admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-30T20:00:12.116258+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-30 20:03:48 +00:00
parent cde2587239
commit 24ed880938
436 changed files with 3177 additions and 1387 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2013/CVE-2013-14xx/CVE-2013-1424.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2013-1424",
"sourceIdentifier": "security@debian.org",
"published": "2025-06-26T20:15:25.090",
"lastModified": "2025-06-26T21:15:26.410",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:39:09.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en matplotlib. Este problema afecta a matplotlib: antes del commit ascendente ba4016014cb4fb4927e36ce8ea429fed47dcb787."
}
],
"metrics": {

4
CVE-2014/CVE-2014-04xx/CVE-2014-0468.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-0468",
"sourceIdentifier": "security@debian.org",
"published": "2025-06-26T21:15:27.527",
"lastModified": "2025-06-27T15:15:22.890",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:39:09.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2014/CVE-2014-62xx/CVE-2014-6274.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-6274",
"sourceIdentifier": "security@debian.org",
"published": "2025-06-26T21:15:27.647",
"lastModified": "2025-06-27T19:15:29.037",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2014/CVE-2014-72xx/CVE-2014-7210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-7210",
"sourceIdentifier": "security@debian.org",
"published": "2025-06-26T21:15:27.757",
"lastModified": "2025-06-27T19:15:30.443",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2015/CVE-2015-08xx/CVE-2015-0842.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-0842",
"sourceIdentifier": "security@debian.org",
"published": "2025-06-26T22:15:24.503",
"lastModified": "2025-06-27T19:15:30.677",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2015/CVE-2015-08xx/CVE-2015-0843.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-0843",
"sourceIdentifier": "security@debian.org",
"published": "2025-06-26T22:15:24.613",
"lastModified": "2025-06-27T19:15:30.873",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2015/CVE-2015-08xx/CVE-2015-0849.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2015-0849",
"sourceIdentifier": "security@debian.org",
"published": "2025-06-26T22:15:24.717",
"lastModified": "2025-06-26T22:15:24.717",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability."
},
{
"lang": "es",
"value": "Las versiones anteriores a 1.0 de Pycode-browser son propensas a una predecible vulnerabilidad de archivos temporales."
}
],
"metrics": {},

8
CVE-2015/CVE-2015-201xx/CVE-2015-20112.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2015-20112",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-29T21:15:22.210",
"lastModified": "2025-06-29T21:15:22.210",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network."
},
{
"lang": "es",
"value": "RLPx 5 cuenta con dos flujos CTR basados en la misma clave, IV y nonce. Esto facilita el descifrado en una red privada."
}
],
"metrics": {

52
CVE-2022/CVE-2022-380xx/CVE-2022-38057.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38057",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-25T12:15:08.010",
"lastModified": "2024-11-21T07:15:40.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:51:07.507",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -61,14 +81,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themehunk:th_advance_product_search:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.2",
"matchCriteriaId": "EBD19186-231F-4754-BF68-F8FC8039C64E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/th-advance-product-search/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/th-advance-product-search/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-259xx/CVE-2023-25998.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25998",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:26.157",
"lastModified": "2025-06-27T12:15:26.157",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2023/CVE-2023-289xx/CVE-2023-28902.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28902",
"sourceIdentifier": "cve@asrg.io",
"published": "2025-06-28T16:15:21.160",
"lastModified": "2025-06-28T16:15:21.160",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause denial-of-service of the infotainment system.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources."
},
{
"lang": "es",
"value": "Un subdesbordamiento de enteros en el binario de procesamiento de im\u00e1genes de la unidad de infoentretenimiento MIB3 permite a un atacante con acceso local al veh\u00edculo provocar una denegaci\u00f3n de servicio del sistema de infoentretenimiento. La vulnerabilidad se descubri\u00f3 originalmente en el Skoda Superb III con unidad de infoentretenimiento MIB3 con n\u00famero de pieza OEM 3V0035820. La lista de n\u00fameros de pieza OEM MIB3 afectados se proporciona en los recursos referenciados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-289xx/CVE-2023-28903.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28903",
"sourceIdentifier": "cve@asrg.io",
"published": "2025-06-28T16:15:22.087",
"lastModified": "2025-06-28T16:15:22.087",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system."
},
{
"lang": "es",
"value": "Un desbordamiento de entero en el binario de procesamiento de im\u00e1genes de la unidad de infoentretenimiento MIB3 permite que un atacante con acceso local al veh\u00edculo provoque una denegaci\u00f3n de servicio del sistema de infoentretenimiento."
}
],
"metrics": {

