admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-06T18:00:19.694569+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-06 18:03:57 +00:00
parent 35ea57cd4b
commit 30f35b8e92
65 changed files with 4387 additions and 530 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2022/CVE-2022-468xx/CVE-2022-46852.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-46852",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-05-03T15:15:11.190",
"lastModified": "2024-11-21T07:31:10.377",
"lastModified": "2025-06-06T17:22:55.973",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -76,9 +76,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wptablebuilder:wp_table_builder:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:dotcamp:wp_table_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.7",
"matchCriteriaId": "DD7E70E2-A0B9-4EE3-BC6E-A6DE121EF165"
"matchCriteriaId": "AB3CC355-9CBB-45C9-8FA7-90F50C5E907B"
}
]
}

78
CVE-2024/CVE-2024-130xx/CVE-2024-13087.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-13087",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:22.573",
"lastModified": "2025-06-06T16:15:22.573",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.4.6.028 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 2.4,
"baseSeverity": "LOW",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-15",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2024/CVE-2024-130xx/CVE-2024-13088.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-13088",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:23.323",
"lastModified": "2025-06-06T16:15:23.323",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.5.0.140 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-15",
"source": "security@qnapsecurity.com.tw"
}
]
}

53
CVE-2024/CVE-2024-333xx/CVE-2024-33373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33373",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-14T16:15:11.223",
"lastModified": "2024-11-21T09:16:51.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:16:30.690",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,63 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lb-link:bl-w1210m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE5136A1-A57B-4FD9-99E5-CF0AF4858486"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:lb-link:bl-w1210m:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56AD7616-0BD9-4DC2-993C-98D8031982D8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Password-Policy-Bypass--%7C--Inconsistent-Password-Policy-%28CVE%E2%80%902024%E2%80%9033373%29",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Password-Policy-Bypass--%7C--Inconsistent-Password-Policy-%28CVE%E2%80%902024%E2%80%9033373%29",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-36xx/CVE-2024-3636.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3636",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-08-05T06:16:41.230",
"lastModified": "2024-08-07T16:35:14.110",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-06T16:15:59.430",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pinpoint:pinpoint_booking_system:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.9.9.4.8",
"matchCriteriaId": "E9C2F3E4-DD1B-48F7-B1D9-86409049A323"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/bab46c28-71aa-4610-9683-361e7b008d37/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-376xx/CVE-2024-37661.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37661",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-17T18:15:17.463",
"lastModified": "2024-11-21T09:24:11.653",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:09:35.177",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,63 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-7dr5130_firmware:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F5880C-2075-4DB8-A06F-953A601B818F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-7dr5130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAE7F7D-EE72-470E-94AC-CAF793520FE7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/tl-7dr5130-redirect.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/tl-7dr5130-redirect.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-376xx/CVE-2024-37662.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37662",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-17T18:15:17.560",
"lastModified": "2024-11-21T09:24:11.867",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:09:55.507",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tl-7dr5130_firmware:1.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F5880C-2075-4DB8-A06F-953A601B818F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tl-7dr5130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAE7F7D-EE72-470E-94AC-CAF793520FE7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ouuan/router-vuln-report/blob/master/nat-rst/tl-7dr5130-nat-rst.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/ouuan/router-vuln-report/blob/master/nat-rst/tl-7dr5130-nat-rst.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-388xx/CVE-2024-38892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38892",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T21:15:26.050",
"lastModified": "2024-11-21T09:26:58.113",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:16:48.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wavlink:wn551k1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "638D4CDE-A83C-4CDA-A7B5-4F66C57A632D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wavlink:wn551k1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8715346B-4E4E-484F-9783-848D215A1F6A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/ExportLogs.sh/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/ExportLogs.sh/README.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-388xx/CVE-2024-38894.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38894",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T21:15:26.137",
"lastModified": "2024-11-21T09:26:58.323",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:16:55.567",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wavlink:wn551k1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "638D4CDE-A83C-4CDA-A7B5-4F66C57A632D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wavlink:wn551k1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8715346B-4E4E-484F-9783-848D215A1F6A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/touchlist_sync.cgi/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/touchlist_sync.cgi/README.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-388xx/CVE-2024-38895.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38895",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T21:15:26.213",
"lastModified": "2024-11-21T09:26:58.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:13:32.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wavlink:wn551k1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "638D4CDE-A83C-4CDA-A7B5-4F66C57A632D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wavlink:wn551k1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8715346B-4E4E-484F-9783-848D215A1F6A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/tree/main/Wavlink/WN551K1/live_mfg.shtml",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/tree/main/Wavlink/WN551K1/live_mfg.shtml",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-388xx/CVE-2024-38896.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38896",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T21:15:26.293",
"lastModified": "2024-11-21T09:26:58.733",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:13:15.750",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wavlink:wn551k1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "638D4CDE-A83C-4CDA-A7B5-4F66C57A632D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wavlink:wn551k1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8715346B-4E4E-484F-9783-848D215A1F6A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/tree/main/Wavlink/WN551K1/nightled.cgi",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/tree/main/Wavlink/WN551K1/nightled.cgi",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-388xx/CVE-2024-38897.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38897",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T21:15:26.377",
"lastModified": "2024-11-21T09:26:58.940",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:10:46.100",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,51 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:wavlink:wn551k1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "638D4CDE-A83C-4CDA-A7B5-4F66C57A632D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:wavlink:wn551k1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8715346B-4E4E-484F-9783-848D215A1F6A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/live_check.shtml/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/live_check.shtml/README.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

