admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-16T14:00:19.614154+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-16 14:03:56 +00:00
parent 5c1b64b714
commit 56317f0e9d
203 changed files with 1798 additions and 597 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2023/CVE-2023-452xx/CVE-2023-45256.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45256",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-12T17:15:26.507",
"lastModified": "2025-06-12T17:15:26.507",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-255xx/CVE-2024-25573.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-25573",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2025-06-15T16:15:18.683",
"lastModified": "2025-06-15T16:15:18.683",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing."
},
{
"lang": "es",
"value": "Los datos no depurados proporcionados por el usuario y guardados en la consola administrativa de PingFederate podr\u00edan desencadenar la ejecuci\u00f3n de c\u00f3digo JavaScript en el procesamiento posterior del usuario."
}
],
"metrics": {

4
CVE-2024/CVE-2024-388xx/CVE-2024-38822.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38822",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-13T07:15:19.300",
"lastModified": "2025-06-13T07:15:19.300",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-388xx/CVE-2024-38823.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38823",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-13T07:15:20.580",
"lastModified": "2025-06-13T14:15:18.823",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-388xx/CVE-2024-38824.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38824",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-13T08:15:18.800",
"lastModified": "2025-06-13T08:15:18.800",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-388xx/CVE-2024-38825.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38825",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-13T07:15:20.717",
"lastModified": "2025-06-13T14:15:18.983",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-449xx/CVE-2024-44905.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44905",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-12T16:15:22.007",
"lastModified": "2025-06-12T16:15:22.007",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-449xx/CVE-2024-44906.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44906",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-12T16:15:22.140",
"lastModified": "2025-06-12T16:15:22.140",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-555xx/CVE-2024-55567.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-55567",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-12T17:15:28.707",
"lastModified": "2025-06-12T17:15:28.707",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-75xx/CVE-2024-7562.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7562",
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"published": "2025-06-12T16:15:22.320",
"lastModified": "2025-06-12T16:15:22.320",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-14xx/CVE-2025-1411.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-1411",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-15T13:15:32.027",
"lastModified": "2025-06-15T13:15:32.027",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges."
},
{
"lang": "es",
"value": "IBM Security Verify Directory Container 10.0.0.0 a 10.0.3.1 podr\u00eda permitir que un usuario local ejecute comandos como root debido a la ejecuci\u00f3n con privilegios innecesarios."
}
],
"metrics": {

8
CVE-2025/CVE-2025-20xx/CVE-2025-2091.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-2091",
"sourceIdentifier": "security@m-files.com",
"published": "2025-06-16T09:15:19.067",
"lastModified": "2025-06-16T09:15:19.067",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs."
},
{
"lang": "es",
"value": "Una vulnerabilidad de redirecci\u00f3n abierta en las aplicaciones m\u00f3viles M-Files para Android e iOS anteriores a la versi\u00f3n 25.6.0 permite a los atacantes utilizar archivos PDF manipulados con fines maliciosos para enga\u00f1ar a otros usuarios para que realicen solicitudes a URL no confiables."
}
],
"metrics": {

8
CVE-2025/CVE-2025-210xx/CVE-2025-21085.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-21085",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2025-06-15T15:15:18.330",
"lastModified": "2025-06-15T15:15:18.330",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization."
},
{
"lang": "es",
"value": "La duplicaci\u00f3n de concesiones OAuth2 de PingFederate en el almacenamiento persistente de PostgreSQL permite que las solicitudes OAuth2 utilicen una memoria excesiva."
}
],
"metrics": {

