diff --git a/CVE-2015/CVE-2015-51xx/CVE-2015-5119.json b/CVE-2015/CVE-2015-51xx/CVE-2015-5119.json
index 27b53855c32..a24e8f99974 100644
--- a/CVE-2015/CVE-2015-51xx/CVE-2015-5119.json
+++ b/CVE-2015/CVE-2015-51xx/CVE-2015-5119.json
@@ -2,7 +2,7 @@
"id": "CVE-2015-5119",
"sourceIdentifier": "psirt@adobe.com",
"published": "2015-07-08T14:59:05.677",
- "lastModified": "2025-04-12T10:46:40.837",
+ "lastModified": "2025-04-21T15:09:01.347",
"vulnStatus": "Deferred",
"cveTags": [],
"descriptions": [
diff --git a/CVE-2020/CVE-2020-368xx/CVE-2020-36844.json b/CVE-2020/CVE-2020-368xx/CVE-2020-36844.json
index 90a3946aeaa..c862160314f 100644
--- a/CVE-2020/CVE-2020-368xx/CVE-2020-36844.json
+++ b/CVE-2020/CVE-2020-368xx/CVE-2020-36844.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-36844",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-20T22:15:28.950",
- "lastModified": "2025-04-20T22:15:28.950",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
diff --git a/CVE-2020/CVE-2020-368xx/CVE-2020-36845.json b/CVE-2020/CVE-2020-368xx/CVE-2020-36845.json
index 81d5bbcbd6d..92724aaa640 100644
--- a/CVE-2020/CVE-2020-368xx/CVE-2020-36845.json
+++ b/CVE-2020/CVE-2020-368xx/CVE-2020-36845.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-36845",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-20T22:15:29.690",
- "lastModified": "2025-04-20T22:15:29.690",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
diff --git a/CVE-2021/CVE-2021-250xx/CVE-2021-25094.json b/CVE-2021/CVE-2021-250xx/CVE-2021-25094.json
index 2ce2a2bb17d..f29f57857fe 100644
--- a/CVE-2021/CVE-2021-250xx/CVE-2021-25094.json
+++ b/CVE-2021/CVE-2021-250xx/CVE-2021-25094.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-25094",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-04-25T16:16:07.117",
- "lastModified": "2024-11-21T05:54:20.367",
+ "lastModified": "2025-04-21T15:15:49.620",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -67,7 +67,7 @@
"weaknesses": [
{
"source": "contact@wpscan.com",
- "type": "Primary",
+ "type": "Secondary",
"description": [
{
"lang": "en",
@@ -147,6 +147,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://packetstorm.news/files/id/190566/",
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ },
{
"url": "https://wpscan.com/vulnerability/fb0097a0-5d7b-4e5b-97de-aacafa8fffcd",
"source": "af854a3a-2127-422b-91ae-364da2661108",
@@ -154,6 +158,10 @@
"Exploit",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.exploit-db.com/exploits/52260",
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-316xx/CVE-2021-31650.json b/CVE-2021/CVE-2021-316xx/CVE-2021-31650.json
index 7f18426f92e..6ef9a56adc9 100644
--- a/CVE-2021/CVE-2021-316xx/CVE-2021-31650.json
+++ b/CVE-2021/CVE-2021-316xx/CVE-2021-31650.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-31650",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-16T22:15:08.627",
- "lastModified": "2024-11-21T06:06:04.737",
+ "lastModified": "2025-04-21T15:15:50.520",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-382xx/CVE-2021-38241.json b/CVE-2021/CVE-2021-382xx/CVE-2021-38241.json
index 71743507124..fa48d0e2a2e 100644
--- a/CVE-2021/CVE-2021-382xx/CVE-2021-38241.json
+++ b/CVE-2021/CVE-2021-382xx/CVE-2021-38241.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-38241",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-16T22:15:08.690",
- "lastModified": "2024-11-21T06:16:40.907",
+ "lastModified": "2025-04-21T14:15:21.010",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-502"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-42xx/CVE-2021-4226.json b/CVE-2021/CVE-2021-42xx/CVE-2021-4226.json
index a1a07ac17fa..802a9797295 100644
--- a/CVE-2021/CVE-2021-42xx/CVE-2021-4226.json
+++ b/CVE-2021/CVE-2021-42xx/CVE-2021-4226.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-4226",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-12-15T19:15:16.410",
- "lastModified": "2024-11-21T06:37:11.163",
+ "lastModified": "2025-04-21T15:15:50.793",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,9 +36,41 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
}
]
},
+ "weaknesses": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-345"
+ }
+ ]
+ }
+ ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4455.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4455.json
index 2bbc805e7f7..5207a92e45f 100644
--- a/CVE-2021/CVE-2021-44xx/CVE-2021-4455.json
+++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4455.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-4455",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-19T08:15:13.220",
- "lastModified": "2025-04-19T08:15:13.220",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2022/CVE-2022-201xx/CVE-2022-20199.json b/CVE-2022/CVE-2022-201xx/CVE-2022-20199.json
index 33928739077..225f8676a53 100644
--- a/CVE-2022/CVE-2022-201xx/CVE-2022-20199.json
+++ b/CVE-2022/CVE-2022-201xx/CVE-2022-20199.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20199",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:16.393",
- "lastModified": "2024-11-21T06:42:20.327",
+ "lastModified": "2025-04-21T14:15:22.120",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-610"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-610"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20503.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20503.json
index 7c2fe8a5f97..49f6284d53b 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20503.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20503.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20503",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:16.447",
- "lastModified": "2024-11-21T06:42:56.310",
+ "lastModified": "2025-04-21T14:15:22.280",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-862"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20504.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20504.json
index 413fcbce8ca..13f508a4d66 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20504.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20504.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20504",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:16.497",
- "lastModified": "2024-11-21T06:42:56.427",
+ "lastModified": "2025-04-21T14:15:22.443",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-862"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20505.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20505.json
index 3df999e93ad..96431ff745a 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20505.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20505.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20505",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:16.547",
- "lastModified": "2024-11-21T06:42:56.540",
+ "lastModified": "2025-04-21T14:15:22.607",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-22"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20506.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20506.json
index 0ff360a1a32..53ca9e74a43 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20506.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20506.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20506",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:16.597",
- "lastModified": "2024-11-21T06:42:56.650",
+ "lastModified": "2025-04-21T14:15:22.763",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-862"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20507.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20507.json
index b56759e4b9d..be846a5872f 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20507.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20507.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20507",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:16.647",
- "lastModified": "2024-11-21T06:42:56.773",
+ "lastModified": "2025-04-21T14:15:22.920",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-20"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20508.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20508.json
index 1e4d7c36cdb..62a0f529342 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20508.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20508.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20508",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:16.700",
- "lastModified": "2024-11-21T06:42:56.893",
+ "lastModified": "2025-04-21T14:15:23.087",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-862"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20509.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20509.json
index 1ada03e856a..8be77fe6c46 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20509.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20509.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20509",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:16.750",
- "lastModified": "2024-11-21T06:42:57.013",
+ "lastModified": "2025-04-21T14:15:23.260",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20510.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20510.json
index cdf9d31f430..1207fe3bc8c 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20510.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20510.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20510",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:16.803",
- "lastModified": "2024-11-21T06:42:57.130",
+ "lastModified": "2025-04-21T14:15:23.907",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-862"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20511.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20511.json
index b816beb3b32..13e43228e91 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20511.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20511.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20511",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:16.850",
- "lastModified": "2024-11-21T06:42:57.240",
+ "lastModified": "2025-04-21T15:15:51.020",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-862"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20512.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20512.json
index cd9e6d2c774..8d27a615a40 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20512.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20512.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20512",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:16.900",
- "lastModified": "2024-11-21T06:42:57.363",
+ "lastModified": "2025-04-21T15:15:51.170",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-20"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20513.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20513.json
index e39dd094f84..7f79db9db78 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20513.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20513.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20513",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:16.953",
- "lastModified": "2024-11-21T06:42:57.477",
+ "lastModified": "2025-04-21T15:15:51.327",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-125"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20514.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20514.json
index 05fd2616523..cef13ac6d48 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20514.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20514.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20514",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:17.007",
- "lastModified": "2024-11-21T06:42:57.597",
+ "lastModified": "2025-04-21T14:15:24.083",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20523.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20523.json
index 67f195d5276..e0878794b4e 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20523.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20523.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20523",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:17.460",
- "lastModified": "2024-11-21T06:42:58.637",
+ "lastModified": "2025-04-21T14:15:24.253",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 4.2
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-125"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20524.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20524.json
index d6756f5706d..3ddef5489e3 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20524.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20524.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20524",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:17.510",
- "lastModified": "2024-11-21T06:42:58.757",
+ "lastModified": "2025-04-21T14:15:24.400",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20525.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20525.json
index 3c3f17ad1e4..6fd019e8ffe 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20525.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20525.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20525",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:17.560",
- "lastModified": "2024-11-21T06:42:58.873",
+ "lastModified": "2025-04-21T14:15:24.563",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "baseScore": 3.3,
+ "baseSeverity": "LOW",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 1.4
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-209"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-209"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20526.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20526.json
index 9013673eaab..d7e3703f762 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20526.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20526.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20526",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:17.607",
- "lastModified": "2024-11-21T06:42:58.993",
+ "lastModified": "2025-04-21T14:15:24.730",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
+ "baseScore": 3.3,
+ "baseSeverity": "LOW",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 1.4
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20527.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20527.json
index a1e5d556c79..e85e6268a5a 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20527.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20527.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20527",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:17.657",
- "lastModified": "2024-11-21T06:42:59.113",
+ "lastModified": "2025-04-21T14:15:24.887",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-125"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20541.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20541.json
index 78d6715cdcd..b932bd2b798 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20541.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20541.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20541",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:18.340",
- "lastModified": "2024-11-21T06:43:00.817",
+ "lastModified": "2025-04-21T14:15:25.047",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.6,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
+ "baseScore": 4.2,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 0.6,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-125"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20543.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20543.json
index e01f0b0af64..6dc9bab809b 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20543.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20543.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20543",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:18.387",
- "lastModified": "2024-11-21T06:43:01.060",
+ "lastModified": "2025-04-21T14:15:25.227",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 1.4
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
+ "baseScore": 2.3,
+ "baseSeverity": "LOW",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 1.4
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-1284"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1284"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20544.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20544.json
index 493cf54b273..0a1ededd6b9 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20544.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20544.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20544",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:18.437",
- "lastModified": "2024-11-21T06:43:01.183",
+ "lastModified": "2025-04-21T14:15:25.417",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 2.5
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-862"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20545.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20545.json
index 56f13b5ed65..6e07bbe39f7 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20545.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20545.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20545",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:18.500",
- "lastModified": "2024-11-21T06:43:01.303",
+ "lastModified": "2025-04-21T14:15:25.607",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-20"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20546.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20546.json
index 33ede53098b..d9cf04c65c4 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20546.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20546.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20546",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:18.547",
- "lastModified": "2024-11-21T06:43:01.423",
+ "lastModified": "2025-04-21T14:15:25.810",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20562.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20562.json
index bdba52f2197..64bb1f57f5f 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20562.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20562.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20562",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:19.290",
- "lastModified": "2024-11-21T06:43:03.470",
+ "lastModified": "2025-04-21T14:15:26.003",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "baseScore": 3.3,
+ "baseSeverity": "LOW",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 1.4
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-693"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20563.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20563.json
index 2cbb50a7370..f290f33f975 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20563.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20563.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20563",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:19.337",
- "lastModified": "2024-11-21T06:43:03.603",
+ "lastModified": "2025-04-21T14:15:26.203",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-125"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20564.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20564.json