41
CVE-2024/CVE-2024-389xx/CVE-2024-38949.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38949",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-26T20:15:16.263",
"lastModified": "2024-11-21T09:27:00.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:15:02.730",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:struktur:libde265:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9A47DF3A-3A57-41C7-BA2A-74D2B89E9AF7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/strukturag/libde265/issues/460",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-38949",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/strukturag/libde265/issues/460",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-38949",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-389xx/CVE-2024-38950.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38950",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-26T20:15:16.367",
"lastModified": "2024-11-21T09:27:00.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:15:28.550",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:struktur:libde265:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9A47DF3A-3A57-41C7-BA2A-74D2B89E9AF7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/strukturag/libde265/issues/460",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Exploit"
]
},
{
"url": "https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-38950",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/strukturag/libde265/issues/460",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Exploit"
]
},
{
"url": "https://github.com/zhangteng0526/CVE-information/blob/main/CVE-2024-38950",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2024/CVE-2024-504xx/CVE-2024-50406.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-50406",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:23.500",
"lastModified": "2025-06-06T16:15:23.500",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data.\n\nWe have already fixed the vulnerability in the following version:\nLicense Center 1.9.49 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 2.0,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "ACTIVE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-11",
"source": "security@qnapsecurity.com.tw"
}
]
}

45
CVE-2024/CVE-2024-51xx/CVE-2024-5155.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5155",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-14T06:15:13.373",
"lastModified": "2024-11-21T09:47:05.140",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-06T16:18:02.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ravster:inquiry_cart:-:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9E13226D-8598-4981-9067-323C597FD576"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/f1e90a8a-d959-4316-a5d4-e183854944bd/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/f1e90a8a-d959-4316-a5d4-e183854944bd/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

82
CVE-2024/CVE-2024-568xx/CVE-2024-56805.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2024-56805",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:23.660",
"lastModified": "2025-06-06T16:15:23.660",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.4.3079 build 20250321 and later\nQuTS hero h5.2.4.3079 build 20250321 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-12",
"source": "security@qnapsecurity.com.tw"
}
]
}

39
CVE-2024/CVE-2024-570xx/CVE-2024-57049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57049",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-18T15:15:16.890",
"lastModified": "2025-02-19T15:15:15.297",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:59:07.280",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:archer_c20_firmware:6.6_230412:*:*:*:*:*:*:*",
"matchCriteriaId": "D84F1513-D185-40BF-BAF4-5D54142320C3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:archer_c20:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E52B6D67-BAFB-44D9-ADDF-40632F4603B9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/archer%20c20/ACL%20bypass%20Vulnerability%20in%20TP-Link%20archer%20c20.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-570xx/CVE-2024-57050.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57050",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-18T15:15:16.977",
"lastModified": "2025-02-19T15:15:15.460",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:59:21.903",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:wr840n_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.9.1_4.16",
"matchCriteriaId": "9921C785-A6AB-4E22-B8AE-791C2E774483"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:wr840n:6:*:*:*:*:*:*:*",
"matchCriteriaId": "79A291AB-FA6F-452E-90B3-2F705A86F83A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Shuanunio/CVE_Requests/blob/main/TP-Link/WR840N%20v6/ACL%20bypass%20Vulnerability%20in%20TP-Link%20TL-WR840N.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Exploit"
]
}
]
}