4
CVE-2025/CVE-2025-222xx/CVE-2025-22236.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22236",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-13T07:15:20.863",
"lastModified": "2025-06-13T14:15:19.323",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-222xx/CVE-2025-22237.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22237",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-13T07:15:21.010",
"lastModified": "2025-06-13T14:15:19.467",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-222xx/CVE-2025-22238.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22238",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-13T07:15:21.150",
"lastModified": "2025-06-13T14:15:19.610",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-222xx/CVE-2025-22239.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22239",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-13T07:15:21.290",
"lastModified": "2025-06-13T14:15:19.747",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-222xx/CVE-2025-22240.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22240",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-13T07:15:21.430",
"lastModified": "2025-06-13T14:15:19.893",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-222xx/CVE-2025-22241.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22241",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-13T07:15:21.567",
"lastModified": "2025-06-13T07:15:21.567",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-222xx/CVE-2025-22242.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-22242",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-13T07:15:21.710",
"lastModified": "2025-06-13T07:15:21.710",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-228xx/CVE-2025-22854.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-22854",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2025-06-15T15:15:19.150",
"lastModified": "2025-06-15T15:15:19.150",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper handling of non-200 http responses in\u00a0the PingFederate Google Adapter\u00a0leads to thread exhaustion under normal usage conditions."
},
{
"lang": "es",
"value": "El control inadecuado de respuestas http distintas de 200 en el adaptador de Google PingFederate provoca el agotamiento del hilo en condiciones de uso normales."
}
],
"metrics": {

8
CVE-2025/CVE-2025-243xx/CVE-2025-24311.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-24311",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2025-06-13T21:15:20.197",
"lastModified": "2025-06-13T21:15:20.197",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability exists in the cv_send_blockdata \nfunctionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted \nControlVault API call can lead to an information leak. An attacker can \nissue an API call to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites en la funci\u00f3n cv_send_blockdata de Dell ControlVault3 (versi\u00f3n anterior a la 5.15.10.14) y Dell ControlVault3 Plus (versi\u00f3n anterior a la 6.2.26.36). Una llamada a la API de ControlVault especialmente manipulada puede provocar una fuga de informaci\u00f3n. Un atacante puede ejecutar una llamada a la API para activar esta vulnerabilidad."
}
],
"metrics": {

56
CVE-2025/CVE-2025-243xx/CVE-2025-24388.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-24388",
"sourceIdentifier": "security@otrs.com",
"published": "2025-06-16T12:15:18.737",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin user.\n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n * OTRS 2025.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@otrs.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"baseScore": 3.8,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@otrs.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-184"
}
]
}
],
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2025-06/",
"source": "security@otrs.com"
}
]
}

8
CVE-2025/CVE-2025-249xx/CVE-2025-24919.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-24919",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2025-06-13T22:15:18.320",
"lastModified": "2025-06-13T22:15:18.320",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de deserializaci\u00f3n de entradas no confiables en la funci\u00f3n cvhDecapsulateCmd de Dell ControlVault3 en versiones anteriores a la 5.15.10.14 y ControlVault3 Plus en versiones anteriores a la 6.2.26.36. Una respuesta de ControlVault especialmente manipulada a un comando puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede comprometer el firmware de ControlVault y configurarlo para que genere una respuesta maliciosa que active esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2025/CVE-2025-249xx/CVE-2025-24922.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-24922",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2025-06-13T21:15:20.390",
"lastModified": "2025-06-13T21:15:20.390",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the \nsecurebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to\u00a06.2.26.36. A \nspecially crafted malicious cv_object can lead to a arbitrary code \nexecution. An attacker can issue an API call to trigger this \nvulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer basada en pila en la funci\u00f3n securebio_identify de Dell ControlVault3 (versi\u00f3n anterior a la 5.15.10.14) y Dell ControlVault3 Plus (versi\u00f3n anterior a la 6.2.26.36). Un objeto cv_object malicioso especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede ejecutar una llamada a la API para activar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2025/CVE-2025-250xx/CVE-2025-25050.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-25050",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2025-06-13T21:15:20.560",
"lastModified": "2025-06-13T21:15:20.560",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the \ncv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36.\n A specially crafted ControlVault API call can lead to an out-of-bounds \nwrite. An attacker can issue an API call to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escritura fuera de los l\u00edmites en la funci\u00f3n cv_upgrade_sensor_firmware de Dell ControlVault3 (versi\u00f3n anterior a la 5.15.10.14) y Dell ControlVault 3 Plus (versi\u00f3n anterior a la 6.2.26.36). Una llamada a la API de ControlVault especialmente manipulada puede provocar una escritura fuera de los l\u00edmites. Un atacante puede ejecutar una llamada a la API para activar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2025/CVE-2025-252xx/CVE-2025-25215.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-25215",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2025-06-13T22:15:19.337",
"lastModified": "2025-06-13T22:15:19.337",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary free vulnerability exists in the cv_close functionality of \nDell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call \ncan lead to an arbitrary free. An attacker can forge a fake session to \ntrigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de liberaci\u00f3n arbitraria en la funci\u00f3n cv_close de Dell ControlVault3 (versi\u00f3n anterior a la 5.15.10.14) y Dell ControlVault3 Plus (versi\u00f3n anterior a la 6.2.26.36). Una llamada a la API de ControlVault especialmente manipulada puede provocar una liberaci\u00f3n arbitraria. Un atacante puede falsificar una sesi\u00f3n para activar esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2025/CVE-2025-252xx/CVE-2025-25264.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-25264",
"sourceIdentifier": "info@cert.vde.com",
"published": "2025-06-16T10:15:19.517",
"lastModified": "2025-06-16T10:15:19.517",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker can take advantage of the current overly permissive CORS policy to gain access and read the responses, potentially exposing sensitive data or enabling further attacks."
},
{
"lang": "es",
"value": "Un atacante remoto no autenticado puede aprovechar la actual pol\u00edtica CORS excesivamente permisiva para obtener acceso y leer las respuestas, exponiendo potencialmente datos confidenciales o posibilitando m\u00e1s ataques."
}
],
"metrics": {