8
CVE-2023/CVE-2023-289xx/CVE-2023-28904.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28904",
"sourceIdentifier": "cve@asrg.io",
"published": "2025-06-28T16:15:22.250",
"lastModified": "2025-06-28T16:15:22.250",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic flaw leading to a RAM buffer overflow in the bootloader component of the MIB3 infotainment unit allows an attacker with physical access to the MIB3 ECU to bypass firmware signature verification and run arbitrary code in the infotainment system at boot process."
},
{
"lang": "es",
"value": "Una falla l\u00f3gica que provoca un desbordamiento del b\u00fafer de RAM en el componente del cargador de arranque de la unidad de infoentretenimiento MIB3 permite que un atacante con acceso f\u00edsico a la ECU MIB3 eluda la verificaci\u00f3n de la firma del firmware y ejecute c\u00f3digo arbitrario en el sistema de infoentretenimiento durante el proceso de arranque."
}
],
"metrics": {

8
CVE-2023/CVE-2023-289xx/CVE-2023-28905.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28905",
"sourceIdentifier": "cve@asrg.io",
"published": "2025-06-28T16:15:22.410",
"lastModified": "2025-06-28T16:15:22.410",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer de pila en el binario de procesamiento de im\u00e1genes de la unidad de infoentretenimiento MIB3 permite a un atacante ejecutar c\u00f3digo arbitrario en ella. La vulnerabilidad se descubri\u00f3 originalmente en el Skoda Superb III con la unidad de infoentretenimiento MIB3 con n\u00famero de pieza OEM 3V0035820. La lista de los n\u00fameros de pieza OEM MIB3 afectados se proporciona en los recursos referenciados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-289xx/CVE-2023-28906.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28906",
"sourceIdentifier": "cve@asrg.io",
"published": "2025-06-28T16:15:22.573",
"lastModified": "2025-06-28T16:15:22.573",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection in the networking service of the MIB3 infotainment allows an attacker already presenting in the system to escalate privileges and obtain administrative access to the system.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources."
},
{
"lang": "es",
"value": "Una inyecci\u00f3n de comandos en el servicio de red del sistema de infoentretenimiento MIB3 permite a un atacante presente en el sistema escalar privilegios y obtener acceso administrativo. La vulnerabilidad se descubri\u00f3 originalmente en el Skoda Superb III con unidad de infoentretenimiento MIB3 con n\u00famero de pieza OEM 3V0035820. La lista de n\u00fameros de pieza OEM MIB3 afectados se proporciona en los recursos referenciados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-289xx/CVE-2023-28907.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28907",
"sourceIdentifier": "cve@asrg.io",
"published": "2025-06-28T16:15:22.740",
"lastModified": "2025-06-28T16:15:22.740",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is no memory isolation between CPU cores of the MIB3 infotainment. This fact allows an attacker with access to the main operating system to compromise the CPU core responsible for CAN message processing.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources."
},
{
"lang": "es",
"value": "No existe aislamiento de memoria entre los n\u00facleos de la CPU del sistema de infoentretenimiento MIB3. Esto permite a un atacante con acceso al sistema operativo principal comprometer el n\u00facleo de la CPU responsable del procesamiento de mensajes CAN. La vulnerabilidad se descubri\u00f3 originalmente en el Skoda Superb III con unidad de infoentretenimiento MIB3 con n\u00famero de pieza OEM 3V0035820. La lista de los n\u00fameros de pieza OEM MIB3 afectados se proporciona en los recursos referenciados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-289xx/CVE-2023-28908.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28908",
"sourceIdentifier": "cve@asrg.io",
"published": "2025-06-28T16:15:22.910",
"lastModified": "2025-06-28T16:15:22.910",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving non-fragmented HCI packets on a channel.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources."
},
{
"lang": "es",
"value": "Existe una falla espec\u00edfica en la pila Bluetooth del sistema de infoentretenimiento MIB3. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar un desbordamiento de enteros al recibir paquetes HCI no fragmentados en un canal. La vulnerabilidad se descubri\u00f3 originalmente en el Skoda Superb III con unidad de infoentretenimiento MIB3 con n\u00famero de pieza OEM 3V0035820. La lista de n\u00fameros de pieza OEM MIB3 afectados se proporciona en los recursos referenciados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-289xx/CVE-2023-28909.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28909",
"sourceIdentifier": "cve@asrg.io",
"published": "2025-06-28T16:15:23.080",
"lastModified": "2025-06-28T16:15:23.080",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A specific flaw exists within the Bluetooth stack of the MIB3 unit. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving fragmented HCI packets on a channel. An attacker can leverage this vulnerability to bypass the MTU check on a channel with enabled fragmentation. Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources."
},
{
"lang": "es",
"value": "Existe una falla espec\u00edfica en la pila Bluetooth de la unidad MIB3. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar un desbordamiento de enteros al recibir paquetes HCI fragmentados en un canal. Un atacante puede aprovechar esta vulnerabilidad para eludir la comprobaci\u00f3n de MTU en un canal con la fragmentaci\u00f3n habilitada. En consecuencia, esto puede provocar un desbordamiento de b\u00fafer en los perfiles de capa superior, lo que puede utilizarse para obtener ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad se descubri\u00f3 originalmente en el Skoda Superb III con unidad de infoentretenimiento MIB3 con n\u00famero de pieza OEM 3V0035820. La lista de los n\u00fameros de pieza OEM MIB3 afectados se proporciona en los recursos referenciados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-289xx/CVE-2023-28910.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28910",
"sourceIdentifier": "cve@asrg.io",
"published": "2025-06-28T16:15:23.253",
"lastModified": "2025-06-28T16:15:23.253",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources."
},
{
"lang": "es",
"value": "Existe una falla espec\u00edfica en la pila Bluetooth del sistema de infoentretenimiento MIB3. El problema se debe a la desactivaci\u00f3n del indicador de interrupci\u00f3n, lo que eventualmente provoca la omisi\u00f3n de las funciones de aserci\u00f3n. La vulnerabilidad se descubri\u00f3 originalmente en el Skoda Superb III con unidad de infoentretenimiento MIB3 con n\u00famero de pieza OEM 3V0035820. La lista de n\u00fameros de pieza OEM MIB3 afectados se proporciona en los recursos de referencia."
}
],
"metrics": {