index 8109186bf6a..009b1c05dfb 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20564.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20564.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20564",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:19.387",
- "lastModified": "2024-11-21T06:43:03.730",
+ "lastModified": "2025-04-21T14:15:26.397",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20566.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20566.json
index d8dba2fe66a..62254a2ab7b 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20566.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20566.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20566",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:19.433",
- "lastModified": "2024-11-21T06:43:03.860",
+ "lastModified": "2025-04-21T14:15:26.647",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -53,6 +73,20 @@
"value": "CWE-667"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-667"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-205xx/CVE-2022-20567.json b/CVE-2022/CVE-2022-205xx/CVE-2022-20567.json
index fcacaf87a35..233e2039169 100644
--- a/CVE-2022/CVE-2022-205xx/CVE-2022-20567.json
+++ b/CVE-2022/CVE-2022-205xx/CVE-2022-20567.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-20567",
"sourceIdentifier": "security@android.com",
"published": "2022-12-16T16:15:19.477",
- "lastModified": "2024-11-21T06:43:03.977",
+ "lastModified": "2025-04-21T14:15:26.843",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.4,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-362"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-362"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-35xx/CVE-2022-3590.json b/CVE-2022/CVE-2022-35xx/CVE-2022-3590.json
index 311b57e5986..0752f628972 100644
--- a/CVE-2022/CVE-2022-35xx/CVE-2022-3590.json
+++ b/CVE-2022/CVE-2022-35xx/CVE-2022-3590.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-3590",
"sourceIdentifier": "contact@wpscan.com",
"published": "2022-12-14T09:15:09.260",
- "lastModified": "2024-11-21T07:19:49.923",
+ "lastModified": "2025-04-21T15:15:51.600",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 3.6
}
]
},
diff --git a/CVE-2022/CVE-2022-403xx/CVE-2022-40373.json b/CVE-2022/CVE-2022-403xx/CVE-2022-40373.json
index 1e762d80958..515aa6cfba1 100644
--- a/CVE-2022/CVE-2022-403xx/CVE-2022-40373.json
+++ b/CVE-2022/CVE-2022-403xx/CVE-2022-40373.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-40373",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-15T19:15:22.730",
- "lastModified": "2024-11-21T07:21:21.600",
+ "lastModified": "2025-04-21T15:15:51.773",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42845.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42845.json
index ea8da739b6e..fabdeba442f 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42845.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42845.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42845",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:24.197",
- "lastModified": "2024-11-21T07:25:27.743",
+ "lastModified": "2025-04-21T15:15:52.020",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42846.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42846.json
index ff5d6315a03..7f24fcef100 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42846.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42846.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42846",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:24.307",
- "lastModified": "2024-11-21T07:25:27.910",
+ "lastModified": "2025-04-21T15:15:52.260",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-119"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42847.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42847.json
index 0a713427356..7150d57f482 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42847.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42847.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42847",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:24.403",
- "lastModified": "2024-11-21T07:25:28.043",
+ "lastModified": "2025-04-21T15:15:52.423",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42848.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42848.json
index 322200b01bf..cd605871796 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42848.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42848.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42848",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:24.497",
- "lastModified": "2024-11-21T07:25:28.167",
+ "lastModified": "2025-04-21T15:15:52.580",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-693"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42849.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42849.json
index 811dab72d30..5af8306e6fb 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42849.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42849.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42849",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:24.583",
- "lastModified": "2024-11-21T07:25:28.307",
+ "lastModified": "2025-04-21T15:15:52.750",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-269"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42850.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42850.json
index ae023db4faf..06e3f9a4080 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42850.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42850.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42850",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:24.667",
- "lastModified": "2024-11-21T07:25:28.443",
+ "lastModified": "2025-04-21T15:15:52.920",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42851.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42851.json
index 8ce615f1985..db92c35e78a 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42851.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42851.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42851",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:24.743",
- "lastModified": "2024-11-21T07:25:28.577",
+ "lastModified": "2025-04-21T15:15:53.080",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42852.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42852.json
index 4bcd0117a4f..bc39f706df8 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42852.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42852.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42852",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:24.797",
- "lastModified": "2024-11-21T07:25:28.717",
+ "lastModified": "2025-04-21T15:15:53.250",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42853.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42853.json
index 03cc71f1880..e4aa84caba6 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42853.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42853.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42853",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:24.860",
- "lastModified": "2024-11-21T07:25:28.887",
+ "lastModified": "2025-04-21T15:15:53.440",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42854.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42854.json
index 2e404fa37bb..e654c7508b1 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42854.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42854.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42854",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:24.923",
- "lastModified": "2024-11-21T07:25:29.040",
+ "lastModified": "2025-04-21T15:15:53.603",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42859.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42859.json
index 574ad13265f..db173e98601 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42859.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42859.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42859",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:25.177",
- "lastModified": "2024-11-21T07:25:29.623",
+ "lastModified": "2025-04-21T15:15:53.767",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42865.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42865.json
index f02e984c22f..33c6fa56081 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42865.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42865.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42865",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:25.470",
- "lastModified": "2024-11-21T07:25:30.483",
+ "lastModified": "2025-04-21T15:15:53.933",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-284"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42866.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42866.json
index f9e6f57baf8..890814dbb56 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42866.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42866.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42866",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:25.523",
- "lastModified": "2024-11-21T07:25:30.630",
+ "lastModified": "2025-04-21T15:15:54.133",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42867.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42867.json
index 9a0d492cd87..fa5e220520c 100644
--- a/CVE-2022/CVE-2022-428xx/CVE-2022-42867.json
+++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42867.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-42867",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:25.573",
- "lastModified": "2024-11-21T07:25:30.783",
+ "lastModified": "2025-04-21T15:15:54.310",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-442xx/CVE-2022-44235.json b/CVE-2022/CVE-2022-442xx/CVE-2022-44235.json
index 474f9c23ab0..dab63cd7491 100644
--- a/CVE-2022/CVE-2022-442xx/CVE-2022-44235.json
+++ b/CVE-2022/CVE-2022-442xx/CVE-2022-44235.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-44235",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-15T19:15:25.723",
- "lastModified": "2024-11-21T07:27:46.150",
+ "lastModified": "2025-04-21T15:15:54.500",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-442xx/CVE-2022-44236.json b/CVE-2022/CVE-2022-442xx/CVE-2022-44236.json
index b84cd117aa0..dd763517168 100644
--- a/CVE-2022/CVE-2022-442xx/CVE-2022-44236.json
+++ b/CVE-2022/CVE-2022-442xx/CVE-2022-44236.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-44236",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-15T19:15:25.783",
- "lastModified": "2024-11-21T07:27:46.297",
+ "lastModified": "2025-04-21T15:15:54.690",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-521"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-521"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-450xx/CVE-2022-45033.json b/CVE-2022/CVE-2022-450xx/CVE-2022-45033.json
index e861a7ae06a..12920fd92e4 100644
--- a/CVE-2022/CVE-2022-450xx/CVE-2022-45033.json
+++ b/CVE-2022/CVE-2022-450xx/CVE-2022-45033.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-45033",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-15T19:15:25.943",
- "lastModified": "2024-11-21T07:28:38.847",
+ "lastModified": "2025-04-21T15:15:54.913",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45338.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45338.json
index ea66449db63..dd4ed1932f5 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45338.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45338.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-45338",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-15T23:15:10.407",
- "lastModified": "2024-11-21T07:29:04.150",
+ "lastModified": "2025-04-21T15:15:55.110",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-434"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-459xx/CVE-2022-45969.json b/CVE-2022/CVE-2022-459xx/CVE-2022-45969.json
index e7da0555567..1f867b69058 100644
--- a/CVE-2022/CVE-2022-459xx/CVE-2022-45969.json
+++ b/CVE-2022/CVE-2022-459xx/CVE-2022-45969.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-45969",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-15T23:15:10.457",
- "lastModified": "2024-11-21T07:30:01.773",
+ "lastModified": "2025-04-21T15:15:55.320",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-22"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-45xx/CVE-2022-4552.json b/CVE-2022/CVE-2022-45xx/CVE-2022-4552.json
index 877af4c11b7..2d01ea447ae 100644
--- a/CVE-2022/CVE-2022-45xx/CVE-2022-4552.json
+++ b/CVE-2022/CVE-2022-45xx/CVE-2022-4552.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-4552",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-30T21:15:11.017",
- "lastModified": "2025-03-27T20:15:17.350",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:25:12.320",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -60,6 +60,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ },
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
diff --git a/CVE-2022/CVE-2022-461xx/CVE-2022-46127.json b/CVE-2022/CVE-2022-461xx/CVE-2022-46127.json
index c88489183b2..f6d15549bf8 100644
--- a/CVE-2022/CVE-2022-461xx/CVE-2022-46127.json
+++ b/CVE-2022/CVE-2022-461xx/CVE-2022-46127.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46127",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-14T17:15:14.213",
- "lastModified": "2024-11-21T07:30:09.807",
+ "lastModified": "2025-04-21T15:15:55.683",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46392.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46392.json
index c54cc02065f..2c6435b374c 100644
--- a/CVE-2022/CVE-2022-463xx/CVE-2022-46392.json
+++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46392.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46392",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-15T23:15:10.513",
- "lastModified": "2024-11-21T07:30:30.423",
+ "lastModified": "2025-04-21T15:15:55.880",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-203"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-203"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46393.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46393.json
index ae085bbd88a..5b0c21c35f7 100644
--- a/CVE-2022/CVE-2022-463xx/CVE-2022-46393.json
+++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46393.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46393",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-15T23:15:10.570",
- "lastModified": "2024-11-21T07:30:30.580",
+ "lastModified": "2025-04-21T15:15:56.103",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
}
]
},
@@ -53,6 +73,20 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-466xx/CVE-2022-46690.json b/CVE-2022/CVE-2022-466xx/CVE-2022-46690.json
index 020e0eeb30f..2ce3d93b586 100644
--- a/CVE-2022/CVE-2022-466xx/CVE-2022-46690.json
+++ b/CVE-2022/CVE-2022-466xx/CVE-2022-46690.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46690",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:26.097",
- "lastModified": "2024-11-21T07:30:54.627",
+ "lastModified": "2025-04-21T14:15:33.530",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-466xx/CVE-2022-46691.json b/CVE-2022/CVE-2022-466xx/CVE-2022-46691.json
index 09e8537d75d..e0ed4e77a00 100644
--- a/CVE-2022/CVE-2022-466xx/CVE-2022-46691.json
+++ b/CVE-2022/CVE-2022-466xx/CVE-2022-46691.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46691",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:26.160",
- "lastModified": "2024-11-21T07:30:54.810",
+ "lastModified": "2025-04-21T15:15:56.303",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-466xx/CVE-2022-46692.json b/CVE-2022/CVE-2022-466xx/CVE-2022-46692.json
index 33bc138ea75..5aac792f6ef 100644
--- a/CVE-2022/CVE-2022-466xx/CVE-2022-46692.json
+++ b/CVE-2022/CVE-2022-466xx/CVE-2022-46692.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46692",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:26.223",
- "lastModified": "2024-11-21T07:30:54.987",
+ "lastModified": "2025-04-21T15:15:56.490",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-345"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-466xx/CVE-2022-46693.json b/CVE-2022/CVE-2022-466xx/CVE-2022-46693.json
index bb54d06a5fc..97c60675325 100644
--- a/CVE-2022/CVE-2022-466xx/CVE-2022-46693.json
+++ b/CVE-2022/CVE-2022-466xx/CVE-2022-46693.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46693",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:26.287",
- "lastModified": "2024-11-21T07:30:55.167",
+ "lastModified": "2025-04-21T15:15:56.680",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-466xx/CVE-2022-46694.json b/CVE-2022/CVE-2022-466xx/CVE-2022-46694.json
index e02dedb3edd..6862cd8e17d 100644
--- a/CVE-2022/CVE-2022-466xx/CVE-2022-46694.json
+++ b/CVE-2022/CVE-2022-466xx/CVE-2022-46694.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46694",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:26.347",
- "lastModified": "2024-11-21T07:30:55.317",
+ "lastModified": "2025-04-21T15:15:56.860",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-466xx/CVE-2022-46695.json b/CVE-2022/CVE-2022-466xx/CVE-2022-46695.json
index 45380186f18..2f6f9170d1f 100644
--- a/CVE-2022/CVE-2022-466xx/CVE-2022-46695.json
+++ b/CVE-2022/CVE-2022-466xx/CVE-2022-46695.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46695",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:26.407",
- "lastModified": "2024-11-21T07:30:55.473",
+ "lastModified": "2025-04-21T15:15:57.033",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-1021"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1021"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-466xx/CVE-2022-46696.json b/CVE-2022/CVE-2022-466xx/CVE-2022-46696.json
index 0d54b3772dd..405a1655f9a 100644
--- a/CVE-2022/CVE-2022-466xx/CVE-2022-46696.json
+++ b/CVE-2022/CVE-2022-466xx/CVE-2022-46696.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46696",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:26.467",
- "lastModified": "2024-11-21T07:30:55.627",
+ "lastModified": "2025-04-21T14:15:34.487",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-466xx/CVE-2022-46697.json b/CVE-2022/CVE-2022-466xx/CVE-2022-46697.json
index 43296bf8ee2..d8d5e92a7ac 100644
--- a/CVE-2022/CVE-2022-466xx/CVE-2022-46697.json
+++ b/CVE-2022/CVE-2022-466xx/CVE-2022-46697.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46697",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:26.523",
- "lastModified": "2024-11-21T07:30:55.790",
+ "lastModified": "2025-04-21T14:15:34.710",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-466xx/CVE-2022-46698.json b/CVE-2022/CVE-2022-466xx/CVE-2022-46698.json
index 0a12ea4a410..15e72423ca8 100644
--- a/CVE-2022/CVE-2022-466xx/CVE-2022-46698.json
+++ b/CVE-2022/CVE-2022-466xx/CVE-2022-46698.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46698",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:26.577",
- "lastModified": "2024-11-21T07:30:55.920",