34
CVE-2024/CVE-2024-576xx/CVE-2024-57603.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57603",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-12T22:15:40.977",
"lastModified": "2025-02-13T19:15:13.890",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:53:07.037",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayswind:ezbookkeeping:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D63A9F48-C5FC-43E5-99F5-9F62092AFE16"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mayswind/ezbookkeeping/issues/33",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://hkohi.ca/vulnerability/1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

34
CVE-2024/CVE-2024-576xx/CVE-2024-57604.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57604",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-12T22:15:41.100",
"lastModified": "2025-03-20T15:15:43.980",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:57:47.273",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayswind:ezbookkeeping:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D63A9F48-C5FC-43E5-99F5-9F62092AFE16"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mayswind/ezbookkeeping/issues/33",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://hkohi.ca/vulnerability/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-63xx/CVE-2024-6390.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6390",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-08-03T06:16:29.320",
"lastModified": "2024-08-05T14:35:08.267",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-06T16:10:55.940",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "9.1.0",
"matchCriteriaId": "582D843B-A979-4CD5-A82D-5E3CBE5E0FED"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/00586687-33c7-4d84-b606-0478b1063d24/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-64xx/CVE-2024-6477.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6477",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-08-03T06:16:29.427",
"lastModified": "2024-09-06T17:35:19.087",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-06T16:12:25.440",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,10 +39,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ayecode:userswp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.12",
"matchCriteriaId": "4A08886D-1258-4225-AA23-DF654B43FFB0"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2025/CVE-2025-201xx/CVE-2025-20188.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-20188",
"sourceIdentifier": "psirt@cisco.com",
"published": "2025-05-07T18:15:38.617",
"lastModified": "2025-06-04T14:15:27.247",
"lastModified": "2025-06-06T17:15:30.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Out-of-Band Access Point (AP) Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.\r\n\r This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP image download interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges. \r\n\r Note: For exploitation to be successful, the Out-of-Band AP Image Download feature must be enabled on the device. It is not enabled by default."
"value": "A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles features of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.\r\n\r This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system. An attacker could exploit this vulnerability by sending crafted HTTPS requests to the AP file upload interface. A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges."
},
{
"lang": "es",

82
CVE-2025/CVE-2025-224xx/CVE-2025-22481.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-22481",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:23.877",
"lastModified": "2025-06-06T16:15:23.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.4.3079 build 20250321 and later\nQuTS hero h5.2.4.3079 build 20250321 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-12",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-224xx/CVE-2025-22482.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-22482",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:24.023",
"lastModified": "2025-06-06T16:15:24.023",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 4.5.0.6 ( 2025/03/20 ) and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 2.3,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-10",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-224xx/CVE-2025-22484.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-22484",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:24.187",
"lastModified": "2025-06-06T16:15:24.187",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-16",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-224xx/CVE-2025-22486.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-22486",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:24.330",
"lastModified": "2025-06-06T16:15:24.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nFile Station 5 5.5.6.4791 and later\n and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-09",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-224xx/CVE-2025-22490.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-22490",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:24.487",
"lastModified": "2025-06-06T16:15:24.487",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-16",
"source": "security@qnapsecurity.com.tw"
}
]
}

27
CVE-2025/CVE-2025-261xx/CVE-2025-26157.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26157",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-14T17:15:22.437",
"lastModified": "2025-02-14T20:15:37.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:58:10.687",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:darkseid:beauty_parlour_management_system:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA0317A3-FA08-46CE-A8BC-7E39D768AC6F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/rtnthakur/CVE/blob/main/others/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

27
CVE-2025/CVE-2025-261xx/CVE-2025-26158.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26158",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-14T17:15:22.590",
"lastModified": "2025-02-14T20:15:37.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:58:29.797",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kashipara:online_attendance_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B9A9C0A-004B-4527-9B98-B6B402B1A7C2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/rtnthakur/CVE/blob/main/Kashipara/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2025/CVE-2025-267xx/CVE-2025-26773.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26773",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-02-17T12:15:29.123",
"lastModified": "2025-02-17T12:15:29.123",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-06-06T17:58:49.050",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:analytify:analytify_-_google_analytics_dashboard:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.5.1",
"matchCriteriaId": "D4AB2197-C1A7-4D7E-9957-F42FEE6F6842"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-5-0-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