8
CVE-2025/CVE-2025-252xx/CVE-2025-25265.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-25265",
"sourceIdentifier": "info@cert.vde.com",
"published": "2025-06-16T10:15:20.807",
"lastModified": "2025-06-16T10:15:20.807",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A web application for configuring the controller is accessible at a specific path. It contains an endpoint that allows an unauthenticated remote attacker to read files from the system\u2019s file structure."
},
{
"lang": "es",
"value": "Se puede acceder a una aplicaci\u00f3n web para configurar el controlador en una ruta espec\u00edfica. Contiene un endpoint que permite a un atacante remoto no autenticado leer archivos de la estructura de archivos del sistema."
}
],
"metrics": {

4
CVE-2025/CVE-2025-276xx/CVE-2025-27689.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27689",
"sourceIdentifier": "security_alert@emc.com",
"published": "2025-06-12T21:15:20.113",
"lastModified": "2025-06-12T21:15:20.113",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-27xx/CVE-2025-2745.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-2745",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-06-12T20:15:21.040",
"lastModified": "2025-06-12T20:15:21.040",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-283xx/CVE-2025-28380.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-28380",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T14:15:20.030",
"lastModified": "2025-06-15T17:15:18.007",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site-scripting (XSS) en OpenC3 COSMOS v6.0.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante la inyecci\u00f3n de un payload manipulado en el par\u00e1metro URL."
}
],
"metrics": {

8
CVE-2025/CVE-2025-283xx/CVE-2025-28381.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-28381",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T14:15:20.177",
"lastModified": "2025-06-13T16:15:25.227",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers."
},
{
"lang": "es",
"value": "Una fuga de credenciales en OpenC3 COSMOS v6.0.0 permite a los atacantes acceder a las credenciales de servicio como variables de entorno almacenadas en todos los contenedores."
}
],
"metrics": {

8
CVE-2025/CVE-2025-283xx/CVE-2025-28382.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-28382",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T14:15:20.440",
"lastModified": "2025-06-13T18:15:20.677",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal."
},
{
"lang": "es",
"value": "Un problema en el endpoint openc3-api/tables de OpenC3 COSMOS 6.0.0 permite a los atacantes ejecutar un directory traversal."
}
],
"metrics": {