+ "lastModified": "2025-04-21T14:15:34.900",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-693"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-466xx/CVE-2022-46699.json b/CVE-2022/CVE-2022-466xx/CVE-2022-46699.json
index 6252f4d3b67..96910bf99c6 100644
--- a/CVE-2022/CVE-2022-466xx/CVE-2022-46699.json
+++ b/CVE-2022/CVE-2022-466xx/CVE-2022-46699.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46699",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:26.640",
- "lastModified": "2024-11-21T07:30:56.070",
+ "lastModified": "2025-04-21T14:15:35.127",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46700.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46700.json
index 458bf0ee8ad..a429ba77195 100644
--- a/CVE-2022/CVE-2022-467xx/CVE-2022-46700.json
+++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46700.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46700",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:26.710",
- "lastModified": "2024-11-21T07:30:56.233",
+ "lastModified": "2025-04-21T14:15:35.350",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46702.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46702.json
index 58dafb00b65..82482da2530 100644
--- a/CVE-2022/CVE-2022-467xx/CVE-2022-46702.json
+++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46702.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46702",
"sourceIdentifier": "product-security@apple.com",
"published": "2022-12-15T19:15:26.830",
- "lastModified": "2024-11-21T07:30:56.543",
+ "lastModified": "2025-04-21T15:15:57.223",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
]
},
@@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47111.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47111.json
index 5e1701657d2..cf987f5f903 100644
--- a/CVE-2022/CVE-2022-471xx/CVE-2022-47111.json
+++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47111.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-47111",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-19T21:15:45.217",
- "lastModified": "2025-04-19T22:15:13.887",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47112.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47112.json
index 7155caf0049..b3c38784eb0 100644
--- a/CVE-2022/CVE-2022-471xx/CVE-2022-47112.json
+++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47112.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-47112",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-19T21:15:45.430",
- "lastModified": "2025-04-19T22:15:13.993",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4837.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4837.json
index deab08d8704..83dcf60315b 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4837.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4837.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-4837",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-30T21:15:12.907",
- "lastModified": "2025-03-27T20:15:19.003",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:27:31.757",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -60,6 +60,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0097.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0097.json
index 41ffda571ee..c692a84d558 100644
--- a/CVE-2023/CVE-2023-00xx/CVE-2023-0097.json
+++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0097.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0097",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-30T21:15:13.270",
- "lastModified": "2025-03-27T20:15:19.650",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:17:01.470",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -60,6 +60,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@@ -80,9 +90,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:shapedplugin:post_grid\\,_post_carousel\\,_\\&_list_category_posts:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:shapedplugin:smart_post_show:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.4.19",
- "matchCriteriaId": "50E509F5-3FB7-4DFC-8A84-CF4DAF802CC3"
+ "matchCriteriaId": "3A2FF29B-722E-4BF9-839F-80D85CBFF06E"
}
]
}
diff --git a/CVE-2023/CVE-2023-268xx/CVE-2023-26819.json b/CVE-2023/CVE-2023-268xx/CVE-2023-26819.json
index 7c77e188e06..4601c6c5679 100644
--- a/CVE-2023/CVE-2023-268xx/CVE-2023-26819.json
+++ b/CVE-2023/CVE-2023-268xx/CVE-2023-26819.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-26819",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-19T22:15:14.103",
- "lastModified": "2025-04-19T22:15:14.103",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30421.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30421.json
index 9bb1de06b19..1627ce0cb34 100644
--- a/CVE-2023/CVE-2023-304xx/CVE-2023-30421.json
+++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30421.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-30421",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-19T22:15:14.240",
- "lastModified": "2025-04-19T22:15:14.240",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43650.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43650.json
index 446552ddc18..2301bec2555 100644
--- a/CVE-2023/CVE-2023-436xx/CVE-2023-43650.json
+++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43650.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-43650",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-27T19:15:11.927",
- "lastModified": "2025-04-21T13:13:06.060",
+ "lastModified": "2025-04-21T14:32:27.930",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@@ -42,8 +42,8 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
- "baseScore": 8.1,
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
@@ -52,10 +52,10 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
- "availabilityImpact": "HIGH"
+ "availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
- "impactScore": 5.9
+ "impactScore": 5.2
}
]
},
diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0545.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0545.json
index 5d79a3ab9e1..fbf3f2e39ad 100644
--- a/CVE-2024/CVE-2024-05xx/CVE-2024-0545.json
+++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0545.json
@@ -2,13 +2,13 @@
"id": "CVE-2024-0545",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-15T06:15:08.363",
- "lastModified": "2024-11-21T08:46:50.363",
+ "lastModified": "2025-04-21T15:15:57.683",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250714 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
@@ -16,6 +16,50 @@
}
],
"metrics": {
+ "cvssMetricV40": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "4.0",
+ "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+ "baseScore": 6.9,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "attackRequirements": "NONE",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "vulnConfidentialityImpact": "NONE",
+ "vulnIntegrityImpact": "LOW",
+ "vulnAvailabilityImpact": "NONE",
+ "subConfidentialityImpact": "NONE",
+ "subIntegrityImpact": "NONE",
+ "subAvailabilityImpact": "NONE",
+ "exploitMaturity": "NOT_DEFINED",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "integrityRequirement": "NOT_DEFINED",
+ "availabilityRequirement": "NOT_DEFINED",
+ "modifiedAttackVector": "NOT_DEFINED",
+ "modifiedAttackComplexity": "NOT_DEFINED",
+ "modifiedAttackRequirements": "NOT_DEFINED",
+ "modifiedPrivilegesRequired": "NOT_DEFINED",
+ "modifiedUserInteraction": "NOT_DEFINED",
+ "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+ "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+ "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+ "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+ "modifiedSubIntegrityImpact": "NOT_DEFINED",
+ "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+ "Safety": "NOT_DEFINED",
+ "Automatable": "NOT_DEFINED",
+ "Recovery": "NOT_DEFINED",
+ "valueDensity": "NOT_DEFINED",
+ "vulnerabilityResponseEffort": "NOT_DEFINED",
+ "providerUrgency": "NOT_DEFINED"
+ }
+ }
+ ],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
@@ -87,7 +131,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
- "type": "Primary",
+ "type": "Secondary",
"description": [
{
"lang": "en",
@@ -129,6 +173,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://vuldb.com/?submit.266974",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://vuldb.com/?ctiid.250714",
"source": "af854a3a-2127-422b-91ae-364da2661108",
diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10702.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10702.json
index eaab4418033..ae8a3e7fcc9 100644
--- a/CVE-2024/CVE-2024-107xx/CVE-2024-10702.json
+++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10702.json
@@ -2,7 +2,7 @@
"id": "CVE-2024-10702",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-02T18:15:03.363",
- "lastModified": "2024-11-05T16:52:11.193",
+ "lastModified": "2025-04-21T14:06:48.113",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@@ -149,8 +149,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:fabinros:simple_car_rental_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "2AA148FF-0DFE-4194-B67D-37D10F6CE4F4"
+ "criteria": "cpe:2.3:a:fabianros:simple_car_rental_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D80D0581-09FD-4CE1-9327-CF580DF49354"
}
]
}
@@ -170,7 +170,8 @@
"source": "cna@vuldb.com",
"tags": [
"Exploit",
- "Third Party Advisory"
+ "Third Party Advisory",
+ "Issue Tracking"
]
},
{
diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12862.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12862.json
new file mode 100644
index 00000000000..02c10e7608b
--- /dev/null
+++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12862.json
@@ -0,0 +1,78 @@
+{
+ "id": "CVE-2024-12862",
+ "sourceIdentifier": "security@opentext.com",
+ "published": "2025-04-21T15:15:57.897",
+ "lastModified": "2025-04-21T15:15:57.897",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV40": [
+ {
+ "source": "security@opentext.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "4.0",
+ "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "attackRequirements": "PRESENT",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "vulnConfidentialityImpact": "LOW",
+ "vulnIntegrityImpact": "LOW",
+ "vulnAvailabilityImpact": "NONE",
+ "subConfidentialityImpact": "HIGH",
+ "subIntegrityImpact": "HIGH",
+ "subAvailabilityImpact": "HIGH",
+ "exploitMaturity": "NOT_DEFINED",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "integrityRequirement": "NOT_DEFINED",
+ "availabilityRequirement": "NOT_DEFINED",
+ "modifiedAttackVector": "NOT_DEFINED",
+ "modifiedAttackComplexity": "NOT_DEFINED",
+ "modifiedAttackRequirements": "NOT_DEFINED",
+ "modifiedPrivilegesRequired": "NOT_DEFINED",
+ "modifiedUserInteraction": "NOT_DEFINED",
+ "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+ "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+ "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+ "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+ "modifiedSubIntegrityImpact": "NOT_DEFINED",
+ "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+ "Safety": "NOT_DEFINED",
+ "Automatable": "NOT_DEFINED",
+ "Recovery": "NOT_DEFINED",
+ "valueDensity": "NOT_DEFINED",
+ "vulnerabilityResponseEffort": "NOT_DEFINED",
+ "providerUrgency": "NOT_DEFINED"
+ }
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@opentext.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-863"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839115",
+ "source": "security@opentext.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12863.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12863.json
new file mode 100644
index 00000000000..c2c9272cbdb
--- /dev/null
+++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12863.json
@@ -0,0 +1,78 @@
+{
+ "id": "CVE-2024-12863",
+ "sourceIdentifier": "security@opentext.com",
+ "published": "2025-04-21T15:15:58.070",
+ "lastModified": "2025-04-21T15:15:58.070",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV40": [
+ {
+ "source": "security@opentext.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "4.0",
+ "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+ "baseScore": 5.6,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "attackRequirements": "PRESENT",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "ACTIVE",
+ "vulnConfidentialityImpact": "LOW",
+ "vulnIntegrityImpact": "HIGH",
+ "vulnAvailabilityImpact": "NONE",
+ "subConfidentialityImpact": "NONE",
+ "subIntegrityImpact": "NONE",
+ "subAvailabilityImpact": "NONE",
+ "exploitMaturity": "NOT_DEFINED",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "integrityRequirement": "NOT_DEFINED",
+ "availabilityRequirement": "NOT_DEFINED",
+ "modifiedAttackVector": "NOT_DEFINED",
+ "modifiedAttackComplexity": "NOT_DEFINED",
+ "modifiedAttackRequirements": "NOT_DEFINED",
+ "modifiedPrivilegesRequired": "NOT_DEFINED",
+ "modifiedUserInteraction": "NOT_DEFINED",
+ "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+ "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+ "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+ "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+ "modifiedSubIntegrityImpact": "NOT_DEFINED",
+ "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+ "Safety": "NOT_DEFINED",
+ "Automatable": "NOT_DEFINED",
+ "Recovery": "NOT_DEFINED",
+ "valueDensity": "NOT_DEFINED",
+ "vulnerabilityResponseEffort": "NOT_DEFINED",
+ "providerUrgency": "NOT_DEFINED"
+ }
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@opentext.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839121",
+ "source": "security@opentext.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-136xx/CVE-2024-13650.json b/CVE-2024/CVE-2024-136xx/CVE-2024-13650.json
index f57f92e964c..7d9ba2d9d3c 100644
--- a/CVE-2024/CVE-2024-136xx/CVE-2024-13650.json
+++ b/CVE-2024/CVE-2024-136xx/CVE-2024-13650.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-13650",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-18T02:15:14.060",
- "lastModified": "2025-04-18T02:15:14.060",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2024/CVE-2024-139xx/CVE-2024-13926.json b/CVE-2024/CVE-2024-139xx/CVE-2024-13926.json
index 78e2f97cb31..81ae01f3239 100644
--- a/CVE-2024/CVE-2024-139xx/CVE-2024-13926.json
+++ b/CVE-2024/CVE-2024-139xx/CVE-2024-13926.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-13926",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-04-19T06:15:18.347",
- "lastModified": "2025-04-21T03:15:16.627",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2024/CVE-2024-296xx/CVE-2024-29643.json b/CVE-2024/CVE-2024-296xx/CVE-2024-29643.json
new file mode 100644
index 00000000000..05bf4b549d0
--- /dev/null
+++ b/CVE-2024/CVE-2024-296xx/CVE-2024-29643.json
@@ -0,0 +1,21 @@
+{
+ "id": "CVE-2024-29643",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-18T15:15:53.197",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://medium.com/@christbowel6/cve-2024-29643-host-header-injection-in-croogo-v3-0-2-0aded525f574",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-345xx/CVE-2024-34517.json b/CVE-2024/CVE-2024-345xx/CVE-2024-34517.json
index b0fdb842247..88f0b47de4a 100644
--- a/CVE-2024/CVE-2024-345xx/CVE-2024-34517.json
+++ b/CVE-2024/CVE-2024-345xx/CVE-2024-34517.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-34517",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-07T18:15:08.467",
- "lastModified": "2025-03-25T15:15:21.807",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:12:09.013",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -69,6 +69,16 @@
"value": "CWE-471"
}
]
+ },
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
}
],
"configurations": [
@@ -80,10 +90,10 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:neo4j:neo4j:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:neo4j:neo4j:*:*:*:*:*:community:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.19.0",
- "matchCriteriaId": "610248F3-6F08-458C-98D6-69DA91E2FF96"
+ "matchCriteriaId": "A1C892B1-0C3E-43BC-B402-5295C5FF13DB"
}
]
}
diff --git a/CVE-2024/CVE-2024-401xx/CVE-2024-40111.json b/CVE-2024/CVE-2024-401xx/CVE-2024-40111.json
index b53f3427b57..4047871daaa 100644
--- a/CVE-2024/CVE-2024-401xx/CVE-2024-40111.json
+++ b/CVE-2024/CVE-2024-401xx/CVE-2024-40111.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-40111",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T21:15:07.320",
- "lastModified": "2024-08-26T17:35:05.733",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:38:21.703",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,14 +51,38 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:automad:automad:2.0.0:alpha4:*:*:*:*:*:*",
+ "matchCriteriaId": "D79102BB-6E1E-4368-BEF7-7E2D0DE517BB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://drive.google.com/file/d/10BVQKYo2H1-Nx3FOGteL2xww4lbZ3xlS/view?usp=sharing",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit"
+ ]
},
{
"url": "https://github.com/w3bn00b3r/Stored-Cross-Site-Scripting-XSS---Automad-2.0.0-alpha.4/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "Exploit"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-414xx/CVE-2024-41446.json b/CVE-2024/CVE-2024-414xx/CVE-2024-41446.json
new file mode 100644
index 00000000000..ddbd2f9b5bc
--- /dev/null
+++ b/CVE-2024/CVE-2024-414xx/CVE-2024-41446.json
@@ -0,0 +1,68 @@
+{
+ "id": "CVE-2024-41446",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-21T14:15:35.610",
+ "lastModified": "2025-04-21T15:15:58.233",
+ "vulnStatus": "Awaiting Analysis",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://alkacon.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "http://opencms.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41446%20-%20Stored%20XSS%20in%20image%20copyright%20attribute.pdf",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41446%20-%20Stored%20XSS%20in%20image%20copyright%20attribute.pdf",
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-414xx/CVE-2024-41447.json b/CVE-2024/CVE-2024-414xx/CVE-2024-41447.json
index 931dbe1bd76..5ddc11b365f 100644
--- a/CVE-2024/CVE-2024-414xx/CVE-2024-41447.json
+++ b/CVE-2024/CVE-2024-414xx/CVE-2024-41447.json
@@ -2,13 +2,17 @@
"id": "CVE-2024-41447",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T17:15:33.183",
- "lastModified": "2025-04-18T20:15:15.760",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de Cross Site Scripting (XSS) almacenado en Alkacon OpenCMS v17.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro de autor bajo la funci\u00f3n Crear/Modificar art\u00edculo."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42178.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42178.json
index 9a86226bdae..b7774fef0ca 100644
--- a/CVE-2024/CVE-2024-421xx/CVE-2024-42178.json
+++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42178.json
@@ -2,13 +2,17 @@
"id": "CVE-2024-42178",
"sourceIdentifier": "psirt@hcl.com",
"published": "2025-04-17T22:15:14.817",
- "lastModified": "2025-04-17T22:15:14.817",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution."