8
CVE-2023/CVE-2023-289xx/CVE-2023-28911.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28911",
"sourceIdentifier": "cve@asrg.io",
"published": "2025-06-28T16:15:23.423",
"lastModified": "2025-06-28T16:15:23.423",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every connected client of the infotainment device.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources."
},
{
"lang": "es",
"value": "Existe una falla espec\u00edfica en la pila Bluetooth del sistema de infoentretenimiento MIB3. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar la desconexi\u00f3n arbitraria de un canal. Un atacante puede aprovechar esta vulnerabilidad para lanzar un ataque de denegaci\u00f3n de servicio (DPS) a cada cliente conectado al dispositivo de infoentretenimiento. La vulnerabilidad se descubri\u00f3 originalmente en el Skoda Superb III con unidad de infoentretenimiento MIB3 con n\u00famero de pieza OEM 3V0035820. La lista de n\u00fameros de pieza OEM MIB3 afectados se proporciona en los recursos referenciados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-289xx/CVE-2023-28912.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-28912",
"sourceIdentifier": "cve@asrg.io",
"published": "2025-06-28T16:15:23.583",
"lastModified": "2025-06-28T16:15:23.583",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system to obtain vehicle owner's contact data.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources."
},
{
"lang": "es",
"value": "La unidad MIB3 almacena la agenda telef\u00f3nica sincronizada en texto plano, lo que permite a un atacante con privilegios de ejecuci\u00f3n de c\u00f3digo o acceso f\u00edsico al sistema obtener los datos de contacto del propietario del veh\u00edculo. La vulnerabilidad se descubri\u00f3 originalmente en el Skoda Superb III con unidad de infoentretenimiento MIB3 con n\u00famero de pieza OEM 3V0035820. La lista de n\u00fameros de pieza OEM MIB3 afectados se proporciona en los recursos referenciados."
}
],
"metrics": {

8
CVE-2023/CVE-2023-291xx/CVE-2023-29113.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-29113",
"sourceIdentifier": "cve@asrg.io",
"published": "2025-06-28T16:15:23.750",
"lastModified": "2025-06-28T16:15:23.750",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the system an ability to undermine access control restrictions implemented at the operating system level.\nThe vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources."
},
{
"lang": "es",
"value": "La unidad de infoentretenimiento MIB3 utilizada en veh\u00edculos Skoda y Volkswagen no incorpora separaci\u00f3n de privilegios para el mecanismo propietario de comunicaci\u00f3n entre procesos, lo que permite a los atacantes con presencia en el sistema vulnerar las restricciones de control de acceso implementadas a nivel del sistema operativo. La vulnerabilidad se descubri\u00f3 originalmente en el Skoda Superb III con la unidad de infoentretenimiento MIB3 con n\u00famero de pieza OEM 3V0035820. La lista de los n\u00fameros de pieza OEM MIB3 afectados se proporciona en los recursos referenciados."
}
],
"metrics": {