78
CVE-2025/CVE-2025-298xx/CVE-2025-29871.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-29871",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:24.637",
"lastModified": "2025-06-06T16:15:24.637",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 2.4,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-16",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-298xx/CVE-2025-29872.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-29872",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:24.803",
"lastModified": "2025-06-06T16:15:24.803",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-16",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-298xx/CVE-2025-29873.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-29873",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:24.950",
"lastModified": "2025-06-06T16:15:24.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-16",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-298xx/CVE-2025-29876.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-29876",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:25.090",
"lastModified": "2025-06-06T16:15:25.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-16",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-298xx/CVE-2025-29877.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-29877",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:25.230",
"lastModified": "2025-06-06T16:15:25.230",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-16",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-298xx/CVE-2025-29883.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-29883",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:25.370",
"lastModified": "2025-06-06T16:15:25.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nFile Station 5 5.5.6.4791 and later\n and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-09",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-298xx/CVE-2025-29884.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-29884",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:25.510",
"lastModified": "2025-06-06T16:15:25.510",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nFile Station 5 5.5.6.4791 and later\n and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-09",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-298xx/CVE-2025-29885.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-29885",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:25.643",
"lastModified": "2025-06-06T16:15:25.643",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nFile Station 5 5.5.6.4791 and later\n and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-09",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-298xx/CVE-2025-29892.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-29892",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:25.783",
"lastModified": "2025-06-06T16:15:25.783",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands.\n\nWe have already fixed the vulnerability in the following version:\nQsync Central 4.5.0.6 ( 2025/03/20 ) and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-10",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-302xx/CVE-2025-30279.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-30279",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:26.030",
"lastModified": "2025-06-06T16:15:26.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-16",
"source": "security@qnapsecurity.com.tw"
}
]
}

18
CVE-2025/CVE-2025-312xx/CVE-2025-31200.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-31200",
"sourceIdentifier": "product-security@apple.com",
"published": "2025-04-16T19:15:54.540",
"lastModified": "2025-06-03T20:53:52.223",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-06T16:15:27.827",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -22,20 +22,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
"impactScore": 5.2
}
]
},

14
CVE-2025/CVE-2025-312xx/CVE-2025-31201.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-31201",
"sourceIdentifier": "product-security@apple.com",
"published": "2025-04-16T19:15:54.673",
"lastModified": "2025-04-18T13:47:59.890",
"vulnStatus": "Analyzed",
"lastModified": "2025-06-06T16:15:28.020",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -22,9 +22,9 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -32,10 +32,10 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
"impactScore": 5.9
}
]
},

78
CVE-2025/CVE-2025-330xx/CVE-2025-33031.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-33031",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:28.203",
"lastModified": "2025-06-06T16:15:28.203",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-16",
"source": "security@qnapsecurity.com.tw"
}
]
}

78
CVE-2025/CVE-2025-330xx/CVE-2025-33035.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-33035",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2025-06-06T16:15:28.353",
"lastModified": "2025-06-06T16:15:28.353",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-25-16",
"source": "security@qnapsecurity.com.tw"
}
]
}

56
CVE-2025/CVE-2025-495xx/CVE-2025-49599.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-49599",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-06T17:15:36.147",
"lastModified": "2025-06-06T17:15:36.147",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka HWNO-56Q3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.youtube.com/watch?v=l1eYpcNvZdQ",
"source": "cve@mitre.org"
}
]
}

96
CVE-2025/CVE-2025-55xx/CVE-2025-5502.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-5502",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-03T14:15:51.893",
"lastModified": "2025-06-04T14:54:33.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:42:05.687",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -122,32 +142,92 @@
"value": "CWE-77"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:*",
"matchCriteriaId": "72A1546F-1A48-42AC-9176-95E44E96445C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87818B18-BF90-466D-90C6-D0B4DEBCE330"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Yhuanhuan01/TOTOlink/blob/main/TOTOlink-x15.md#poc1-code-injection",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.310916",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.310916",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.583562",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Yhuanhuan01/TOTOlink/blob/main/TOTOlink-x15.md#poc1-code-injection",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit"
]
}
]
}

96
CVE-2025/CVE-2025-55xx/CVE-2025-5516.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-5516",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-03T18:15:27.067",
"lastModified": "2025-06-04T14:54:33.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:42:29.520",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV2": [
@ -122,32 +142,92 @@
"value": "CWE-94"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:totolink:x2000r_firmware:1.0.0-b20230726.1108:*:*:*:*:*:*:*",
"matchCriteriaId": "597534B0-5451-4B51-AEFA-099DB4DC505E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:totolink:x2000r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299F34FB-4D53-4846-B6F0-4431D61B5154"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/X2000R/XSS_url_filtering",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.310953",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.310953",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.584661",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/fizz-is-on-the-way/Iot_vuls/tree/main/X2000R/XSS_url_filtering",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit"
]
}
]
}