+ },
+ {
+ "lang": "es",
+ "value": "HCL MyXalytics se ve afectado por una vulnerabilidad de acceso a URL fallida. Usuarios no autenticados podr\u00edan obtener acceso no autorizado a informaci\u00f3n potencialmente confidencial, lo que crea un riesgo de uso indebido, manipulaci\u00f3n o distribuci\u00f3n no autorizada."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-425xx/CVE-2024-42523.json b/CVE-2024/CVE-2024-425xx/CVE-2024-42523.json
index 4ea02c06b49..dba5a9a4836 100644
--- a/CVE-2024/CVE-2024-425xx/CVE-2024-42523.json
+++ b/CVE-2024/CVE-2024-425xx/CVE-2024-42523.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-42523",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T16:15:06.730",
- "lastModified": "2024-08-23T18:35:03.563",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:42:42.133",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,14 +51,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "4.0.202302.e",
+ "matchCriteriaId": "9228603F-9B22-49D5-94C1-244DF903180B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://gist.github.com/ilikeoyt/3dbbca2679c2551eaaeaea9c83acf1a1",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://gitee.com/sanluan/PublicCMS/issues/IADVDM",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Issue Tracking",
+ "Exploit"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-426xx/CVE-2024-42612.json b/CVE-2024/CVE-2024-426xx/CVE-2024-42612.json
index 1aec5a2b31e..b68beeb2349 100644
--- a/CVE-2024/CVE-2024-426xx/CVE-2024-42612.json
+++ b/CVE-2024/CVE-2024-426xx/CVE-2024-42612.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-42612",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T18:15:09.660",
- "lastModified": "2024-08-21T14:35:12.920",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:45:08.373",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,10 +51,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:pligg:pligg_cms:2.0.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6FB663C9-949A-4E2F-9DD2-4597F1CF55CC"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/jinwu1234567890/cms2/tree/main/5/readme.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-426xx/CVE-2024-42619.json b/CVE-2024/CVE-2024-426xx/CVE-2024-42619.json
index 4ca9073af43..7ac02701ed6 100644
--- a/CVE-2024/CVE-2024-426xx/CVE-2024-42619.json
+++ b/CVE-2024/CVE-2024-426xx/CVE-2024-42619.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-42619",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-20T19:15:11.430",
- "lastModified": "2024-08-21T12:30:33.697",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:44:46.397",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,10 +51,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:pligg:pligg_cms:2.0.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6FB663C9-949A-4E2F-9DD2-4597F1CF55CC"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/jinwu1234567890/cms2/tree/main/17/readme.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-426xx/CVE-2024-42699.json b/CVE-2024/CVE-2024-426xx/CVE-2024-42699.json
new file mode 100644
index 00000000000..d2daecf09a6
--- /dev/null
+++ b/CVE-2024/CVE-2024-426xx/CVE-2024-42699.json
@@ -0,0 +1,21 @@
+{
+ "id": "CVE-2024-42699",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-21T15:15:58.403",
+ "lastModified": "2025-04-21T15:15:58.403",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field"
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-42699%20-%20Stored%20XSS%20in%20image%20title.pdf",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-429xx/CVE-2024-42914.json b/CVE-2024/CVE-2024-429xx/CVE-2024-42914.json
index ba46ff4da92..cfaaff9c017 100644
--- a/CVE-2024/CVE-2024-429xx/CVE-2024-42914.json
+++ b/CVE-2024/CVE-2024-429xx/CVE-2024-42914.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-42914",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T19:15:07.010",
- "lastModified": "2024-08-26T17:35:10.510",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:40:46.860",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,14 +51,38 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:arrowjs:arrowcms:1.0.0:*:*:*:*:node.js:*:*",
+ "matchCriteriaId": "22863EC0-AC16-413E-BD61-952012CAA8B3"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/soursec/CVEs/tree/main/CVE-2024-42914",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://github.com/trquoccuong/ArrowCMS/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43005.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43005.json
index c278c79e823..afb1962d828 100644
--- a/CVE-2024/CVE-2024-430xx/CVE-2024-43005.json
+++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43005.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-43005",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-16T20:15:13.253",
- "lastModified": "2024-08-19T18:35:14.987",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:59:47.323",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,14 +51,37 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*",
+ "matchCriteriaId": "654D0493-9784-4B2B-BC05-69B4BB6F86F4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://zzcms.net",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43005%20ZZCMS2023%E5%8F%8D%E5%B0%84%E5%9E%8BXSS2.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43006.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43006.json
index 169a4d567f4..8b62ff105ef 100644
--- a/CVE-2024/CVE-2024-430xx/CVE-2024-43006.json
+++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43006.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-43006",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-16T20:15:13.333",
- "lastModified": "2024-08-19T18:35:15.920",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:59:34.717",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,14 +51,37 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*",
+ "matchCriteriaId": "654D0493-9784-4B2B-BC05-69B4BB6F86F4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://www.zzcms.net/about/download.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43006%20ZZCMS2023%E5%82%A8%E5%AD%98%E5%9E%8BXSS.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43009.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43009.json
index d0afc33680e..7318a27dc75 100644
--- a/CVE-2024/CVE-2024-430xx/CVE-2024-43009.json
+++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43009.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-43009",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-16T20:15:13.410",
- "lastModified": "2024-08-19T14:35:10.150",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:59:06.480",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,14 +51,38 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zzcms:zzcms:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023",
+ "matchCriteriaId": "8FD00C13-599B-4944-99F6-83C9F44DB42F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://www.zzcms.net/about/download.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43009%20ZZCMS2023%E5%8F%8D%E5%B0%84%E5%9E%8BXSS.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43011.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43011.json
index 1f1cc13ed15..0ff0c628ebd 100644
--- a/CVE-2024/CVE-2024-430xx/CVE-2024-43011.json
+++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43011.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-43011",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-16T20:15:13.497",
- "lastModified": "2024-08-19T14:35:10.893",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T14:57:21.247",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,14 +51,38 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zzcms:zzcms:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023",
+ "matchCriteriaId": "8FD00C13-599B-4944-99F6-83C9F44DB42F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "http://www.zzcms.net/about/download.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43011%20ZZCMS2023%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4%E6%BC%8F%E6%B4%9E.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Broken Link"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45440.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45440.json
index aa3bdef03b9..5df89ca29f2 100644
--- a/CVE-2024/CVE-2024-454xx/CVE-2024-45440.json
+++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45440.json
@@ -2,7 +2,7 @@
"id": "CVE-2024-45440",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2024-08-29T11:15:27.083",
- "lastModified": "2024-10-28T21:35:16.373",
+ "lastModified": "2025-04-21T15:15:58.527",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@@ -112,6 +112,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://www.exploit-db.com/exploits/52266",
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45651.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45651.json
index 6c5af099410..aaa2c3c216a 100644
--- a/CVE-2024/CVE-2024-456xx/CVE-2024-45651.json
+++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45651.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-45651",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-04-18T11:15:44.940",
- "lastModified": "2025-04-18T11:15:44.940",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2024/CVE-2024-460xx/CVE-2024-46089.json b/CVE-2024/CVE-2024-460xx/CVE-2024-46089.json
index bdde003d8bd..8a15fa3b67e 100644
--- a/CVE-2024/CVE-2024-460xx/CVE-2024-46089.json
+++ b/CVE-2024/CVE-2024-460xx/CVE-2024-46089.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-46089",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T13:15:57.320",
- "lastModified": "2025-04-18T14:15:20.490",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2024/CVE-2024-498xx/CVE-2024-49808.json b/CVE-2024/CVE-2024-498xx/CVE-2024-49808.json
index 5faa75d9f16..07b3800dd0c 100644
--- a/CVE-2024/CVE-2024-498xx/CVE-2024-49808.json
+++ b/CVE-2024/CVE-2024-498xx/CVE-2024-49808.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-49808",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-04-18T11:15:45.920",
- "lastModified": "2025-04-18T11:15:45.920",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2024/CVE-2024-507xx/CVE-2024-50713.json b/CVE-2024/CVE-2024-507xx/CVE-2024-50713.json
index 9bc991beee6..b3d3529da50 100644
--- a/CVE-2024/CVE-2024-507xx/CVE-2024-50713.json
+++ b/CVE-2024/CVE-2024-507xx/CVE-2024-50713.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-50713",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-27T21:15:07.837",
- "lastModified": "2024-12-31T19:15:46.967",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T15:20:56.023",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,14 +51,43 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:smarts-srl:smart_agent:1.1.0:*:*:*:pro:*:*:*",
+ "matchCriteriaId": "458687EA-E211-41CC-B73E-28BF5C6E9289"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:smarts-srl:smart_agent:1.1.0:*:*:*:qoe:*:*:*",
+ "matchCriteriaId": "B0DF4C52-E6CF-4D37-8454-62B7863B2DF1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://packetstorm.news/files/id/182449/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "Exploit"
+ ]
},
{
"url": "https://smarts-srl.com",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-507xx/CVE-2024-50715.json b/CVE-2024/CVE-2024-507xx/CVE-2024-50715.json
index cefa517e283..9a51208c8aa 100644
--- a/CVE-2024/CVE-2024-507xx/CVE-2024-50715.json
+++ b/CVE-2024/CVE-2024-507xx/CVE-2024-50715.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-50715",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-27T21:15:07.957",
- "lastModified": "2024-12-28T18:15:09.790",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T15:18:03.973",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,14 +51,43 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:smarts-srl:smart_agent:1.1.0:*:*:*:pro:*:*:*",
+ "matchCriteriaId": "458687EA-E211-41CC-B73E-28BF5C6E9289"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:smarts-srl:smart_agent:1.1.0:*:*:*:qoe:*:*:*",
+ "matchCriteriaId": "B0DF4C52-E6CF-4D37-8454-62B7863B2DF1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://packetstorm.news/files/id/182451/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "Exploit"
+ ]
},
{
"url": "https://smarts-srl.com",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-507xx/CVE-2024-50716.json b/CVE-2024/CVE-2024-507xx/CVE-2024-50716.json
index bdc7c2cab50..c9d82e950ea 100644
--- a/CVE-2024/CVE-2024-507xx/CVE-2024-50716.json
+++ b/CVE-2024/CVE-2024-507xx/CVE-2024-50716.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-50716",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-27T21:15:08.063",
- "lastModified": "2024-12-28T18:15:09.997",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T15:17:24.477",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,14 +51,43 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:smarts-srl:smart_agent:1.1.0:*:*:*:pro:*:*:*",
+ "matchCriteriaId": "458687EA-E211-41CC-B73E-28BF5C6E9289"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:smarts-srl:smart_agent:1.1.0:*:*:*:qoe:*:*:*",
+ "matchCriteriaId": "B0DF4C52-E6CF-4D37-8454-62B7863B2DF1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://packetstorm.news/files/id/182449/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "Exploit"
+ ]
},
{
"url": "https://smarts-srl.com",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-532xx/CVE-2024-53260.json b/CVE-2024/CVE-2024-532xx/CVE-2024-53260.json
index 8e60adf016f..314148fada2 100644
--- a/CVE-2024/CVE-2024-532xx/CVE-2024-53260.json
+++ b/CVE-2024/CVE-2024-532xx/CVE-2024-53260.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-53260",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-27T22:15:05.353",
- "lastModified": "2024-11-27T22:15:05.353",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T15:07:22.850",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
+ },
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 4.0
}
]
},
@@ -51,14 +71,38 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:autolabproject:autolab:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.0.2",
+ "matchCriteriaId": "BB361D34-3375-41C6-B7E4-A5E6CFAE7116"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/autolab/Autolab/commit/fe44b53815d37c63e751032205b692ccd5737620",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/autolab/Autolab/security/advisories/GHSA-cqxx-pfmh-h43g",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53591.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53591.json
index 7b72a3fbbe7..4d1ecc23924 100644
--- a/CVE-2024/CVE-2024-535xx/CVE-2024-53591.json
+++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53591.json
@@ -2,13 +2,17 @@
"id": "CVE-2024-53591",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T21:15:43.260",
- "lastModified": "2025-04-21T04:15:16.810",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en la p\u00e1gina de inicio de sesi\u00f3n de Seclore v3.27.5.0 permite a los atacantes eludir la autenticaci\u00f3n mediante un ataque de fuerza bruta."
}
],
"metrics": {
diff --git a/CVE-2024/CVE-2024-565xx/CVE-2024-56519.json b/CVE-2024/CVE-2024-565xx/CVE-2024-56519.json
index 1811099b5e5..e1fa91dfb70 100644
--- a/CVE-2024/CVE-2024-565xx/CVE-2024-56519.json
+++ b/CVE-2024/CVE-2024-565xx/CVE-2024-56519.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-56519",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-27T05:15:07.677",
- "lastModified": "2025-01-02T20:16:07.080",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T15:24:52.297",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -51,18 +51,45 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tcpdf_project:tcpdf:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.8.0",
+ "matchCriteriaId": "F63E1050-BC4A-4815-B891-AC4671D79E06"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://tcpdf.org",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-565xx/CVE-2024-56521.json b/CVE-2024/CVE-2024-565xx/CVE-2024-56521.json
index 425f90024c3..9e10b76d454 100644
--- a/CVE-2024/CVE-2024-565xx/CVE-2024-56521.json
+++ b/CVE-2024/CVE-2024-565xx/CVE-2024-56521.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-56521",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-27T05:15:07.977",
- "lastModified": "2025-03-24T18:15:21.113",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T15:25:11.430",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -49,20 +49,57 @@
"value": "CWE-295"
}
]
+ },
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-295"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tcpdf_project:tcpdf:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.8.0",
+ "matchCriteriaId": "F63E1050-BC4A-4815-B891-AC4671D79E06"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://tcpdf.org",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-574xx/CVE-2024-57493.json b/CVE-2024/CVE-2024-574xx/CVE-2024-57493.json
index 4c1d6492d63..05f8eef1b53 100644
--- a/CVE-2024/CVE-2024-574xx/CVE-2024-57493.json
+++ b/CVE-2024/CVE-2024-574xx/CVE-2024-57493.json
@@ -2,13 +2,17 @@
"id": "CVE-2024-57493",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T20:15:15.913",
- "lastModified": "2025-04-18T20:15:15.913",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en redoxOS relibc antes de el commit 98aa4ea5 permite que un atacante local provoque una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n setsockopt."