32
CVE-2023/CVE-2023-340xx/CVE-2023-34001.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34001",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-04T07:15:42.770",
"lastModified": "2024-11-21T08:06:22.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:18:30.733",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpplugins:hide_my_wp_ghost:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.0.26",
"matchCriteriaId": "20618EA8-05C3-4859-8E06-8A1312752311"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-ghost-security-plugin-plugin-5-0-24-captcha-bypass-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/hide-my-wp/wordpress-hide-my-wp-ghost-security-plugin-plugin-5-0-24-captcha-bypass-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-380xx/CVE-2023-38007.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38007",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-27T15:15:24.623",
"lastModified": "2025-06-27T15:15:24.623",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2023/CVE-2023-473xx/CVE-2023-47310.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47310",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-30T15:15:22.493",
"lastModified": "2025-06-30T15:15:22.493",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-117xx/CVE-2024-11739.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11739",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2025-06-27T16:15:23.703",
"lastModified": "2025-06-27T16:15:23.703",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-121xx/CVE-2024-12143.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-12143",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2025-06-27T17:15:32.400",
"lastModified": "2025-06-27T17:15:32.400",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-121xx/CVE-2024-12150.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-12150",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2025-06-27T17:15:32.610",
"lastModified": "2025-06-27T17:15:32.610",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-123xx/CVE-2024-12364.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-12364",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2025-06-27T17:15:32.813",
"lastModified": "2025-06-27T17:15:32.813",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-128xx/CVE-2024-12827.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-12827",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-27T09:15:24.300",
"lastModified": "2025-06-27T09:15:24.300",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-129xx/CVE-2024-12915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-12915",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2025-06-30T16:15:22.647",
"lastModified": "2025-06-30T16:15:22.647",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

45
CVE-2024/CVE-2024-15xx/CVE-2024-1522.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1522",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-03-30T18:15:45.930",
"lastModified": "2024-11-21T08:50:45.060",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:56:13.953",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0",
"versionEndIncluding": "9.2",
"matchCriteriaId": "3C827CC6-8535-41D8-90AE-CA481B395D4D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

32
CVE-2024/CVE-2024-220xx/CVE-2024-22059.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22059",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-05-31T18:15:10.493",
"lastModified": "2024-11-21T08:55:28.760",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:33:46.630",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3",
"matchCriteriaId": "B9EDA427-1086-4F4B-ADDC-DB67810758A3"
}
]
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-220xx/CVE-2024-22060.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22060",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-05-31T18:15:10.660",
"lastModified": "2024-11-21T08:55:28.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:28:16.107",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -51,14 +73,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:neurons_for_itsm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3",
"matchCriteriaId": "B9EDA427-1086-4F4B-ADDC-DB67810758A3"
}
]
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

38
CVE-2024/CVE-2024-239xx/CVE-2024-23928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23928",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T00:15:09.030",
"lastModified": "2025-03-18T18:15:26.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:15:22.163",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -52,6 +82,10 @@
}
],
"references": [
{
"url": "https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1045/",
"source": "ics-cert@hq.dhs.gov"

8
CVE-2024/CVE-2024-239xx/CVE-2024-23929.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23929",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T01:15:09.697",
"lastModified": "2025-06-30T17:15:31.653",
"lastModified": "2025-06-30T18:15:23.333",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -62,7 +62,7 @@
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -111,6 +111,10 @@
}
],
"references": [
{
"url": "https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1044/",
"source": "ics-cert@hq.dhs.gov",

38
CVE-2024/CVE-2024-239xx/CVE-2024-23930.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23930",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T00:15:09.147",
"lastModified": "2025-06-24T17:30:45.050",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-30T18:15:23.490",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -81,6 +111,10 @@
}
],
"references": [
{
"url": "https://jpn.pioneer/ja/car/dl/dmh-sz700_sf700/",
"source": "ics-cert@hq.dhs.gov"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1043/",
"source": "ics-cert@hq.dhs.gov",

34
CVE-2024/CVE-2024-239xx/CVE-2024-23937.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23937",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T00:15:09.257",
"lastModified": "2025-06-18T15:49:04.783",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-30T18:15:23.707",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",

34
CVE-2024/CVE-2024-239xx/CVE-2024-23962.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23962",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T00:15:09.367",
"lastModified": "2025-06-24T17:29:05.963",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-30T18:15:23.927",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",

34
CVE-2024/CVE-2024-239xx/CVE-2024-23963.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23963",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T00:15:09.483",
"lastModified": "2025-06-24T17:28:29.600",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-30T18:15:24.123",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",

34
CVE-2024/CVE-2024-239xx/CVE-2024-23968.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23968",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T00:15:09.593",
"lastModified": "2025-05-01T14:44:29.310",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-30T18:15:24.323",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",

34
CVE-2024/CVE-2024-239xx/CVE-2024-23969.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23969",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T00:15:09.703",
"lastModified": "2025-05-01T14:44:50.397",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-30T18:15:24.517",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",

34
CVE-2024/CVE-2024-239xx/CVE-2024-23970.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23970",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T00:15:09.810",
"lastModified": "2025-05-01T14:44:55.420",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-30T18:15:24.707",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",