89
CVE-2025/CVE-2025-55xx/CVE-2025-5525.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-5525",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-03T20:15:22.563",
"lastModified": "2025-06-04T14:54:33.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-06T17:27:21.350",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -122,32 +142,85 @@
"value": "CWE-78"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jrohy:trojan:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndIncluding": "2.15.3",
"matchCriteriaId": "B6306641-D89A-42C6-AC6F-D77342BEFFA3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Tritium0041/Jrohy-trojan-RCE-POC/blob/main/POC.py",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/ainrm/Jrohy-trojan-unauth-poc/blob/main/README.en.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.310966",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.310966",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.586673",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/ainrm/Jrohy-trojan-unauth-poc/blob/main/README.en.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

10
CVE-2025/CVE-2025-56xx/CVE-2025-5685.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-5685",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-05T20:15:26.993",
"lastModified": "2025-06-06T14:07:28.330",
"lastModified": "2025-06-06T16:15:29.510",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -63,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -111,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -144,6 +144,10 @@
{
"url": "https://www.tenda.com.cn/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/xubeining/Cve_report/blob/main/A%20remote%20code%20execution%20vulnerability%20in%20the%20router%20CH22%20V1.0.0.1%20manufactured%20by%20Shenzhen%20Jixiangtengda%20Technology%20Co.%2C%20Ltd1.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

56
CVE-2025/CVE-2025-57xx/CVE-2025-5747.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-5747",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2025-06-06T16:15:29.803",
"lastModified": "2025-06-06T16:15:29.803",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-115"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-326/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

56
CVE-2025/CVE-2025-57xx/CVE-2025-5748.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-5748",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2025-06-06T16:15:29.973",
"lastModified": "2025-06-06T16:15:29.973",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the Tuya communications module software. The issue results from the exposure of a method allowing the upload of crafted software images to the module. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26349."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-749"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-327/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

56
CVE-2025/CVE-2025-57xx/CVE-2025-5749.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-5749",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2025-06-06T16:15:30.120",
"lastModified": "2025-06-06T16:15:30.120",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of cryptographic keys used in vendor-specific encrypted communications. The issue results from the lack of proper initialization of a variable prior to accessing it. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26295."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-457"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-328/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

56
CVE-2025/CVE-2025-57xx/CVE-2025-5750.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-5750",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2025-06-06T16:15:30.273",
"lastModified": "2025-06-06T16:15:30.273",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId parameters. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26294."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-329/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

56
CVE-2025/CVE-2025-57xx/CVE-2025-5751.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-5751",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2025-06-06T16:15:30.413",
"lastModified": "2025-06-06T16:15:30.413",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of management cards. The issue results from the lack of personalization of management cards. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26292."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-330/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

149
CVE-2025/CVE-2025-57xx/CVE-2025-5783.json Normal file
View File

@ -0,0 +1,149 @@
{
"id": "CVE-2025-5783",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-06T16:15:30.960",
"lastModified": "2025-06-06T16:15:30.960",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. This affects an unknown part of the file /editmyexp.php. The manipulation of the argument emp3workduration leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/f1rstb100d/myCVE/issues/58",
"source": "cna@vuldb.com"
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.311331",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.311331",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.591203",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/f1rstb100d/myCVE/issues/58",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

145
CVE-2025/CVE-2025-57xx/CVE-2025-5784.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-5784",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-06T16:15:31.180",
"lastModified": "2025-06-06T16:15:31.180",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /myexp.php. The manipulation of the argument emp3ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/f1rstb100d/myCVE/issues/60",
"source": "cna@vuldb.com"
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.311332",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.311332",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.591205",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-57xx/CVE-2025-5785.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-5785",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-06T16:15:31.370",
"lastModified": "2025-06-06T16:15:31.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/Lena-lyy/cve/blob/main/7.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.311333",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.311333",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.591210",
"source": "cna@vuldb.com"
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-57xx/CVE-2025-5786.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-5786",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-06T17:15:39.037",
"lastModified": "2025-06-06T17:15:39.037",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/Lena-lyy/cve/blob/main/8.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.311334",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.311334",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.591211",
"source": "cna@vuldb.com"
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-57xx/CVE-2025-5787.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-5787",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-06T17:15:40.630",
"lastModified": "2025-06-06T17:15:40.630",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/Lena-lyy/cve/blob/main/9.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.311335",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.311335",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.591212",
"source": "cna@vuldb.com"
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-57xx/CVE-2025-5788.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-5788",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-06T17:15:41.797",
"lastModified": "2025-06-06T17:15:41.797",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/awindog/cve/blob/main/10.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.311336",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.311336",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.591217",
"source": "cna@vuldb.com"
},
{
"url": "https://www.totolink.net/",
"source": "cna@vuldb.com"
}
]
}