}
],
"metrics": {},
diff --git a/CVE-2024/CVE-2024-82xx/CVE-2024-8236.json b/CVE-2024/CVE-2024-82xx/CVE-2024-8236.json
index fa683077350..59f8fc754ad 100644
--- a/CVE-2024/CVE-2024-82xx/CVE-2024-8236.json
+++ b/CVE-2024/CVE-2024-82xx/CVE-2024-8236.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-8236",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-26T14:15:22.217",
- "lastModified": "2024-11-26T14:15:22.217",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2025-04-21T15:04:21.493",
+ "vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "security@wordfence.com",
- "type": "Primary",
+ "type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
+ },
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
}
]
},
@@ -51,18 +71,45 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:elementor:website_builder:*:*:*:*:free:wordpress:*:*",
+ "versionEndIncluding": "3.25.7",
+ "matchCriteriaId": "78A67E11-95E8-43D6-8C87-8CB959F4B949"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/elementor/tags/3.23.4/includes/widgets/icon.php#L489",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3192020/",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1305be5-8267-475f-b962-62e3930116e1?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-04xx/CVE-2025-0467.json b/CVE-2025/CVE-2025-04xx/CVE-2025-0467.json
index f4c78ddab7b..59766f679b7 100644
--- a/CVE-2025/CVE-2025-04xx/CVE-2025-0467.json
+++ b/CVE-2025/CVE-2025-04xx/CVE-2025-0467.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-0467",
"sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"published": "2025-04-18T01:15:32.130",
- "lastModified": "2025-04-18T01:15:32.130",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@@ -11,7 +11,30 @@
"value": "Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.8
+ }
+ ]
+ },
"weaknesses": [
{
"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
diff --git a/CVE-2025/CVE-2025-06xx/CVE-2025-0632.json b/CVE-2025/CVE-2025-06xx/CVE-2025-0632.json
index c5b5f3c0541..b7baf129093 100644
--- a/CVE-2025/CVE-2025-06xx/CVE-2025-0632.json
+++ b/CVE-2025/CVE-2025-06xx/CVE-2025-0632.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-0632",
"sourceIdentifier": "9c1820ae-fb77-4810-a8aa-ca46e7474d2f",
"published": "2025-04-21T06:15:44.043",
- "lastModified": "2025-04-21T06:15:44.043",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-10xx/CVE-2025-1093.json b/CVE-2025/CVE-2025-10xx/CVE-2025-1093.json
index 9c0fc39f4d2..11889f3a1de 100644
--- a/CVE-2025/CVE-2025-10xx/CVE-2025-1093.json
+++ b/CVE-2025/CVE-2025-10xx/CVE-2025-1093.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-1093",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-19T04:15:21.733",
- "lastModified": "2025-04-19T04:15:21.733",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-14xx/CVE-2025-1457.json b/CVE-2025/CVE-2025-14xx/CVE-2025-1457.json
index af07add3467..78c81f74702 100644
--- a/CVE-2025/CVE-2025-14xx/CVE-2025-1457.json
+++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1457.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-1457",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-19T04:15:22.357",
- "lastModified": "2025-04-19T04:15:22.357",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-16xx/CVE-2025-1697.json b/CVE-2025/CVE-2025-16xx/CVE-2025-1697.json
index 42cf7a043d4..37a895ba961 100644
--- a/CVE-2025/CVE-2025-16xx/CVE-2025-1697.json
+++ b/CVE-2025/CVE-2025-16xx/CVE-2025-1697.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-1697",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2025-04-18T18:15:43.087",
- "lastModified": "2025-04-18T18:15:43.087",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in the HP Touchpoint Analytics Service for certain HP PC products with versions prior to 4.2.2439. This vulnerability could potentially allow a local attacker to escalate privileges. HP is providing software updates to mitigate this potential vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Se ha identificado una posible vulnerabilidad de seguridad en HP Touchpoint Analytics Service para ciertos productos de PC HP con versiones anteriores a la 4.2.2439. Esta vulnerabilidad podr\u00eda permitir que un atacante local aumente los privilegios. HP est\u00e1 proporcionando actualizaciones de software para mitigar esta posible vulnerabilidad."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1863.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1863.json
index 7f97a22a825..b9af3773b88 100644
--- a/CVE-2025/CVE-2025-18xx/CVE-2025-1863.json
+++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1863.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-1863",
"sourceIdentifier": "7168b535-132a-4efe-a076-338f829b2eb9",
"published": "2025-04-18T06:15:42.357",
- "lastModified": "2025-04-18T06:15:42.357",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-20xx/CVE-2025-2010.json b/CVE-2025/CVE-2025-20xx/CVE-2025-2010.json
index 3a5ae9ecf45..ffe37492cc5 100644
--- a/CVE-2025/CVE-2025-20xx/CVE-2025-2010.json
+++ b/CVE-2025/CVE-2025-20xx/CVE-2025-2010.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-2010",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-19T03:15:13.563",
- "lastModified": "2025-04-19T03:15:13.563",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-219xx/CVE-2025-21915.json b/CVE-2025/CVE-2025-219xx/CVE-2025-21915.json
index d53074cca4d..2ce826516bd 100644
--- a/CVE-2025/CVE-2025-219xx/CVE-2025-21915.json
+++ b/CVE-2025/CVE-2025-219xx/CVE-2025-21915.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-21915",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-01T16:15:22.117",
- "lastModified": "2025-04-15T17:05:55.850",
- "vulnStatus": "Analyzed",
+ "lastModified": "2025-04-21T15:15:58.710",
+ "vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
]
},
@@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
+ },
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2111.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2111.json
index 12d0f268390..6c184fdadcf 100644
--- a/CVE-2025/CVE-2025-21xx/CVE-2025-2111.json
+++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2111.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-2111",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-19T06:15:19.657",
- "lastModified": "2025-04-19T06:15:19.657",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2162.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2162.json
index b985f29bed8..092d177daf7 100644
--- a/CVE-2025/CVE-2025-21xx/CVE-2025-2162.json
+++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2162.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-2162",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-04-18T06:15:43.593",
- "lastModified": "2025-04-18T12:15:15.360",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-220xx/CVE-2025-22035.json b/CVE-2025/CVE-2025-220xx/CVE-2025-22035.json
index a107897b144..dc868d32f0d 100644
--- a/CVE-2025/CVE-2025-220xx/CVE-2025-22035.json
+++ b/CVE-2025/CVE-2025-220xx/CVE-2025-22035.json
@@ -2,16 +2,55 @@
"id": "CVE-2025-22035",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:56.110",
- "lastModified": "2025-04-17T20:22:16.240",
+ "lastModified": "2025-04-21T15:15:58.903",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix use-after-free in print_graph_function_flags during tracer switching\n\nKairui reported a UAF issue in print_graph_function_flags() during\nftrace stress testing [1]. This issue can be reproduced if puting a\n'mdelay(10)' after 'mutex_unlock(&trace_types_lock)' in s_start(),\nand executing the following script:\n\n $ echo function_graph > current_tracer\n $ cat trace > /dev/null &\n $ sleep 5 # Ensure the 'cat' reaches the 'mdelay(10)' point\n $ echo timerlat > current_tracer\n\nThe root cause lies in the two calls to print_graph_function_flags\nwithin print_trace_line during each s_show():\n\n * One through 'iter->trace->print_line()';\n * Another through 'event->funcs->trace()', which is hidden in\n print_trace_fmt() before print_trace_line returns.\n\nTracer switching only updates the former, while the latter continues\nto use the print_line function of the old tracer, which in the script\nabove is print_graph_function_flags.\n\nMoreover, when switching from the 'function_graph' tracer to the\n'timerlat' tracer, s_start only calls graph_trace_close of the\n'function_graph' tracer to free 'iter->private', but does not set\nit to NULL. This provides an opportunity for 'event->funcs->trace()'\nto use an invalid 'iter->private'.\n\nTo fix this issue, set 'iter->private' to NULL immediately after\nfreeing it in graph_trace_close(), ensuring that an invalid pointer\nis not passed to other tracers. Additionally, clean up the unnecessary\n'iter->private = NULL' during each 'cat trace' when using wakeup and\nirqsoff tracers.\n\n [1] https://lore.kernel.org/all/20231112150030.84609-1-ryncsn@gmail.com/"
+ },
+ {
+ "lang": "es",
+ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing: Fix use-after-free en print_graph_function_flags durante el cambio de tracer Kairui inform\u00f3 de un problema de UAF en print_graph_function_flags() durante las pruebas de estr\u00e9s de ftrace [1]. Este problema se puede reproducir si se pone un 'mdelay(10)' despu\u00e9s de 'mutex_unlock(&trace_types_lock)' en s_start() y se ejecuta el siguiente script: $ echo function_graph > current_tracer $ cat trace > /dev/null & $ sleep 5 # Asegurarse de que 'cat' alcance el punto 'mdelay(10)' $ echo timerlat > current_tracer La causa ra\u00edz se encuentra en las dos llamadas a print_graph_function_flags dentro de print_trace_line durante cada s_show(): * Una a trav\u00e9s de 'iter->trace->print_line()'; * Otra funci\u00f3n mediante 'event->funcs->trace()', que est\u00e1 oculta en print_trace_fmt() antes del retorno de print_trace_line. Al cambiar de trazador, solo se actualiza el primero, mientras que el segundo contin\u00faa usando la funci\u00f3n print_line del trazador anterior, que en el script anterior es print_graph_function_flags. Adem\u00e1s, al cambiar del trazador 'function_graph' al trazador 'timerlat', s_start solo llama a graph_trace_close del trazador 'function_graph' para liberar 'iter->private', pero no lo establece en NULL. Esto permite que 'event->funcs->trace()' use un 'iter->private' no v\u00e1lido. Para solucionar este problema, establezca 'iter->private' en NULL inmediatamente despu\u00e9s de liberarlo en graph_trace_close(), lo que garantiza que no se pase un puntero no v\u00e1lido a otros trazadores. Adem\u00e1s, limpie el 'iter->private = NULL' innecesario durante cada 'cat trace' al usar los trazadores wakeup e irqsoff. [1] https://lore.kernel.org/all/20231112150030.84609-1-ryncsn@gmail.com/"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/099ef3385800828b74933a96c117574637c3fb3a",
diff --git a/CVE-2025/CVE-2025-220xx/CVE-2025-22040.json b/CVE-2025/CVE-2025-220xx/CVE-2025-22040.json
index 13051b9fde6..9de31f31029 100644
--- a/CVE-2025/CVE-2025-220xx/CVE-2025-22040.json
+++ b/CVE-2025/CVE-2025-220xx/CVE-2025-22040.json
@@ -2,16 +2,55 @@
"id": "CVE-2025-22040",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:56.590",
- "lastModified": "2025-04-17T20:22:16.240",
+ "lastModified": "2025-04-21T15:15:59.080",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix session use-after-free in multichannel connection\n\nThere is a race condition between session setup and\nksmbd_sessions_deregister. The session can be freed before the connection\nis added to channel list of session.\nThis patch check reference count of session before freeing it."
+ },
+ {
+ "lang": "es",
+ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: corregir sesi\u00f3n use-after-free en conexi\u00f3n multicanal. Existe una condici\u00f3n de ejecuci\u00f3n entre la configuraci\u00f3n de la sesi\u00f3n y ksmbd_sessions_deregister. La sesi\u00f3n puede liberarse antes de que la conexi\u00f3n se a\u00f1ada a la lista de canales de la sesi\u00f3n. Este parche comprueba el n\u00famero de referencias de la sesi\u00f3n antes de liberarla."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3980770cb1470054e6400fd97668665975726737",
diff --git a/CVE-2025/CVE-2025-220xx/CVE-2025-22041.json b/CVE-2025/CVE-2025-220xx/CVE-2025-22041.json
index 8f514709df0..f3b3c5043ab 100644
--- a/CVE-2025/CVE-2025-220xx/CVE-2025-22041.json
+++ b/CVE-2025/CVE-2025-220xx/CVE-2025-22041.json
@@ -2,16 +2,55 @@
"id": "CVE-2025-22041",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:15:56.693",
- "lastModified": "2025-04-17T20:22:16.240",
+ "lastModified": "2025-04-21T15:15:59.233",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free in ksmbd_sessions_deregister()\n\nIn multichannel mode, UAF issue can occur in session_deregister\nwhen the second channel sets up a session through the connection of\nthe first channel. session that is freed through the global session\ntable can be accessed again through ->sessions of connection."
+ },
+ {
+ "lang": "es",
+ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: correcci\u00f3n de use-after-free en ksmbd_sessions_deregister() En el modo multicanal, el problema de UAF puede ocurrir en session_deregister cuando el segundo canal configura una sesi\u00f3n a trav\u00e9s de la conexi\u00f3n del primer canal. A la sesi\u00f3n que se libera a trav\u00e9s de la tabla de sesiones global se puede acceder nuevamente a trav\u00e9s de ->sessions de la conexi\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/15a9605f8d69dc85005b1a00c31a050b8625e1aa",
diff --git a/CVE-2025/CVE-2025-220xx/CVE-2025-22085.json b/CVE-2025/CVE-2025-220xx/CVE-2025-22085.json
index 65a69cdc1c3..cb5708c3871 100644
--- a/CVE-2025/CVE-2025-220xx/CVE-2025-22085.json
+++ b/CVE-2025/CVE-2025-220xx/CVE-2025-22085.json
@@ -2,16 +2,55 @@
"id": "CVE-2025-22085",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:16:02.700",
- "lastModified": "2025-04-17T20:22:16.240",
+ "lastModified": "2025-04-21T15:15:59.380",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix use-after-free when rename device name\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in nla_put+0xd3/0x150 lib/nlattr.c:1099\nRead of size 5 at addr ffff888140ea1c60 by task syz.0.988/10025\n\nCPU: 0 UID: 0 PID: 10025 Comm: syz.0.988\nNot tainted 6.14.0-rc4-syzkaller-00859-gf77f12010f67 #0\nHardware name: Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n \n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0x16e/0x5b0 mm/kasan/report.c:521\n kasan_report+0x143/0x180 mm/kasan/report.c:634\n kasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105\n nla_put+0xd3/0x150 lib/nlattr.c:1099\n nla_put_string include/net/netlink.h:1621 [inline]\n fill_nldev_handle+0x16e/0x200 drivers/infiniband/core/nldev.c:265\n rdma_nl_notify_event+0x561/0xef0 drivers/infiniband/core/nldev.c:2857\n ib_device_notify_register+0x22/0x230 drivers/infiniband/core/device.c:1344\n ib_register_device+0x1292/0x1460 drivers/infiniband/core/device.c:1460\n rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540\n rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212\n nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795\n rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]\n rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1883\n sock_sendmsg_nosec net/socket.c:709 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:724\n ____sys_sendmsg+0x53a/0x860 net/socket.c:2564\n ___sys_sendmsg net/socket.c:2618 [inline]\n __sys_sendmsg+0x269/0x350 net/socket.c:2650\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f42d1b8d169\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 ...\nRSP: 002b:00007f42d2960038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f42d1da6320 RCX: 00007f42d1b8d169\nRDX: 0000000000000000 RSI: 00004000000002c0 RDI: 000000000000000c\nRBP: 00007f42d1c0e2a0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f42d1da6320 R15: 00007ffe399344a8\n \n\nAllocated by task 10025:\n kasan_save_stack mm/kasan/common.c:47 [inline]\n kasan_save_track+0x3f/0x80 mm/kasan/common.c:68\n poison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394\n kasan_kmalloc include/linux/kasan.h:260 [inline]\n __do_kmalloc_node mm/slub.c:4294 [inline]\n __kmalloc_node_track_caller_noprof+0x28b/0x4c0 mm/slub.c:4313\n __kmemdup_nul mm/util.c:61 [inline]\n kstrdup+0x42/0x100 mm/util.c:81\n kobject_set_name_vargs+0x61/0x120 lib/kobject.c:274\n dev_set_name+0xd5/0x120 drivers/base/core.c:3468\n assign_name drivers/infiniband/core/device.c:1202 [inline]\n ib_register_device+0x178/0x1460 drivers/infiniband/core/device.c:1384\n rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540\n rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212\n nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795\n rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]\n rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8de/0xcb0 net\n---truncated---"
+ },
+ {
+ "lang": "es",
+ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/core: Se corrige el use-after-free al cambiar el nombre del dispositivo Syzbot inform\u00f3 un slab-use-after-free con el siguiente seguimiento de llamada: ======================================================================= ERROR: KASAN: slab-use-after-free in nla_put+0xd3/0x150 lib/nlattr.c:1099 Read of size 5 at addr ffff888140ea1c60 by task syz.0.988/10025 CPU: 0 UID: 0 PID: 10025 Comm: syz.0.988 Not tainted 6.14.0-rc4-syzkaller-00859-gf77f12010f67 #0 Hardware name: Google Compute Engine, BIOS Google 02/12/2025 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0x16e/0x5b0 mm/kasan/report.c:521 kasan_report+0x143/0x180 mm/kasan/report.c:634 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105 nla_put+0xd3/0x150 lib/nlattr.c:1099 nla_put_string include/net/netlink.h:1621 [inline] fill_nldev_handle+0x16e/0x200 drivers/infiniband/core/nldev.c:265 rdma_nl_notify_event+0x561/0xef0 drivers/infiniband/core/nldev.c:2857 ib_device_notify_register+0x22/0x230 drivers/infiniband/core/device.c:1344 ib_register_device+0x1292/0x1460 drivers/infiniband/core/device.c:1460 rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540 rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212 nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:709 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:724 ____sys_sendmsg+0x53a/0x860 net/socket.c:2564 ___sys_sendmsg net/socket.c:2618 [inline] __sys_sendmsg+0x269/0x350 net/socket.c:2650 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f42d1b8d169 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 ... RSP: 002b:00007f42d2960038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f42d1da6320 RCX: 00007f42d1b8d169 RDX: 0000000000000000 RSI: 00004000000002c0 RDI: 000000000000000c RBP: 00007f42d1c0e2a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f42d1da6320 R15: 00007ffe399344a8 Allocated by task 10025: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4294 [inline] __kmalloc_node_track_caller_noprof+0x28b/0x4c0 mm/slub.c:4313 __kmemdup_nul mm/util.c:61 [inline] kstrdup+0x42/0x100 mm/util.c:81 kobject_set_name_vargs+0x61/0x120 lib/kobject.c:274 dev_set_name+0xd5/0x120 drivers/base/core.c:3468 assign_name drivers/infiniband/core/device.c:1202 [inline] ib_register_device+0x178/0x1460 drivers/infiniband/core/device.c:1384 rxe_register_device+0x233/0x350 drivers/infiniband/sw/rxe/rxe_verbs.c:1540 rxe_net_add+0x74/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:550 rxe_newlink+0xde/0x1a0 drivers/infiniband/sw/rxe/rxe.c:212 nldev_newlink+0x5ea/0x680 drivers/infiniband/core/nldev.c:1795 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x6dd/0x9e0 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8de/0xcb0 net ---truncado---"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d6460b9d2a3ee380940bdf47680751ef91cb88e",
diff --git a/CVE-2025/CVE-2025-220xx/CVE-2025-22088.json b/CVE-2025/CVE-2025-220xx/CVE-2025-22088.json
index 540f4dc8f2f..792acfc6eeb 100644
--- a/CVE-2025/CVE-2025-220xx/CVE-2025-22088.json
+++ b/CVE-2025/CVE-2025-220xx/CVE-2025-22088.json
@@ -2,16 +2,55 @@
"id": "CVE-2025-22088",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-04-16T15:16:03.000",
- "lastModified": "2025-04-17T20:22:16.240",
+ "lastModified": "2025-04-21T15:15:59.540",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/erdma: Prevent use-after-free in erdma_accept_newconn()\n\nAfter the erdma_cep_put(new_cep) being called, new_cep will be freed,\nand the following dereference will cause a UAF problem. Fix this issue."
