a0922a88e58 100644 --- a/CVE-2025/CVE-2025-501xx/CVE-2025-50183.json +++ b/CVE-2025/CVE-2025-501xx/CVE-2025-50183.json @@ -2,13 +2,17 @@ "id": "CVE-2025-50183", "sourceIdentifier": "security-advisories@github.com", "published": "2025-06-19T03:15:25.717", - "lastModified": "2025-06-19T03:15:25.717", - "vulnStatus": "Received", + "lastModified": "2025-06-23T20:16:59.783", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in