6
CVE-2025/CVE-2025-58xx/CVE-2025-5806.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-5806",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2025-06-06T14:15:23.323",
"lastModified": "2025-06-06T14:15:23.323",
"lastModified": "2025-06-06T16:15:31.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -51,6 +51,10 @@
{
"url": "https://www.jenkins.io/security/advisory/2025-06-06/#SECURITY-3588",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/06/8",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

96
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-06-06T16:00:20.446325+00:00
2025-06-06T18:00:19.694569+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-06-06T15:44:21.280000+00:00
2025-06-06T17:59:21.903000+00:00
```
### Last Data Feed Release
@ -33,55 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
296905
296938
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `33`
- [CVE-2025-0620](CVE-2025/CVE-2025-06xx/CVE-2025-0620.json) (`2025-06-06T14:15:21.247`)
- [CVE-2025-27531](CVE-2025/CVE-2025-275xx/CVE-2025-27531.json) (`2025-06-06T15:15:23.883`)
- [CVE-2025-38001](CVE-2025/CVE-2025-380xx/CVE-2025-38001.json) (`2025-06-06T14:15:22.183`)
- [CVE-2025-38002](CVE-2025/CVE-2025-380xx/CVE-2025-38002.json) (`2025-06-06T14:15:22.313`)
- [CVE-2025-41646](CVE-2025/CVE-2025-416xx/CVE-2025-41646.json) (`2025-06-06T15:15:26.183`)
- [CVE-2025-5778](CVE-2025/CVE-2025-57xx/CVE-2025-5778.json) (`2025-06-06T14:15:22.940`)
- [CVE-2025-5779](CVE-2025/CVE-2025-57xx/CVE-2025-5779.json) (`2025-06-06T15:15:27.177`)
- [CVE-2025-5780](CVE-2025/CVE-2025-57xx/CVE-2025-5780.json) (`2025-06-06T15:15:27.377`)
- [CVE-2025-5782](CVE-2025/CVE-2025-57xx/CVE-2025-5782.json) (`2025-06-06T15:15:27.557`)
- [CVE-2025-5791](CVE-2025/CVE-2025-57xx/CVE-2025-5791.json) (`2025-06-06T14:15:23.137`)
- [CVE-2025-5806](CVE-2025/CVE-2025-58xx/CVE-2025-5806.json) (`2025-06-06T14:15:23.323`)
- [CVE-2025-22490](CVE-2025/CVE-2025-224xx/CVE-2025-22490.json) (`2025-06-06T16:15:24.487`)
- [CVE-2025-29871](CVE-2025/CVE-2025-298xx/CVE-2025-29871.json) (`2025-06-06T16:15:24.637`)
- [CVE-2025-29872](CVE-2025/CVE-2025-298xx/CVE-2025-29872.json) (`2025-06-06T16:15:24.803`)
- [CVE-2025-29873](CVE-2025/CVE-2025-298xx/CVE-2025-29873.json) (`2025-06-06T16:15:24.950`)
- [CVE-2025-29876](CVE-2025/CVE-2025-298xx/CVE-2025-29876.json) (`2025-06-06T16:15:25.090`)
- [CVE-2025-29877](CVE-2025/CVE-2025-298xx/CVE-2025-29877.json) (`2025-06-06T16:15:25.230`)
- [CVE-2025-29883](CVE-2025/CVE-2025-298xx/CVE-2025-29883.json) (`2025-06-06T16:15:25.370`)
- [CVE-2025-29884](CVE-2025/CVE-2025-298xx/CVE-2025-29884.json) (`2025-06-06T16:15:25.510`)
- [CVE-2025-29885](CVE-2025/CVE-2025-298xx/CVE-2025-29885.json) (`2025-06-06T16:15:25.643`)
- [CVE-2025-29892](CVE-2025/CVE-2025-298xx/CVE-2025-29892.json) (`2025-06-06T16:15:25.783`)
- [CVE-2025-30279](CVE-2025/CVE-2025-302xx/CVE-2025-30279.json) (`2025-06-06T16:15:26.030`)
- [CVE-2025-33031](CVE-2025/CVE-2025-330xx/CVE-2025-33031.json) (`2025-06-06T16:15:28.203`)