8
CVE-2025/CVE-2025-283xx/CVE-2025-28384.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-28384",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T14:15:20.590",
"lastModified": "2025-06-13T18:15:21.510",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal."
},
{
"lang": "es",
"value": "Un problema en el endpoint /script-api/scripts/ de OpenC3 COSMOS 6.0.0 permite a los atacantes ejecutar un directory traversal."
}
],
"metrics": {

8
CVE-2025/CVE-2025-283xx/CVE-2025-28386.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-28386",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T14:15:20.713",
"lastModified": "2025-06-13T14:15:20.713",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en el componente de administraci\u00f3n de complementos de OpenC3 COSMOS v6.0.0 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la carga de un archivo .txt manipulado."
}
],
"metrics": {},

8
CVE-2025/CVE-2025-283xx/CVE-2025-28388.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-28388",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T14:15:20.883",
"lastModified": "2025-06-13T16:15:25.387",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que OpenC3 COSMOS v6.0.0 conten\u00eda credenciales codificadas para la cuenta de servicio."
}
],
"metrics": {

8
CVE-2025/CVE-2025-283xx/CVE-2025-28389.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-28389",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T14:15:21.010",
"lastModified": "2025-06-13T16:15:25.550",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack."
},
{
"lang": "es",
"value": "Los requisitos de contrase\u00f1a d\u00e9biles en OpenC3 COSMOS v6.0.0 permiten a los atacantes eludir la autenticaci\u00f3n mediante un ataque de fuerza bruta."
}
],
"metrics": {

4
CVE-2025/CVE-2025-297xx/CVE-2025-29744.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-29744",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-12T16:15:22.727",
"lastModified": "2025-06-12T16:15:22.727",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-299xx/CVE-2025-29902.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-29902",
"sourceIdentifier": "psirt@bosch.com",
"published": "2025-06-13T10:15:20.693",
"lastModified": "2025-06-13T10:15:20.693",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-303xx/CVE-2025-30399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-30399",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-13T02:15:23.430",
"lastModified": "2025-06-13T02:15:23.430",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-32xx/CVE-2025-3234.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-3234",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T06:15:18.117",
"lastModified": "2025-06-14T06:15:18.117",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The File Manager Pro \u2013 Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.8.8. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Administrators have the ability to extend file manager usage privileges to lower-level users including subscribers, which would make this vulnerability more severe on such sites."
},
{
"lang": "es",
"value": "El complemento File Manager Pro \u2013 Filester para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en todas las versiones hasta la 1.8.8 incluida. Esto permite que atacantes autenticados, con acceso de administrador o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo. Los administradores pueden extender los privilegios de uso del administrador de archivos a usuarios de nivel inferior, incluidos los suscriptores, lo que agravar\u00eda esta vulnerabilidad en dichos sitios."
}
],
"metrics": {

8
CVE-2025/CVE-2025-331xx/CVE-2025-33108.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-33108",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-14T01:15:19.800",
"lastModified": "2025-06-14T01:15:19.800",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system."
},
{
"lang": "es",
"value": "IBM Backup, Recovery and Media Services para i 7.4 y 7.5 podr\u00edan permitir que un usuario con la capacidad de compilar o restaurar un programa obtuviera privilegios elevados debido a una llamada no cualificada a una librer\u00eda realizada por un programa BRMS. Un agente malicioso podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo controlado por el usuario con acceso a componentes del sistema operativo host."
}
],
"metrics": {

8
CVE-2025/CVE-2025-34xx/CVE-2025-3464.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-3464",
"sourceIdentifier": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"published": "2025-06-16T09:15:19.233",
"lastModified": "2025-06-16T09:15:19.233",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass.\nRefer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en Armoury Crate. Esta vulnerabilidad se debe a un problema de tiempo de uso y tiempo de comprobaci\u00f3n, que podr\u00eda provocar la omisi\u00f3n de la autenticaci\u00f3n. Consulta la secci\u00f3n \"Actualizaci\u00f3n de seguridad para la app Armoury Crate\" en el Aviso de seguridad de ASUS para obtener m\u00e1s informaci\u00f3n."
}
],
"metrics": {