+ },
+ {
+ "lang": "es",
+ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/erdma: Impide el use-after-free en erdma_accept_newconn(). Tras llamar a erdma_cep_put(new_cep), new_cep se libera y la desreferencia posterior causa un problema de UAF. Solucione este problema."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/667a628ab67d359166799fad89b3c6909599558a",
diff --git a/CVE-2025/CVE-2025-22xx/CVE-2025-2298.json b/CVE-2025/CVE-2025-22xx/CVE-2025-2298.json
new file mode 100644
index 00000000000..cffe2f0a991
--- /dev/null
+++ b/CVE-2025/CVE-2025-22xx/CVE-2025-2298.json
@@ -0,0 +1,78 @@
+{
+ "id": "CVE-2025-2298",
+ "sourceIdentifier": "05b98450-cf83-4905-9546-e47a66a8fec2",
+ "published": "2025-04-21T15:16:00.487",
+ "lastModified": "2025-04-21T15:16:00.487",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability exists due to insufficient access controls on an API endpoint, enabling any authenticated user to specify and delete files outside their intended scope. Exploiting this flaw could lead to data loss, denial of service (DoS), and potential escalation of impact depending on the deleted files.\n\nAffected versions:\n * Any version of Dremio below 24.0.0\n\n\n * Dremio 24.3.0 - 24.3.16\n\n\n * Dremio 25.0.0 - 25.0.14\n\n\n * Dremio 25.1.0 - 25.1.7\n\n\n * Dremio 25.2.0 - 25.2.4\n\n\n\n\n\nFixed in version:\u00a0\n * Dremio 24.3.17 and above\n\n\n * Dremio 25.0.15 and above\n\n\n * Dremio 25.1.8 and above\n\n\n * Dremio 25.2.5 and above\n\n\n * Dremio 26.0.0 and above"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV40": [
+ {
+ "source": "05b98450-cf83-4905-9546-e47a66a8fec2",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "4.0",
+ "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "attackRequirements": "NONE",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "vulnConfidentialityImpact": "NONE",
+ "vulnIntegrityImpact": "HIGH",
+ "vulnAvailabilityImpact": "HIGH",
+ "subConfidentialityImpact": "NONE",
+ "subIntegrityImpact": "LOW",
+ "subAvailabilityImpact": "HIGH",
+ "exploitMaturity": "NOT_DEFINED",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "integrityRequirement": "NOT_DEFINED",
+ "availabilityRequirement": "NOT_DEFINED",
+ "modifiedAttackVector": "NOT_DEFINED",
+ "modifiedAttackComplexity": "NOT_DEFINED",
+ "modifiedAttackRequirements": "NOT_DEFINED",
+ "modifiedPrivilegesRequired": "NOT_DEFINED",
+ "modifiedUserInteraction": "NOT_DEFINED",
+ "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+ "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+ "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+ "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+ "modifiedSubIntegrityImpact": "NOT_DEFINED",
+ "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+ "Safety": "NOT_DEFINED",
+ "Automatable": "NOT_DEFINED",
+ "Recovery": "NOT_DEFINED",
+ "valueDensity": "NOT_DEFINED",
+ "vulnerabilityResponseEffort": "NOT_DEFINED",
+ "providerUrgency": "NOT_DEFINED"
+ }
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "05b98450-cf83-4905-9546-e47a66a8fec2",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://docs.dremio.com/current/reference/bulletins/2025-04-21-01/",
+ "source": "05b98450-cf83-4905-9546-e47a66a8fec2"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-249xx/CVE-2025-24914.json b/CVE-2025/CVE-2025-249xx/CVE-2025-24914.json
index d1ac07108aa..b5295e2fd10 100644
--- a/CVE-2025/CVE-2025-249xx/CVE-2025-24914.json
+++ b/CVE-2025/CVE-2025-249xx/CVE-2025-24914.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-24914",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2025-04-18T19:15:45.510",
- "lastModified": "2025-04-18T19:15:45.510",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914"
+ },
+ {
+ "lang": "es",
+ "value": "Al instalar Nessus en una ubicaci\u00f3n no predeterminada en un host Windows, las versiones de Nessus anteriores a la 10.8.4 no aplicaban permisos seguros a los subdirectorios. Esto pod\u00eda permitir la escalada de privilegios locales si los usuarios no hab\u00edan protegido los directorios en la ubicaci\u00f3n de instalaci\u00f3n no predeterminada. - CVE-2025-24914"
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-24xx/CVE-2025-2492.json b/CVE-2025/CVE-2025-24xx/CVE-2025-2492.json
index a31851b6070..3375415bc28 100644
--- a/CVE-2025/CVE-2025-24xx/CVE-2025-2492.json
+++ b/CVE-2025/CVE-2025-24xx/CVE-2025-2492.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-2492",
"sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"published": "2025-04-18T09:15:13.823",
- "lastModified": "2025-04-18T09:15:13.823",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25228.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25228.json
index d9c8a554c3c..d932c5b8390 100644
--- a/CVE-2025/CVE-2025-252xx/CVE-2025-25228.json
+++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25228.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-25228",
"sourceIdentifier": "security@joomla.org",
"published": "2025-04-21T08:15:29.603",
- "lastModified": "2025-04-21T08:15:29.603",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-254xx/CVE-2025-25427.json b/CVE-2025/CVE-2025-254xx/CVE-2025-25427.json
index b60bda5988f..581bb62e4bd 100644
--- a/CVE-2025/CVE-2025-254xx/CVE-2025-25427.json
+++ b/CVE-2025/CVE-2025-254xx/CVE-2025-25427.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-25427",
"sourceIdentifier": "f23511db-6c3e-4e32-a477-6aa17d310630",
"published": "2025-04-18T01:15:32.427",
- "lastModified": "2025-04-19T01:15:44.747",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en la p\u00e1gina upnp.htm de la interfaz web de TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n permite a atacantes remotos inyectar c\u00f3digo JavaScript arbitrario mediante la descripci\u00f3n de la asignaci\u00f3n de puertos. Esto provoca la ejecuci\u00f3n del payload de JavaScript al cargar la p\u00e1gina upnp."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25983.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25983.json
index 49e7b022bd6..4e44836f0e3 100644
--- a/CVE-2025/CVE-2025-259xx/CVE-2025-25983.json
+++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25983.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-25983",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T20:15:16.137",
- "lastModified": "2025-04-18T21:15:43.373",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64, permite a un atacante obtener informaci\u00f3n confidencial a trav\u00e9s del componente de uso compartido basado en c\u00f3digo QE."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25984.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25984.json
index 6dcfcb34ad5..a6ab847fcca 100644
--- a/CVE-2025/CVE-2025-259xx/CVE-2025-25984.json
+++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25984.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-25984",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T20:15:16.240",
- "lastModified": "2025-04-18T21:15:43.540",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 permite que un atacante f\u00edsicamente pr\u00f3ximo ejecute c\u00f3digo arbitrario a trav\u00e9s del componente UART."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-259xx/CVE-2025-25985.json b/CVE-2025/CVE-2025-259xx/CVE-2025-25985.json
index 216e6bc9317..f611b1eb4b5 100644
--- a/CVE-2025/CVE-2025-259xx/CVE-2025-25985.json
+++ b/CVE-2025/CVE-2025-259xx/CVE-2025-25985.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-25985",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T20:15:16.347",
- "lastModified": "2025-04-18T21:15:43.687",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 permite que un atacante f\u00edsicamente pr\u00f3ximo ejecute c\u00f3digo arbitrario a trav\u00e9s de los componentes /mnt/mtd/mvconf/wifi.ini y /mnt/mtd/mvconf/user_info.ini."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2517.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2517.json
new file mode 100644
index 00000000000..c45997556e1
--- /dev/null
+++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2517.json
@@ -0,0 +1,78 @@
+{
+ "id": "CVE-2025-2517",
+ "sourceIdentifier": "security@opentext.com",
+ "published": "2025-04-21T15:16:00.640",
+ "lastModified": "2025-04-21T15:16:00.640",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Reference to Expired Domain Vulnerability in OpenText\u2122 ArcSight Enterprise Security Manager."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV40": [
+ {
+ "source": "security@opentext.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "4.0",
+ "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+ "baseScore": 2.3,
+ "baseSeverity": "LOW",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "attackRequirements": "PRESENT",
+ "privilegesRequired": "NONE",
+ "userInteraction": "PASSIVE",
+ "vulnConfidentialityImpact": "LOW",
+ "vulnIntegrityImpact": "LOW",
+ "vulnAvailabilityImpact": "NONE",
+ "subConfidentialityImpact": "LOW",
+ "subIntegrityImpact": "LOW",
+ "subAvailabilityImpact": "NONE",
+ "exploitMaturity": "NOT_DEFINED",
+ "confidentialityRequirement": "NOT_DEFINED",
+ "integrityRequirement": "NOT_DEFINED",
+ "availabilityRequirement": "NOT_DEFINED",
+ "modifiedAttackVector": "NOT_DEFINED",
+ "modifiedAttackComplexity": "NOT_DEFINED",
+ "modifiedAttackRequirements": "NOT_DEFINED",
+ "modifiedPrivilegesRequired": "NOT_DEFINED",
+ "modifiedUserInteraction": "NOT_DEFINED",
+ "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+ "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+ "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+ "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+ "modifiedSubIntegrityImpact": "NOT_DEFINED",
+ "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+ "Safety": "NOT_DEFINED",
+ "Automatable": "NOT_DEFINED",
+ "Recovery": "NOT_DEFINED",
+ "valueDensity": "NOT_DEFINED",
+ "vulnerabilityResponseEffort": "NOT_DEFINED",
+ "providerUrgency": "NOT_DEFINED"
+ }
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@opentext.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-672"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://portal.microfocus.com/s/article/KM000040103",
+ "source": "security@opentext.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-26xx/CVE-2025-2613.json b/CVE-2025/CVE-2025-26xx/CVE-2025-2613.json
index 5d1f138a271..15d8f0687d7 100644
--- a/CVE-2025/CVE-2025-26xx/CVE-2025-2613.json
+++ b/CVE-2025/CVE-2025-26xx/CVE-2025-2613.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-2613",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-18T02:15:14.250",
- "lastModified": "2025-04-18T02:15:14.250",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-275xx/CVE-2025-27599.json b/CVE-2025/CVE-2025-275xx/CVE-2025-27599.json
index b4511a62c7c..90d2b6e817b 100644
--- a/CVE-2025/CVE-2025-275xx/CVE-2025-27599.json
+++ b/CVE-2025/CVE-2025-275xx/CVE-2025-27599.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-27599",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-18T16:15:20.480",
- "lastModified": "2025-04-18T16:15:20.480",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-280xx/CVE-2025-28059.json b/CVE-2025/CVE-2025-280xx/CVE-2025-28059.json
index 9b41f5eba8f..b89b0fda1b3 100644
--- a/CVE-2025/CVE-2025-280xx/CVE-2025-28059.json
+++ b/CVE-2025/CVE-2025-280xx/CVE-2025-28059.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-28059",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T17:15:34.700",
- "lastModified": "2025-04-18T17:15:34.700",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an administrator deletes a user account, the backend fails to terminate active sessions and revoke associated API tokens, enabling unauthorized access to restricted functions."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de control de acceso en Nagios Network Analyzer 2024R1.0.3 permite que usuarios eliminados conserven el acceso a los recursos del sistema debido a la invalidaci\u00f3n incorrecta de sesiones y al manejo de tokens obsoletos. Cuando un administrador elimina una cuenta de usuario, el backend no finaliza las sesiones activas ni revoca los tokens de API asociados, lo que permite el acceso no autorizado a funciones restringidas."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-281xx/CVE-2025-28121.json b/CVE-2025/CVE-2025-281xx/CVE-2025-28121.json
new file mode 100644
index 00000000000..7bf30426fef
--- /dev/null
+++ b/CVE-2025/CVE-2025-281xx/CVE-2025-28121.json
@@ -0,0 +1,64 @@
+{
+ "id": "CVE-2025-28121",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-21T15:15:59.750",
+ "lastModified": "2025-04-21T15:15:59.750",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the \"q\" parameter allowing remote attackers to execute arbitrary code."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://code-projects.org/online-exam-mastering-system-php/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/pruthuraut/CVE-2025-28121",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/pruthuraut/CVE-2025-28121",
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-281xx/CVE-2025-28197.json b/CVE-2025/CVE-2025-281xx/CVE-2025-28197.json
index a2bf1f7fd37..5619f27061a 100644
--- a/CVE-2025/CVE-2025-281xx/CVE-2025-28197.json
+++ b/CVE-2025/CVE-2025-281xx/CVE-2025-28197.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-28197",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T20:15:16.450",
- "lastModified": "2025-04-18T20:15:16.450",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py."
+ },
+ {
+ "lang": "es",
+ "value": "Crawl4AI <=0.4.247 es vulnerable a SSRF en /crawl4ai/async_dispatcher.py."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28228.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28228.json
new file mode 100644
index 00000000000..537ccdd66c0
--- /dev/null
+++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28228.json
@@ -0,0 +1,21 @@
+{
+ "id": "CVE-2025-28228",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-18T15:15:58.070",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows unauthorized attackers to access credentials in plaintext."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28228",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28229.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28229.json
new file mode 100644
index 00000000000..ab972f315aa
--- /dev/null
+++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28229.json
@@ -0,0 +1,21 @@
+{
+ "id": "CVE-2025-28229",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-18T15:15:58.170",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain Administrator privileges."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28229",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28230.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28230.json
new file mode 100644
index 00000000000..1f9882a6c55
--- /dev/null
+++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28230.json
@@ -0,0 +1,21 @@
+{
+ "id": "CVE-2025-28230",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-18T15:15:58.280",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded administrator credentials."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28230",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28231.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28231.json
index f52cb6c41dc..7d44eb725aa 100644
--- a/CVE-2025/CVE-2025-282xx/CVE-2025-28231.json
+++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28231.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-28231",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T18:15:44.883",
- "lastModified": "2025-04-18T18:15:44.883",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to execute arbitrary commands with Administrator privileges."