- [CVE-2025-33035](CVE-2025/CVE-2025-330xx/CVE-2025-33035.json) (`2025-06-06T16:15:28.353`)
- [CVE-2025-49599](CVE-2025/CVE-2025-495xx/CVE-2025-49599.json) (`2025-06-06T17:15:36.147`)
- [CVE-2025-5747](CVE-2025/CVE-2025-57xx/CVE-2025-5747.json) (`2025-06-06T16:15:29.803`)
- [CVE-2025-5748](CVE-2025/CVE-2025-57xx/CVE-2025-5748.json) (`2025-06-06T16:15:29.973`)
- [CVE-2025-5749](CVE-2025/CVE-2025-57xx/CVE-2025-5749.json) (`2025-06-06T16:15:30.120`)
- [CVE-2025-5750](CVE-2025/CVE-2025-57xx/CVE-2025-5750.json) (`2025-06-06T16:15:30.273`)
- [CVE-2025-5751](CVE-2025/CVE-2025-57xx/CVE-2025-5751.json) (`2025-06-06T16:15:30.413`)
- [CVE-2025-5783](CVE-2025/CVE-2025-57xx/CVE-2025-5783.json) (`2025-06-06T16:15:30.960`)
- [CVE-2025-5784](CVE-2025/CVE-2025-57xx/CVE-2025-5784.json) (`2025-06-06T16:15:31.180`)
- [CVE-2025-5785](CVE-2025/CVE-2025-57xx/CVE-2025-5785.json) (`2025-06-06T16:15:31.370`)
- [CVE-2025-5786](CVE-2025/CVE-2025-57xx/CVE-2025-5786.json) (`2025-06-06T17:15:39.037`)
- [CVE-2025-5787](CVE-2025/CVE-2025-57xx/CVE-2025-5787.json) (`2025-06-06T17:15:40.630`)
- [CVE-2025-5788](CVE-2025/CVE-2025-57xx/CVE-2025-5788.json) (`2025-06-06T17:15:41.797`)
### CVEs modified in the last Commit
Recently modified CVEs: `319`
Recently modified CVEs: `30`
- [CVE-2025-5726](CVE-2025/CVE-2025-57xx/CVE-2025-5726.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5727](CVE-2025/CVE-2025-57xx/CVE-2025-5727.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5728](CVE-2025/CVE-2025-57xx/CVE-2025-5728.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5729](CVE-2025/CVE-2025-57xx/CVE-2025-5729.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5732](CVE-2025/CVE-2025-57xx/CVE-2025-5732.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5733](CVE-2025/CVE-2025-57xx/CVE-2025-5733.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5734](CVE-2025/CVE-2025-57xx/CVE-2025-5734.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5735](CVE-2025/CVE-2025-57xx/CVE-2025-5735.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5736](CVE-2025/CVE-2025-57xx/CVE-2025-5736.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5737](CVE-2025/CVE-2025-57xx/CVE-2025-5737.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5738](CVE-2025/CVE-2025-57xx/CVE-2025-5738.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5739](CVE-2025/CVE-2025-57xx/CVE-2025-5739.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5745](CVE-2025/CVE-2025-57xx/CVE-2025-5745.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5755](CVE-2025/CVE-2025-57xx/CVE-2025-5755.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5756](CVE-2025/CVE-2025-57xx/CVE-2025-5756.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5757](CVE-2025/CVE-2025-57xx/CVE-2025-5757.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5758](CVE-2025/CVE-2025-57xx/CVE-2025-5758.json) (`2025-06-06T14:07:28.330`)
- [CVE-2025-5759](CVE-2025/CVE-2025-57xx/CVE-2025-5759.json) (`2025-06-06T14:06:58.193`)