8
CVE-2025/CVE-2025-360xx/CVE-2025-36041.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-36041",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-15T13:15:33.177",
"lastModified": "2025-06-15T13:15:33.177",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions."
},
{
"lang": "es",
"value": "IBM MQ Operator LTS 2.0.0 a 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 a 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 a 3.5.3 y MQ Operator SC2 3.2.0 a 3.2.12 Native HA CRR podr\u00edan configurarse con una clave privada y una cadena distinta a la clave prevista, lo que podr\u00eda revelar informaci\u00f3n confidencial o permitir que el atacante realice acciones no autorizadas."
}
],
"metrics": {

4
CVE-2025/CVE-2025-365xx/CVE-2025-36506.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-36506",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-06-13T09:15:19.223",
"lastModified": "2025-06-13T09:15:19.223",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-365xx/CVE-2025-36539.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-36539",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-06-12T20:15:21.250",
"lastModified": "2025-06-12T20:15:21.250",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-365xx/CVE-2025-36573.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-36573",
"sourceIdentifier": "security_alert@emc.com",
"published": "2025-06-12T16:15:23.003",
"lastModified": "2025-06-12T16:15:23.003",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-366xx/CVE-2025-36631.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-36631",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2025-06-13T15:15:19.627",
"lastModified": "2025-06-13T15:15:19.627",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege."
},
{
"lang": "es",
"value": "En versiones de Tenable Agent anteriores a 10.8.5 en un host Windows, se descubri\u00f3 que un usuario no administrativo pod\u00eda sobrescribir archivos arbitrarios del sistema local con contenido de registro con privilegio SYSTEM."
}
],
"metrics": {

8
CVE-2025/CVE-2025-366xx/CVE-2025-36633.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-36633",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2025-06-13T15:15:20.183",
"lastModified": "2025-06-13T15:15:20.183",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation."
},
{
"lang": "es",
"value": "En versiones de Tenable Agent anteriores a 10.8.5 en un host Windows, se descubri\u00f3 que un usuario no administrativo pod\u00eda eliminar arbitrariamente archivos del sistema local con privilegios de SYSTEM, lo que potencialmente pod\u00eda provocar una escalada de privilegios locales."
}
],
"metrics": {

4
CVE-2025/CVE-2025-392xx/CVE-2025-39240.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-39240",
"sourceIdentifier": "hsrc@hikvision.com",
"published": "2025-06-13T08:15:19.377",
"lastModified": "2025-06-13T08:15:19.377",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-407xx/CVE-2025-40726.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-40726",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2025-06-16T09:15:19.427",
"lastModified": "2025-06-16T09:15:19.427",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross-Site Scripting (XSS) vulnerability in /pages/search-results-page in Nosto, which allows remote attackers to execute arbitrary code via the q GET request parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejado en /pages/search-results-page en Nosto, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de solicitud GET q."
}
],
"metrics": {

8
CVE-2025/CVE-2025-407xx/CVE-2025-40727.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-40727",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2025-06-16T09:15:19.587",
"lastModified": "2025-06-16T09:15:19.587",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search'\u00a0in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's'\u00a0GET parameter."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de Cross Site Scripting (XSS) Reflejado en '/search' en Phoenix Site CMS de Phoenix, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro GET 's'."
}
],
"metrics": {

8
CVE-2025/CVE-2025-407xx/CVE-2025-40728.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-40728",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2025-06-16T09:15:19.733",
"lastModified": "2025-06-16T09:15:19.733",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Customer Support System v1.0. This vulnerability allows an authenticated attacker to retrieve, create, update and delete databases via the id parameter in the /customer_support/manage_user.php endpoint."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Customer Support System v1.0. Esta vulnerabilidad permite a un atacante autenticado recuperar, crear, actualizar y eliminar bases de datos mediante el par\u00e1metro id en el endpoint /customer_support/manage_user.php."
}
],
"metrics": {

8
CVE-2025/CVE-2025-407xx/CVE-2025-40729.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-40729",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2025-06-16T09:15:19.873",
"lastModified": "2025-06-16T09:15:19.873",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) Reflejado en /customer_support/index.php en Customer Support System v1.0, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de p\u00e1gina."
}
],
"metrics": {