+ },
+ {
+ "lang": "es",
+ "value": "El control de acceso incorrecto en Itel Electronics IP Stream v1.7.0.6 permite a atacantes no autorizados ejecutar comandos arbitrarios con privilegios de administrador."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28232.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28232.json
new file mode 100644
index 00000000000..078aa44b211
--- /dev/null
+++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28232.json
@@ -0,0 +1,21 @@
+{
+ "id": "CVE-2025-28232",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-18T15:15:58.387",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows attackers to access the Admin panel without authentication."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28232",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28233.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28233.json
index 959089cd3e9..58ea988272d 100644
--- a/CVE-2025/CVE-2025-282xx/CVE-2025-28233.json
+++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28233.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-28233",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T18:15:45.307",
- "lastModified": "2025-04-18T18:15:45.307",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version: 1.7 allows attackers to access log files and extract session identifiers to execute a session hijacking attack."
+ },
+ {
+ "lang": "es",
+ "value": "El control de acceso incorrecto en BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30 y TX50 Versi\u00f3n de hardware: 2, Versi\u00f3n de software: 1.6.0, Versi\u00f3n de control: 1.0, Versi\u00f3n de firmware AIO: 1.7 permite a los atacantes acceder a archivos de registro y extraer identificadores de sesi\u00f3n para ejecutar un ataque de secuestro de sesi\u00f3n."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28235.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28235.json
index b225d7f2b85..0c76695b7ea 100644
--- a/CVE-2025/CVE-2025-282xx/CVE-2025-28235.json
+++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28235.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-28235",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T18:15:45.723",
- "lastModified": "2025-04-18T18:15:45.723",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el componente /socket.io/1/websocket/ de los modelos Ui12 y Ui16 de Soundcraft Ui Series Firmware v1.0.7x y v1.0.5x permite a los atacantes acceder a las credenciales de administrador en texto sin formato."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28236.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28236.json
index c6584d08cf9..48c804b736c 100644
--- a/CVE-2025/CVE-2025-282xx/CVE-2025-28236.json
+++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28236.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-28236",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T18:15:46.113",
- "lastModified": "2025-04-18T18:15:46.113",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execute arbitrary code via supplying a crafted update package to the /#/software/upgrades endpoint."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que Nautel VX Series transmitters VX SW v6.4.0 y anteriores contienen una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) durante el proceso de actualizaci\u00f3n del firmware. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario mediante el suministro de un paquete de actualizaci\u00f3n manipulado al endpoint /#/software/upgrades."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28237.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28237.json
index a931b7ab198..f259fe54c20 100644
--- a/CVE-2025/CVE-2025-282xx/CVE-2025-28237.json
+++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28237.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-28237",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T18:15:46.507",
- "lastModified": "2025-04-18T18:15:46.507",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 permite a atacantes autenticados escalar privilegios a trav\u00e9s de un payload JSON manipulado."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28238.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28238.json
index 7ff41b302ad..c0ca78e211c 100644
--- a/CVE-2025/CVE-2025-282xx/CVE-2025-28238.json
+++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28238.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-28238",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T18:15:46.913",
- "lastModified": "2025-04-18T18:15:46.913",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack."
+ },
+ {
+ "lang": "es",
+ "value": "La gesti\u00f3n incorrecta de sesiones en Elber REBLE310 Firmware v5.5.1.R, modelo de equipo: REBLE310/RX10/4ASI permite a los atacantes ejecutar un ataque de secuestro de sesi\u00f3n."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-282xx/CVE-2025-28242.json b/CVE-2025/CVE-2025-282xx/CVE-2025-28242.json
index 02e06909c39..8550787e6f1 100644
--- a/CVE-2025/CVE-2025-282xx/CVE-2025-28242.json
+++ b/CVE-2025/CVE-2025-282xx/CVE-2025-28242.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-28242",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T18:15:47.327",
- "lastModified": "2025-04-18T18:15:47.327",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack."
+ },
+ {
+ "lang": "es",
+ "value": "La gesti\u00f3n incorrecta de sesiones en el endpoint /login_ok.htm de DAEnetIP4 METO v1.25 permite a los atacantes ejecutar un ataque de secuestro de sesi\u00f3n."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-283xx/CVE-2025-28355.json b/CVE-2025/CVE-2025-283xx/CVE-2025-28355.json
index 1f448f7561f..ed5be6788d7 100644
--- a/CVE-2025/CVE-2025-283xx/CVE-2025-28355.json
+++ b/CVE-2025/CVE-2025-283xx/CVE-2025-28355.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-28355",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T19:15:45.640",
- "lastModified": "2025-04-18T19:15:45.640",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none"
+ },
+ {
+ "lang": "es",
+ "value": "Volmarg Personal Management System 1.4.65 es vulnerable a Cross-Site Request Forgery (CSRF), lo que permite a los atacantes ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del atributo de cookie SameSite cuyo valor predeterminado es ninguno."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-290xx/CVE-2025-29058.json b/CVE-2025/CVE-2025-290xx/CVE-2025-29058.json
index b6bf45d2779..3fa15972919 100644
--- a/CVE-2025/CVE-2025-290xx/CVE-2025-29058.json
+++ b/CVE-2025/CVE-2025-290xx/CVE-2025-29058.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-29058",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T21:15:43.843",
- "lastModified": "2025-04-21T04:15:17.863",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en Qimou CMS v.3.34.0 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del componente upgrade.php."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-292xx/CVE-2025-29209.json b/CVE-2025/CVE-2025-292xx/CVE-2025-29209.json
new file mode 100644
index 00000000000..c221dbf8ba3
--- /dev/null
+++ b/CVE-2025/CVE-2025-292xx/CVE-2025-29209.json
@@ -0,0 +1,21 @@
+{
+ "id": "CVE-2025-29209",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-18T15:15:58.653",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "TOTOLINK X18 v9.1.0cu.2024_B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub_41105C function of cstecgi .cgi."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/LZY0522/CVE/blob/main/X18-sub_41105c.md",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-292xx/CVE-2025-29287.json b/CVE-2025/CVE-2025-292xx/CVE-2025-29287.json
new file mode 100644
index 00000000000..a129990177a
--- /dev/null
+++ b/CVE-2025/CVE-2025-292xx/CVE-2025-29287.json
@@ -0,0 +1,68 @@
+{
+ "id": "CVE-2025-29287",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-21T15:15:59.930",
+ "lastModified": "2025-04-21T15:15:59.930",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://cms.com",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://gist.github.com/erdan111/38dcb5150b523436fe01249b2542f02f#file-cve-2025-29287",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://gitee.com/mingSoft/MCMS/issues/IBOOTX",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://gitee.com/mingSoft/MCMS/issues/IBOOTX",
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29449.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29449.json
index ba0fe55105d..813d623bae7 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29449.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29449.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-29449",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T21:15:50.353",
- "lastModified": "2025-04-17T21:15:50.353",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en twonav v.2.1.18-20241105 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n de identificaci\u00f3n de enlace."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29450.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29450.json
index 66dce198131..9b1abad0d62 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29450.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29450.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-29450",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T21:15:50.483",
- "lastModified": "2025-04-17T21:15:50.483",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en twonav v.2.1.18-20241105 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del componente de configuraci\u00f3n del sitio."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29451.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29451.json
index afbb064f562..25be68b7eb0 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29451.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29451.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-29451",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T21:15:50.620",
- "lastModified": "2025-04-18T16:15:21.213",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en Seo Panel 4.11.0 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del componente de configuraci\u00f3n de correo."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29452.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29452.json
index ac33acc554f..5f58986a381 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29452.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29452.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-29452",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T21:15:50.727",
- "lastModified": "2025-04-18T16:15:21.393",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en Seo Panel 4.11.0 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del componente Proxy Manager."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29453.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29453.json
index 5f1eaa28433..55bf40ea453 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29453.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29453.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-29453",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T22:15:14.960",
- "lastModified": "2025-04-17T22:15:14.960",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en personal-management-system Personal Management System 1.4.65 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del componente my-contacts-settings."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29454.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29454.json
index ea9fa55c029..0843ab7b4f1 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29454.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29454.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-29454",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T21:15:50.830",
- "lastModified": "2025-04-17T21:15:50.830",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en personal-management-system Personal Management System 1.4.65 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n de carga."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29455.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29455.json
index 04774668eaf..02c6943cc5f 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29455.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29455.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-29455",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T21:15:50.940",
- "lastModified": "2025-04-17T21:15:50.940",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas\" function."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en personal-management-system Personal Management System 1.4.65 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n \"Ideas de viaje\"."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29456.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29456.json
index 049b02ca5dd..bb7cce6d1f7 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29456.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29456.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-29456",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T22:15:15.077",
- "lastModified": "2025-04-17T22:15:15.077",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en personal-management-system Personal Management System 1.4.65 permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n de creaci\u00f3n de notas."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29457.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29457.json
index c6b4a3180ad..83956d9032b 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29457.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29457.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-29457",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T22:15:15.183",
- "lastModified": "2025-04-18T16:15:21.583",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29458.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29458.json
index 725b836bbc3..0abb9eae814 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29458.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29458.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-29458",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T22:15:15.290",
- "lastModified": "2025-04-18T16:15:21.773",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29459.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29459.json
index c1a9138ce53..f66b5865e4d 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29459.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29459.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-29459",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T22:15:15.387",
- "lastModified": "2025-04-18T14:15:22.437",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29460.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29460.json
index b23f6058ea7..d528d00df9b 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29460.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29460.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-29460",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T22:15:15.493",
- "lastModified": "2025-04-18T14:15:22.603",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29461.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29461.json
index 59c1ca5f0ff..86f79d04db6 100644
--- a/CVE-2025/CVE-2025-294xx/CVE-2025-29461.json
+++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29461.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-29461",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-17T22:15:15.607",
- "lastModified": "2025-04-18T14:15:22.770",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-295xx/CVE-2025-29512.json b/CVE-2025/CVE-2025-295xx/CVE-2025-29512.json
index 8fd4657ba45..bbbbcee3636 100644
--- a/CVE-2025/CVE-2025-295xx/CVE-2025-29512.json
+++ b/CVE-2025/CVE-2025-295xx/CVE-2025-29512.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-29512",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T18:15:48.263",
- "lastModified": "2025-04-18T19:15:45.800",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database."
+ },
+ {
+ "lang": "es",
+ "value": "La vulnerabilidad de Cross Site Scripting (XSS) en NodeBB v4.0.4 y anteriores permite a atacantes remotos almacenar c\u00f3digo arbitrario y potencialmente inutilizar la funcionalidad de IP de lista negra hasta que se elimine el contenido a trav\u00e9s de la base de datos."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-295xx/CVE-2025-29513.json b/CVE-2025/CVE-2025-295xx/CVE-2025-29513.json
index 2bd8900bfae..8a0d2b85232 100644
--- a/CVE-2025/CVE-2025-295xx/CVE-2025-29513.json
+++ b/CVE-2025/CVE-2025-295xx/CVE-2025-29513.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-29513",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-18T18:15:48.693",
- "lastModified": "2025-04-18T19:15:45.943",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator."
+ },
+ {
+ "lang": "es",
+ "value": "La vulnerabilidad de Cross Site Scripting (XSS) en NodeBB v4.0.4 y anteriores permite a atacantes remotos almacenar c\u00f3digo arbitrario en el generador de tokens de acceso a la API de administraci\u00f3n."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-296xx/CVE-2025-29625.json b/CVE-2025/CVE-2025-296xx/CVE-2025-29625.json
new file mode 100644
index 00000000000..d59816d1d3a
--- /dev/null
+++ b/CVE-2025/CVE-2025-296xx/CVE-2025-29625.json
@@ -0,0 +1,60 @@
+{
+ "id": "CVE-2025-29625",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-18T15:15:58.770",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-120"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.reodus.com/posts/cve-2025-29625/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/CruiserOne/Astrolog/issues/25",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-296xx/CVE-2025-29659.json b/CVE-2025/CVE-2025-296xx/CVE-2025-29659.json
new file mode 100644
index 00000000000..e578a29bf84
--- /dev/null
+++ b/CVE-2025/CVE-2025-296xx/CVE-2025-29659.json
@@ -0,0 +1,64 @@
+{
+ "id": "CVE-2025-29659",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-21T15:16:00.123",
+ "lastModified": "2025-04-21T15:16:00.123",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the \"cmd_listen\" function located in the \"cmd\" binary."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-285"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Yasha-ops/RCE-YiIOT",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/Yasha-ops/vulnerability-research/tree/master/CVE-2025-29659",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/Yasha-ops/vulnerability-research/tree/master/CVE-2025-29659",
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-296xx/CVE-2025-29660.json b/CVE-2025/CVE-2025-296xx/CVE-2025-29660.json
new file mode 100644
index 00000000000..8f8cdaea964
--- /dev/null
+++ b/CVE-2025/CVE-2025-296xx/CVE-2025-29660.json
@@ -0,0 +1,60 @@
+{
+ "id": "CVE-2025-29660",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2025-04-21T15:16:00.297",
+ "lastModified": "2025-04-21T15:16:00.297",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Yasha-ops/RCE-YiIOT",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/Yasha-ops/vulnerability-research/tree/master/CVE-2025-29660",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-297xx/CVE-2025-29784.json b/CVE-2025/CVE-2025-297xx/CVE-2025-29784.json
index ed07fa32135..9e37e2ca18a 100644
--- a/CVE-2025/CVE-2025-297xx/CVE-2025-29784.json
+++ b/CVE-2025/CVE-2025-297xx/CVE-2025-29784.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-29784",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-18T16:15:22.163",
- "lastModified": "2025-04-18T16:15:22.163",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-299xx/CVE-2025-29953.json b/CVE-2025/CVE-2025-299xx/CVE-2025-29953.json
index 0b78031ecae..6f0008370b5 100644
--- a/CVE-2025/CVE-2025-299xx/CVE-2025-29953.json
+++ b/CVE-2025/CVE-2025-299xx/CVE-2025-29953.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-29953",
"sourceIdentifier": "security@apache.org",
"published": "2025-04-18T16:15:22.317",
- "lastModified": "2025-04-18T18:15:49.057",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client.\n\nThis issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious responses that may eventually cause arbitrary code execution on the client. Version 2.1.0 introduced a allow/denylist feature to restrict deserialization, but this feature could be bypassed.\n\nThe .NET team has deprecated the built-in .NET binary serialization feature starting with .NET 9 and suggests migrating away from binary serialization. The project is considering to follow suit and drop this part of the NMS API altogether.\n\nUsers are recommended to upgrade to version 2.1.1, which fixes the issue. We also recommend to migrate away from relying on .NET binary serialization as a hardening method for the future."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Apache ActiveMQ NMS OpenWire Client. Este problema afecta a Apache ActiveMQ NMS OpenWire Client anterior a la versi\u00f3n 2.1.1 al conectar con servidores no confiables. Dichos servidores podr\u00edan abusar de la deserializaci\u00f3n ilimitada del cliente para proporcionar respuestas maliciosas que podr\u00edan provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. La versi\u00f3n 2.1.0 introdujo una funci\u00f3n de lista de permitidos/denegados para restringir la deserializaci\u00f3n, pero esta funci\u00f3n pod\u00eda omitirse. El equipo de .NET ha descontinuado la funci\u00f3n integrada de serializaci\u00f3n binaria de .NET a partir de .NET 9 y sugiere migrar hacia una versi\u00f3n posterior. El proyecto est\u00e1 considerando seguir el ejemplo y eliminar esta parte de la API de NMS por completo. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.1.1, que soluciona el problema. Tambi\u00e9n recomendamos migrar hacia una versi\u00f3n posterior que no dependa de la serializaci\u00f3n binaria de .NET como m\u00e9todo de protecci\u00f3n."