34
CVE-2024/CVE-2024-239xx/CVE-2024-23971.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23971",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T00:15:09.920",
"lastModified": "2025-05-01T14:44:59.480",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-30T18:15:24.903",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",

34
CVE-2024/CVE-2024-239xx/CVE-2024-23973.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23973",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T00:15:10.027",
"lastModified": "2025-01-31T19:15:18.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:15:25.103",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",

34
CVE-2024/CVE-2024-247xx/CVE-2024-24731.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24731",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T00:15:10.137",
"lastModified": "2025-01-31T19:15:18.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:15:25.333",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",

8
CVE-2024/CVE-2024-249xx/CVE-2024-24915.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-24915",
"sourceIdentifier": "cve@checkpoint.com",
"published": "2025-06-29T12:15:22.803",
"lastModified": "2025-06-29T12:15:22.803",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them."
},
{
"lang": "es",
"value": "Las credenciales no se borran de la memoria despu\u00e9s de usarlas. Un usuario con permisos de administrador puede ejecutar un volcado de memoria para el proceso de SmartConsole y recuperarlas."
}
],
"metrics": {

76
CVE-2024/CVE-2024-272xx/CVE-2024-27264.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27264",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-05-22T20:15:09.047",
"lastModified": "2024-11-21T09:04:12.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:15:25.157",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -59,22 +79,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD871157-2BB3-4641-B84E-3EA13D24D35A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A49E8C5-7967-42AE-A787-C533D24A63D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "92D03306-B6C9-403E-99A2-CE9D8DC3B482"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:i:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CCB5BF-08EF-472F-A663-5DE270234F10"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284563",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7154595",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/284563",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7154595",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

32
CVE-2024/CVE-2024-301xx/CVE-2024-30192.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30192",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T07:15:54.717",
"lastModified": "2024-11-21T09:11:24.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:47:47.883",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gsplugins:gs_pinterest_portfolio:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.3",
"matchCriteriaId": "78E96875-DD3C-4266-B4D7-CE91C822D58A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gs-pinterest-portfolio/wordpress-pinterest-plugin-1-8-2-cross-site-scripting-xss?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/gs-pinterest-portfolio/wordpress-pinterest-plugin-1-8-2-cross-site-scripting-xss?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

34
CVE-2024/CVE-2024-316xx/CVE-2024-31634.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31634",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-16T04:15:08.463",
"lastModified": "2024-11-21T09:13:46.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:05:48.067",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xunruicms:xunruicms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.6.3",
"matchCriteriaId": "A9953572-AFFE-4CFE-89CC-9EBE07958917"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/buchilajiao1/CVE/blob/main/xunruicms/xunruicms.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/buchilajiao1/CVE/blob/main/xunruicms/xunruicms.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

32
CVE-2024/CVE-2024-349xx/CVE-2024-34949.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34949",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-20T18:15:10.463",
"lastModified": "2024-11-21T09:19:36.760",
"lastModified": "2025-06-30T18:07:11.630",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -51,14 +51,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:likeshop:likeshop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.7",
"matchCriteriaId": "C1B6293A-3888-4311-B063-74239FB8604D"
}
]
}
]
}
],
"references": [
{
"url": "https://charm-august-88a.notion.site/CVE-2024-34949-SQL-injection-vulnerability-in-Likeshop-2-5-7-6139a82f9ab7423c9ef7c95950f68301",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://charm-august-88a.notion.site/CVE-2024-34949-SQL-injection-vulnerability-in-Likeshop-2-5-7-6139a82f9ab7423c9ef7c95950f68301",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-363xx/CVE-2024-36347.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36347",
"sourceIdentifier": "psirt@amd.com",
"published": "2025-06-27T23:15:26.037",
"lastModified": "2025-06-27T23:15:26.037",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-397xx/CVE-2024-39730.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39730",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-28T01:15:24.740",
"lastModified": "2025-06-28T01:15:24.740",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

45
CVE-2024/CVE-2024-43xx/CVE-2024-4399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4399",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-23T06:15:11.577",
"lastModified": "2024-11-21T09:42:46.073",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-30T18:44:29.540",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apereo:central_authentication_service:-:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F0F11555-463A-43E5-B01B-6B0418E22010"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/0690327e-da60-4d71-8b3c-ac9533d82302/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/0690327e-da60-4d71-8b3c-ac9533d82302/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