- [CVE-2025-5760](CVE-2025/CVE-2025-57xx/CVE-2025-5760.json) (`2025-06-06T14:06:58.193`)
- [CVE-2025-5761](CVE-2025/CVE-2025-57xx/CVE-2025-5761.json) (`2025-06-06T14:06:58.193`)
- [CVE-2025-5762](CVE-2025/CVE-2025-57xx/CVE-2025-5762.json) (`2025-06-06T14:06:58.193`)
- [CVE-2025-5763](CVE-2025/CVE-2025-57xx/CVE-2025-5763.json) (`2025-06-06T14:06:58.193`)
- [CVE-2025-5764](CVE-2025/CVE-2025-57xx/CVE-2025-5764.json) (`2025-06-06T14:06:58.193`)
- [CVE-2025-5765](CVE-2025/CVE-2025-57xx/CVE-2025-5765.json) (`2025-06-06T14:06:58.193`)
- [CVE-2025-5766](CVE-2025/CVE-2025-57xx/CVE-2025-5766.json) (`2025-06-06T14:06:58.193`)
- [CVE-2024-38892](CVE-2024/CVE-2024-388xx/CVE-2024-38892.json) (`2025-06-06T17:16:48.147`)
- [CVE-2024-38894](CVE-2024/CVE-2024-388xx/CVE-2024-38894.json) (`2025-06-06T17:16:55.567`)
- [CVE-2024-38895](CVE-2024/CVE-2024-388xx/CVE-2024-38895.json) (`2025-06-06T17:13:32.390`)
- [CVE-2024-38896](CVE-2024/CVE-2024-388xx/CVE-2024-38896.json) (`2025-06-06T17:13:15.750`)
- [CVE-2024-38897](CVE-2024/CVE-2024-388xx/CVE-2024-38897.json) (`2025-06-06T17:10:46.100`)
- [CVE-2024-38949](CVE-2024/CVE-2024-389xx/CVE-2024-38949.json) (`2025-06-06T17:15:02.730`)
- [CVE-2024-38950](CVE-2024/CVE-2024-389xx/CVE-2024-38950.json) (`2025-06-06T17:15:28.550`)
- [CVE-2024-5155](CVE-2024/CVE-2024-51xx/CVE-2024-5155.json) (`2025-06-06T16:18:02.717`)
- [CVE-2024-57049](CVE-2024/CVE-2024-570xx/CVE-2024-57049.json) (`2025-06-06T17:59:07.280`)
- [CVE-2024-57050](CVE-2024/CVE-2024-570xx/CVE-2024-57050.json) (`2025-06-06T17:59:21.903`)
- [CVE-2024-57603](CVE-2024/CVE-2024-576xx/CVE-2024-57603.json) (`2025-06-06T17:53:07.037`)
- [CVE-2024-57604](CVE-2024/CVE-2024-576xx/CVE-2024-57604.json) (`2025-06-06T17:57:47.273`)
- [CVE-2024-6390](CVE-2024/CVE-2024-63xx/CVE-2024-6390.json) (`2025-06-06T16:10:55.940`)
- [CVE-2024-6477](CVE-2024/CVE-2024-64xx/CVE-2024-6477.json) (`2025-06-06T16:12:25.440`)
- [CVE-2025-20188](CVE-2025/CVE-2025-201xx/CVE-2025-20188.json) (`2025-06-06T17:15:30.170`)
- [CVE-2025-26157](CVE-2025/CVE-2025-261xx/CVE-2025-26157.json) (`2025-06-06T17:58:10.687`)
- [CVE-2025-26158](CVE-2025/CVE-2025-261xx/CVE-2025-26158.json) (`2025-06-06T17:58:29.797`)
- [CVE-2025-26773](CVE-2025/CVE-2025-267xx/CVE-2025-26773.json) (`2025-06-06T17:58:49.050`)
- [CVE-2025-31200](CVE-2025/CVE-2025-312xx/CVE-2025-31200.json) (`2025-06-06T16:15:27.827`)
- [CVE-2025-31201](CVE-2025/CVE-2025-312xx/CVE-2025-31201.json) (`2025-06-06T16:15:28.020`)
- [CVE-2025-5502](CVE-2025/CVE-2025-55xx/CVE-2025-5502.json) (`2025-06-06T17:42:05.687`)
- [CVE-2025-5516](CVE-2025/CVE-2025-55xx/CVE-2025-5516.json) (`2025-06-06T17:42:29.520`)
- [CVE-2025-5525](CVE-2025/CVE-2025-55xx/CVE-2025-5525.json) (`2025-06-06T17:27:21.350`)
- [CVE-2025-5685](CVE-2025/CVE-2025-56xx/CVE-2025-5685.json) (`2025-06-06T16:15:29.510`)
- [CVE-2025-5806](CVE-2025/CVE-2025-58xx/CVE-2025-5806.json) (`2025-06-06T16:15:31.560`)
## Download and Usage

749
_state.csv
View File

File diff suppressed because it is too large Load Diff