}
],
"metrics": {},
diff --git a/CVE-2025/CVE-2025-29xx/CVE-2025-2950.json b/CVE-2025/CVE-2025-29xx/CVE-2025-2950.json
new file mode 100644
index 00000000000..86ed51c3e29
--- /dev/null
+++ b/CVE-2025/CVE-2025-29xx/CVE-2025-2950.json
@@ -0,0 +1,56 @@
+{
+ "id": "CVE-2025-2950",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2025-04-18T15:15:58.937",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-644"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.ibm.com/support/pages/node/7231320",
+ "source": "psirt@us.ibm.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-301xx/CVE-2025-30158.json b/CVE-2025/CVE-2025-301xx/CVE-2025-30158.json
index cf498d7eb83..45a6996f97f 100644
--- a/CVE-2025/CVE-2025-301xx/CVE-2025-30158.json
+++ b/CVE-2025/CVE-2025-301xx/CVE-2025-30158.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-30158",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-18T16:15:22.443",
- "lastModified": "2025-04-18T16:15:22.443",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-303xx/CVE-2025-30357.json b/CVE-2025/CVE-2025-303xx/CVE-2025-30357.json
index 04eeb98a04c..f9ac1045ca5 100644
--- a/CVE-2025/CVE-2025-303xx/CVE-2025-30357.json
+++ b/CVE-2025/CVE-2025-303xx/CVE-2025-30357.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-30357",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-18T16:15:22.593",
- "lastModified": "2025-04-18T16:15:22.593",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deletes the malicious user's account, all their posts (comments) along with the associated topics (by unrelated users) will be marked as deleted. This issue has been patched in version 2.2.0."
+ },
+ {
+ "lang": "es",
+ "value": "NamelessMC es un software web gratuito, f\u00e1cil de usar y potente para servidores de Minecraft. En la versi\u00f3n 2.1.4 y anteriores, si un usuario malicioso deja comentarios spam en muchos temas, un administrador, al no poder eliminar manualmente cada comentario spam, puede eliminar la cuenta maliciosa. Una vez que un administrador elimina la cuenta del usuario malicioso, todas sus publicaciones (comentarios), junto con los temas asociados (de usuarios no relacionados), se marcar\u00e1n como eliminados. Este problema se ha corregido en la versi\u00f3n 2.2.0."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3056.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3056.json
index a1cf09b8132..c0ca3d5cab0 100644
--- a/CVE-2025/CVE-2025-30xx/CVE-2025-3056.json
+++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3056.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-3056",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-18T09:15:15.230",
- "lastModified": "2025-04-18T09:15:15.230",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-311xx/CVE-2025-31118.json b/CVE-2025/CVE-2025-311xx/CVE-2025-31118.json
index 1303d6fd9a5..d2984260af2 100644
--- a/CVE-2025/CVE-2025-311xx/CVE-2025-31118.json
+++ b/CVE-2025/CVE-2025-311xx/CVE-2025-31118.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-31118",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-18T16:15:22.747",
- "lastModified": "2025-04-18T16:15:22.747",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0."
+ },
+ {
+ "lang": "es",
+ "value": "NamelessMC es un software web gratuito, f\u00e1cil de usar y potente para servidores de Minecraft. En la versi\u00f3n 2.1.4 y anteriores, la funci\u00f3n de respuesta r\u00e1pida del foro (view_topic.php) no implementa ning\u00fan mecanismo para prevenir el spam. Esto permite a los usuarios autenticados publicar respuestas continuamente sin l\u00edmite de tiempo, lo que resulta en un aumento descontrolado de publicaciones que puede interrumpir el funcionamiento normal. Este problema se ha corregido en la versi\u00f3n 2.2.0."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-311xx/CVE-2025-31120.json b/CVE-2025/CVE-2025-311xx/CVE-2025-31120.json
index 04842708045..7abfd3c797e 100644
--- a/CVE-2025/CVE-2025-311xx/CVE-2025-31120.json
+++ b/CVE-2025/CVE-2025-311xx/CVE-2025-31120.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-31120",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-18T16:15:22.890",
- "lastModified": "2025-04-18T20:15:16.567",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[tid]) (or session variable for guests) to determine if a view should be counted. When a client does not provide the cookie, every page request increments the counter, leading to incorrect view metrics. This issue has been patched in version 2.2.0."
+ },
+ {
+ "lang": "es",
+ "value": "NamelessMC es un software web gratuito, f\u00e1cil de usar y potente para servidores de Minecraft. En la versi\u00f3n 2.1.4 y anteriores, un mecanismo inseguro de conteo de visitas en la p\u00e1gina del foro permit\u00eda a un atacante no autenticado aumentar artificialmente el conteo. La aplicaci\u00f3n utiliza una cookie del cliente (nl-topic-[tid]) (o una variable de sesi\u00f3n para invitados) para determinar si se debe contabilizar una visita. Cuando un cliente no proporciona la cookie, cada solicitud de p\u00e1gina incrementa el contador, lo que genera m\u00e9tricas de visitas incorrectas. Este problema se ha corregido en la versi\u00f3n 2.2.0."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-311xx/CVE-2025-31161.json b/CVE-2025/CVE-2025-311xx/CVE-2025-31161.json
index cd31678bb4a..aef66dd6a00 100644
--- a/CVE-2025/CVE-2025-311xx/CVE-2025-31161.json
+++ b/CVE-2025/CVE-2025-311xx/CVE-2025-31161.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-31161",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-03T20:15:25.373",
- "lastModified": "2025-04-08T15:30:22.440",
- "vulnStatus": "Analyzed",
+ "lastModified": "2025-04-21T15:16:00.790",
+ "vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@@ -163,6 +163,14 @@
"tags": [
"Press/Media Coverage"
]
+ },
+ {
+ "url": "https://www.vicarius.io/vsociety/posts/cve-2025-31161-detect-crushftp-vulnerability",
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ },
+ {
+ "url": "https://www.vicarius.io/vsociety/posts/cve-2025-31161-mitigate-crushftp-vulnerability",
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
\ No newline at end of file
diff --git a/CVE-2025/CVE-2025-31xx/CVE-2025-3103.json b/CVE-2025/CVE-2025-31xx/CVE-2025-3103.json
index 597faa05d7a..3cf86f4ee62 100644
--- a/CVE-2025/CVE-2025-31xx/CVE-2025-3103.json
+++ b/CVE-2025/CVE-2025-31xx/CVE-2025-3103.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-3103",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-19T05:15:44.380",
- "lastModified": "2025-04-19T05:15:44.380",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-31xx/CVE-2025-3106.json b/CVE-2025/CVE-2025-31xx/CVE-2025-3106.json
index ec671b46e28..aab9948dc83 100644
--- a/CVE-2025/CVE-2025-31xx/CVE-2025-3106.json
+++ b/CVE-2025/CVE-2025-31xx/CVE-2025-3106.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-3106",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-04-18T10:15:14.243",
- "lastModified": "2025-04-18T10:15:14.243",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-31xx/CVE-2025-3124.json b/CVE-2025/CVE-2025-31xx/CVE-2025-3124.json
index 99d5a08ff2e..a58304531c8 100644
--- a/CVE-2025/CVE-2025-31xx/CVE-2025-3124.json
+++ b/CVE-2025/CVE-2025-31xx/CVE-2025-3124.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-3124",
"sourceIdentifier": "product-cna@github.com",
"published": "2025-04-17T23:15:41.593",
- "lastModified": "2025-04-17T23:15:41.593",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed a user to see the names of private repositories that they wouldn't otherwise have access to in the Security Overview in GitHub Advanced Security. The Security Overview was required to be filtered only using the `archived:` filter and all other access controls were functioning normally. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.17 and was fixed in versions 3.13.14, 3.14.11, 3.15.6, and 3.16.2."
+ },
+ {
+ "lang": "es",
+ "value": "Se identific\u00f3 una vulnerabilidad de autorizaci\u00f3n faltante en GitHub Enterprise Server que permit\u00eda a un usuario ver los nombres de repositorios privados a los que, de otro modo, no tendr\u00eda acceso en la descripci\u00f3n general de seguridad de GitHub Advanced Security. Esta descripci\u00f3n general de seguridad deb\u00eda filtrarse \u00fanicamente con el filtro `archived:` y todos los dem\u00e1s controles de acceso funcionaban con normalidad. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.17 y se corrigi\u00f3 en las versiones 3.13.14, 3.14.11, 3.15.6 y 3.16.2."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-323xx/CVE-2025-32377.json b/CVE-2025/CVE-2025-323xx/CVE-2025-32377.json
index d1a5bdda2a9..ed31470a00c 100644
--- a/CVE-2025/CVE-2025-323xx/CVE-2025-32377.json
+++ b/CVE-2025/CVE-2025-323xx/CVE-2025-32377.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-32377",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-18T20:15:16.670",
- "lastModified": "2025-04-18T20:15:16.670",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models (LLMs). A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source. This issue has been patched for audiocodes, audiocodes_stream, and genesys connectors in versions 3.9.20, 3.10.19, 3.11.7 and 3.12.6."
+ },
+ {
+ "lang": "es",
+ "value": "Rasa Pro es un framework para crear asistentes de IA conversacionales escalables y din\u00e1micos que integran grandes modelos de lenguaje (LLM). Se ha identificado una vulnerabilidad en Rasa Pro donde los conectores de voz no implementan la autenticaci\u00f3n correctamente, incluso cuando se configura un token en el archivo credentials.yml. Esto podr\u00eda permitir que un atacante env\u00ede datos de voz al asistente Rasa Pro desde una fuente no autenticada. Este problema se ha corregido para audiocodes, audiocodes_stream y conectores genesys en las versiones 3.9.20, 3.10.19, 3.11.7 y 3.12.6."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-323xx/CVE-2025-32389.json b/CVE-2025/CVE-2025-323xx/CVE-2025-32389.json
index 59af7450c4d..f0f2eda8571 100644
--- a/CVE-2025/CVE-2025-323xx/CVE-2025-32389.json
+++ b/CVE-2025/CVE-2025-323xx/CVE-2025-32389.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-32389",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-18T16:15:23.033",
- "lastModified": "2025-04-18T16:15:23.033",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a¶m[1]=b¶m[2]=c` utilized by PHP, which is parsed by PHP as `$_GET['param']` being of type array. This issue has been patched in version 2.1.4."
+ },
+ {
+ "lang": "es",
+ "value": "NamelessMC es un software web gratuito, f\u00e1cil de usar y potente para servidores de Minecraft. Antes de la versi\u00f3n 2.1.4, NamelessMC era vulnerable a la inyecci\u00f3n SQL al proporcionar una sintaxis de par\u00e1metro GET entre corchetes inesperada. Esta sintaxis se refiere a la estructura `?param[0]=a¶m[1]=b¶m[2]=c` utilizada por PHP, la cual PHP interpreta como `$_GET['param']` de tipo array. Este problema se ha corregido en la versi\u00f3n 2.1.4."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32408.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32408.json
index 2a35d91ab9f..a1de5014585 100644
--- a/CVE-2025/CVE-2025-324xx/CVE-2025-32408.json
+++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32408.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-32408",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-21T13:15:57.267",
- "lastModified": "2025-04-21T13:15:57.267",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32434.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32434.json
index e6f9bbf562a..89e4e86f097 100644
--- a/CVE-2025/CVE-2025-324xx/CVE-2025-32434.json
+++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32434.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-32434",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-18T16:15:23.183",
- "lastModified": "2025-04-18T16:15:23.183",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0."
+ },
+ {
+ "lang": "es",
+ "value": "PyTorch es un paquete de Python que proporciona computaci\u00f3n tensorial con una potente aceleraci\u00f3n de GPU y redes neuronales profundas basadas en un sistema de autogradaci\u00f3n basado en cinta. En la versi\u00f3n 2.5.1 y anteriores, exist\u00eda una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) en PyTorch al cargar un modelo usando torch.load con weights_only=True. Este problema se ha corregido en la versi\u00f3n 2.6.0."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32442.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32442.json
index 5adf06c7705..121937d6ca1 100644
--- a/CVE-2025/CVE-2025-324xx/CVE-2025-32442.json
+++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32442.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-32442",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-18T16:15:23.327",
- "lastModified": "2025-04-18T21:15:43.993",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_ content type such as with different casing or altered whitespacing before `;`. This was patched in v5.3.1, but the initial patch did not cover all problems. This has been fully patched in v5.3.2. A workaround involves not specifying individual content types in the schema."
+ },
+ {
+ "lang": "es",
+ "value": "Fastify es un framework web r\u00e1pido y de bajo consumo para Node.js. En las versiones 5.0.0 a 5.3.0, las aplicaciones que especifican diferentes estrategias de validaci\u00f3n para distintos tipos de contenido pueden omitir la validaci\u00f3n proporcionando un tipo de contenido ligeramente modificado, como con may\u00fasculas y min\u00fasculas diferentes o con espacios antes de `;` modificados. Esto se solucion\u00f3 en la versi\u00f3n 5.3.1, pero la correcci\u00f3n inicial no solucion\u00f3 todos los problemas. Se ha corregido completamente en la versi\u00f3n 5.3.2. Un workaround consiste en no especificar tipos de contenido individuales en el esquema."
}
],
"metrics": {
diff --git a/CVE-2025/CVE-2025-327xx/CVE-2025-32790.json b/CVE-2025/CVE-2025-327xx/CVE-2025-32790.json
index 5d05a71777b..80f7496c88c 100644
--- a/CVE-2025/CVE-2025-327xx/CVE-2025-32790.json
+++ b/CVE-2025/CVE-2025-327xx/CVE-2025-32790.json
@@ -2,8 +2,8 @@
"id": "CVE-2025-32790",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-18T13:15:58.177",
- "lastModified": "2025-04-18T14:15:22.930",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
diff --git a/CVE-2025/CVE-2025-327xx/CVE-2025-32792.json b/CVE-2025/CVE-2025-327xx/CVE-2025-32792.json
index bea16c96638..78ef199afdd 100644
--- a/CVE-2025/CVE-2025-327xx/CVE-2025-32792.json
+++ b/CVE-2025/CVE-2025-327xx/CVE-2025-32792.json
@@ -2,13 +2,17 @@
"id": "CVE-2025-32792",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-18T16:15:23.487",
- "lastModified": "2025-04-18T16:15:23.487",
- "vulnStatus": "Received",
+ "lastModified": "2025-04-21T14:23:45.950",
+ "vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used `const`, `let`, and `class` bindings in the top-level scope of a `