77
CVE-2024/CVE-2024-44xx/CVE-2024-4456.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4456",
"sourceIdentifier": "security@octopus.com",
"published": "2024-05-08T01:15:06.667",
"lastModified": "2024-12-06T18:15:25.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:04:42.330",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.7,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,14 +71,63 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "2023.4.8338",
"matchCriteriaId": "1405D2C7-05BE-4CE8-B9EB-623F16960B1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:octopus:octopus_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024.1.437",
"versionEndExcluding": "2024.1.11127",
"matchCriteriaId": "7B0CCE44-E13C-4CF8-9D74-A12E180D6825"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://advisories.octopus.com/post/2024/sa2024-04/",
"source": "security@octopus.com"
"source": "security@octopus.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://advisories.octopus.com/post/2024/sa2024-04/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-47xx/CVE-2024-4750.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4750",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-04T06:15:11.960",
"lastModified": "2025-03-27T21:15:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-30T18:22:12.210",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,52 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buddyboss:buddyboss:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.6.0",
"matchCriteriaId": "3FE3839D-F494-45E9-855B-16D414ED369B"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-529xx/CVE-2024-52900.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-52900",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-28T01:15:24.957",
"lastModified": "2025-06-28T01:15:24.957",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "IBM Cognos Analytics 11.2.0 a 12.2.4 Fix Pack 5 y 12.0.0 a 12.0.4 son vulnerables a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios autenticados incrustar c\u00f3digo JavaScript arbitrario en la interfaz web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza."
}
],
"metrics": {

4
CVE-2024/CVE-2024-536xx/CVE-2024-53621.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53621",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-30T15:15:22.727",
"lastModified": "2025-06-30T15:15:22.727",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-84xx/CVE-2024-8419.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8419",
"sourceIdentifier": "info@cert.vde.com",
"published": "2025-06-30T10:15:24.590",
"lastModified": "2025-06-30T10:15:24.590",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-06xx/CVE-2025-0634.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-0634",
"sourceIdentifier": "PSIRT@samsung.com",
"published": "2025-06-30T02:15:20.920",
"lastModified": "2025-06-30T02:15:20.920",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2."
},
{
"lang": "es",
"value": "La vulnerabilidad de Use After Free en Samsung Open Source rLottie permite la inclusi\u00f3n remota de c\u00f3digo. Este problema afecta a rLottie: V0.2."
}
],
"metrics": {

8
CVE-2025/CVE-2025-19xx/CVE-2025-1991.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-1991",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-28T13:15:23.900",
"lastModified": "2025-06-28T13:15:23.900",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets."
},
{
"lang": "es",
"value": "IBM Informix Dynamic Server 12.10, 14.10 y 15.0 podr\u00eda permitir que un atacante remoto provoque una denegaci\u00f3n de servicio debido a un desbordamiento de enteros al procesar paquetes."
}
],
"metrics": {

4
CVE-2025/CVE-2025-239xx/CVE-2025-23967.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-23967",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:30.247",
"lastModified": "2025-06-27T12:15:30.247",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-239xx/CVE-2025-23973.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-23973",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:30.430",
"lastModified": "2025-06-27T12:15:30.430",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-242xx/CVE-2025-24289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24289",
"sourceIdentifier": "support@hackerone.com",
"published": "2025-06-29T20:15:24.787",
"lastModified": "2025-06-30T16:15:23.290",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-242xx/CVE-2025-24290.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24290",
"sourceIdentifier": "support@hackerone.com",
"published": "2025-06-29T20:15:24.930",
"lastModified": "2025-06-30T15:15:23.027",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-242xx/CVE-2025-24292.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24292",
"sourceIdentifier": "support@hackerone.com",
"published": "2025-06-29T20:15:25.050",
"lastModified": "2025-06-30T14:15:23.483",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-247xx/CVE-2025-24760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24760",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:30.623",
"lastModified": "2025-06-27T12:15:30.623",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-247xx/CVE-2025-24765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24765",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:30.817",
"lastModified": "2025-06-27T12:15:30.817",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-247xx/CVE-2025-24769.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24769",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:31.003",
"lastModified": "2025-06-27T12:15:31.003",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-247xx/CVE-2025-24774.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24774",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:31.200",
"lastModified": "2025-06-27T12:15:31.200",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-251xx/CVE-2025-25171.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25171",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:31.387",
"lastModified": "2025-06-27T12:15:31.387",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-251xx/CVE-2025-25173.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25173",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:31.563",
"lastModified": "2025-06-27T12:15:31.563",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

41
CVE-2025/CVE-2025-260xx/CVE-2025-26074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26074",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-30T17:15:31.987",
"lastModified": "2025-06-30T17:15:31.987",
"vulnStatus": "Received",
"lastModified": "2025-06-30T19:15:22.920",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/conductor-oss/conductor",

4
CVE-2025/CVE-2025-273xx/CVE-2025-27361.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27361",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:31.760",
"lastModified": "2025-06-27T12:15:31.760",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-289xx/CVE-2025-28946.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-28946",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:31.950",
"lastModified": "2025-06-27T12:15:31.950",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-289xx/CVE-2025-28947.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-28947",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:32.120",
"lastModified": "2025-06-27T12:15:32.120",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-289xx/CVE-2025-28956.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-28956",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:32.297",
"lastModified": "2025-06-27T12:15:32.297",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-289xx/CVE-2025-28960.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-28960",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:32.473",
"lastModified": "2025-06-27T12:15:32.473",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-289xx/CVE-2025-28970.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-28970",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:32.653",
"lastModified": "2025-06-27T12:15:32.653",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-289xx/CVE-2025-28988.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-28988",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:32.850",
"lastModified": "2025-06-27T12:15:32.850",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-289xx/CVE-2025-28990.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-28990",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:33.033",
"lastModified": "2025-06-27T12:15:33.033",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-289xx/CVE-2025-28993.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-28993",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:33.230",
"lastModified": "2025-06-27T12:15:33.230",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-289xx/CVE-2025-28998.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-28998",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:34.273",
"lastModified": "2025-06-27T12:15:34.273",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in serpednet SERPed.net allows PHP Local File Inclusion. This issue affects SERPed.net: from n/a through 4.6."
},
{
"lang": "es",
"value": "Vulnerabilidad de control incorrecto del nombre de archivo para la instrucci\u00f3n Include/Require en programas PHP ('Inclusi\u00f3n remota de archivos PHP') en serpednet SERPed.net permite la inclusi\u00f3n local de archivos PHP. Este problema afecta a SERPed.net desde n/d hasta la versi\u00f3n 4.6. "
}
],
"metrics": {

4
CVE-2025/CVE-2025-28xx/CVE-2025-2895.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2895",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-30T15:15:23.133",
"lastModified": "2025-06-30T15:15:23.133",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-29xx/CVE-2025-2940.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2940",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-27T09:15:25.250",
"lastModified": "2025-06-27T09:15:25.250",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-309xx/CVE-2025-30972.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-30972",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:35.073",
"lastModified": "2025-06-27T12:15:35.073",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-309xx/CVE-2025-30992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-30992",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:35.260",
"lastModified": "2025-06-27T12:15:35.260",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-310xx/CVE-2025-31067.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-31067",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:35.447",
"lastModified": "2025-06-27T12:15:35.447",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-314xx/CVE-2025-31428.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-31428",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:35.643",
"lastModified": "2025-06-27T12:15:35.643",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-322xx/CVE-2025-32281.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-32281",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:35.850",
"lastModified": "2025-06-27T12:15:35.850",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-322xx/CVE-2025-32298.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-32298",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-06-27T12:15:36.060",
"lastModified": "2025-06-27T12:15:36.060",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-328xx/CVE-2025-32897.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-32897",
"sourceIdentifier": "security@apache.org",
"published": "2025-06-28T19:15:21.917",
"lastModified": "2025-06-30T15:15:23.310",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-360xx/CVE-2025-36026.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-36026",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-28T01:15:25.153",
"lastModified": "2025-06-28T01:15:25.153",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap 9.1.7, 9.1.8, and 9.1.9 \n\ndoes not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic."
},
{
"lang": "es",
"value": "IBM Datacap 9.1.7, 9.1.8 y 9.1.9 no establece el atributo seguro en tokens de autorizaci\u00f3n ni en cookies de sesi\u00f3n. Los atacantes podr\u00edan obtener el valor de las cookies enviando un enlace http:// a un usuario o insertando este enlace en un sitio web al que acceda el usuario. La cookie se enviar\u00e1 al enlace inseguro y el atacante podr\u00e1 obtener el valor de la cookie espiando el tr\u00e1fico."
}
],
"metrics": {

8
CVE-2025/CVE-2025-360xx/CVE-2025-36027.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-36027",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-28T01:15:25.343",
"lastModified": "2025-06-28T01:15:25.343",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Datacap 9.1.7, 9.1.8, and 9.1.9 \n\n\n\ncould allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim."
},
{
"lang": "es",
"value": "IBM Datacap 9.1.7, 9.1.8 y 9.1.9 podr\u00edan permitir que un atacante remoto secuestre la acci\u00f3n de clic de la v\u00edctima. Al persuadir a la v\u00edctima a visitar un sitio web malicioso, un atacante remoto podr\u00eda explotar esta vulnerabilidad para secuestrar sus acciones de clic y posiblemente lanzar nuevos ataques contra ella."
}
],
"metrics": {

4
CVE-2025/CVE-2025-365xx/CVE-2025-36529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-36529",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-06-27T06:15:24.587",
"lastModified": "2025-06-27T06:15:24.587",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

56
CVE-2025/CVE-2025-365xx/CVE-2025-36593.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-36593",
"sourceIdentifier": "security_alert@emc.com",
"published": "2025-06-30T19:15:23.580",
"lastModified": "2025-06-30T19:15:23.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed authentication request."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-294"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000337238/dsa-2025-257-security-update-for-dell-openmanage-network-integration-omni-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

4
CVE-2025/CVE-2025-365xx/CVE-2025-36595.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-36595",
"sourceIdentifier": "security_alert@emc.com",
"published": "2025-06-27T14:15:36.517",
"lastModified": "2025-06-27T14:15:36.517",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-36xx/CVE-2025-3699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3699",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2025-06-26T23:15:22.177",
"lastModified": "2025-06-27T10:15:26.300",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:48.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

33
CVE-2025/CVE-2025-37xx/CVE-2025-3745.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2025-3745",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-06-30T06:15:27.593",
"lastModified": "2025-06-30T06:15:27.593",
"vulnStatus": "Received",
"lastModified": "2025-06-30T19:15:23.747",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users to conduct XSS attacks."
},
{
"lang": "es",
"value": "El complemento WP Lightbox 2 de WordPress anterior a la versi\u00f3n 3.0.6.8 no depura correctamente el valor del atributo de t\u00edtulo de los enlaces antes de usarlos, lo que puede permitir que usuarios maliciosos realicen ataques XSS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/1b50f686-c2e0-4963-95c8-b27137dcc059/",

8
CVE-2025/CVE-2025-380xx/CVE-2025-38084.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-38084",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-06-28T08:15:23.970",
"lastModified": "2025-06-28T08:15:23.970",
"vulnStatus": "Received",
"lastModified": "2025-06-30T18:38:23.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: unshare page tables during VMA split, not before\n\nCurrently, __split_vma() triggers hugetlb page table unsharing through\nvm_ops->may_split(). This happens before the VMA lock and rmap locks are\ntaken - which is too early, it allows racing VMA-locked page faults in our\nprocess and racing rmap walks from other processes to cause page tables to\nbe shared again before we actually perform the split.\n\nFix it by explicitly calling into the hugetlb unshare logic from\n__split_vma() in the same place where THP splitting also happens. At that\npoint, both the VMA and the rmap(s) are write-locked.\n\nAn annoying detail is that we can now call into the helper\nhugetlb_unshare_pmds() from two different locking contexts:\n\n1. from hugetlb_split(), holding:\n - mmap lock (exclusively)\n - VMA lock\n - file rmap lock (exclusively)\n2. hugetlb_unshare_all_pmds(), which I think is designed to be able to\n call us with only the mmap lock held (in shared mode), but currently\n only runs while holding mmap lock (exclusively) and VMA lock\n\nBackporting note:\nThis commit fixes a racy protection that was introduced in commit\nb30c14cd6102 (\"hugetlb: unshare some PMDs when splitting VMAs\"); that\ncommit claimed to fix an issue introduced in 5.13, but it should actually\nalso go all the way back.\n\n[jannh@google.com: v2]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/hugetlb: dejar de compartir tablas de p\u00e1ginas durante la divisi\u00f3n de VMA, no antes. Actualmente, __split_vma() activa la descompartici\u00f3n de la tabla de p\u00e1ginas hugetlb a trav\u00e9s de vm_ops->may_split(). Esto sucede antes de que se tomen los bloqueos de VMA y rmap, lo cual es demasiado pronto, ya que permite que las fallas de p\u00e1gina bloqueadas por VMA en nuestro proceso y los recorridos rmap de otros procesos provoquen que las tablas de p\u00e1ginas se compartan de nuevo antes de que realmente realicemos la divisi\u00f3n. Corr\u00edjalo llamando expl\u00edcitamente a la l\u00f3gica de descompartir hugetlb desde __split_vma() en el mismo lugar donde tambi\u00e9n ocurre la divisi\u00f3n de THP. En ese punto, tanto el VMA como los rmap est\u00e1n bloqueados contra escritura. Un detalle molesto es que ahora podemos llamar al asistente hugetlb_unshare_pmds() desde dos contextos de bloqueo diferentes: 1. desde hugetlb_split(), que contiene: - bloqueo mmap (exclusivamente) - bloqueo VMA - bloqueo rmap de archivo (exclusivamente) 2. hugetlb_unshare_all_pmds(), que creo que est\u00e1 dise\u00f1ado para poder llamarnos con solo el bloqueo mmap mantenido (en modo compartido), pero actualmente solo se ejecuta mientras se mantiene el bloqueo mmap (exclusivamente) y el bloqueo VMA. Nota de retroportaci\u00f3n: Este commit corrige una protecci\u00f3n contra la exposici\u00f3n a riesgos que se introdujo en el commit b30c14cd6102 (\"hugetlb: dejar de compartir algunos PMD al dividir VMA\"); es commit afirmaba corregir un problema introducido en la versi\u00f3n 5.13, pero en realidad tambi\u00e9n deber\u00eda retroceder. [jannh@google.com: v2]"
}
],
"metrics": {},

Some files were not shown because too many files have changed in this diff Show More