8
CVE-2025/CVE-2025-409xx/CVE-2025-40916.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-40916",
"sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"published": "2025-06-16T11:15:17.793",
"lastModified": "2025-06-16T11:15:17.793",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.\n\nThat version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure."
},
{
"lang": "es",
"value": "La versi\u00f3n 1.05 de Mojolicious::Plugin::CaptchaPNG para Perl utiliza una fuente de n\u00fameros aleatorios d\u00e9bil para generar el captcha. Esta versi\u00f3n utiliza la funci\u00f3n rand() integrada para generar el texto del captcha, as\u00ed como el ruido de la imagen, lo cual es inseguro."
}
],
"metrics": {},

4
CVE-2025/CVE-2025-412xx/CVE-2025-41233.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-41233",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-12T22:15:20.560",
"lastModified": "2025-06-12T22:15:20.560",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-412xx/CVE-2025-41234.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-41234",
"sourceIdentifier": "security@vmware.com",
"published": "2025-06-12T22:15:21.090",
"lastModified": "2025-06-12T22:15:21.090",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-41xx/CVE-2025-4187.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-4187",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:22.050",
"lastModified": "2025-06-14T09:15:22.050",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UserPro - Community and User Profile WordPress Plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 5.1.10 via the userpro_fbconnect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information."
},
{
"lang": "es",
"value": "El complemento UserPro - Community and User Profile WordPress Plugin para WordPress es vulnerable a la navegaci\u00f3n de directorios en todas las versiones hasta la 5.1.10 incluida, a trav\u00e9s de la funci\u00f3n userpro_fbconnect(). Esto permite a atacantes no autenticados leer el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial."
}
],
"metrics": {

8
CVE-2025/CVE-2025-42xx/CVE-2025-4200.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-4200",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:22.990",
"lastModified": "2025-06-14T09:15:22.990",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1 via the load_view() function that is called via at least three AJAX actions: 'load_more_post', 'load_shop', and 'load_more_product. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."
},
{
"lang": "es",
"value": "El tema Zagg - Electronics & Accessories WooCommerce WordPress Theme para WordPress es vulnerable a la Inclusi\u00f3n Local de Archivos en todas las versiones hasta la 1.4.1 incluida, a trav\u00e9s de la funci\u00f3n load_view(), que se invoca mediante al menos tres acciones AJAX: 'load_more_post', 'load_shop' y 'load_more_product'. Esto permite a atacantes no autenticados incluir y ejecutar archivos arbitrarios en el servidor, permitiendo la ejecuci\u00f3n de cualquier c\u00f3digo PHP en dichos archivos. Esto puede utilizarse para eludir los controles de acceso, obtener datos confidenciales o ejecutar c\u00f3digo cuando se pueden subir e incluir im\u00e1genes y otros tipos de archivos \"seguros\"."
}
],
"metrics": {

8
CVE-2025/CVE-2025-42xx/CVE-2025-4216.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-4216",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:23.160",
"lastModified": "2025-06-14T09:15:23.160",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DIOT SCADA with MQTT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'diot' shortcode in all versions up to, and including, 1.0.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento DIOT SCADA con MQTT para WordPress es vulnerable a cross-site-scripting almacenado a trav\u00e9s del shortcode \"diot\" del complemento en todas las versiones hasta la 1.0.5.1 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."
}
],
"metrics": {

4
CVE-2025/CVE-2025-42xx/CVE-2025-4227.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4227",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2025-06-13T06:15:22.253",
"lastModified": "2025-06-13T06:15:22.253",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-42xx/CVE-2025-4228.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4228",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2025-06-13T00:15:23.233",
"lastModified": "2025-06-13T00:15:23.233",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-42xx/CVE-2025-4229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4229",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2025-06-13T06:15:22.490",
"lastModified": "2025-06-13T06:15:22.490",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-42xx/CVE-2025-4230.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4230",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2025-06-13T00:15:23.380",
"lastModified": "2025-06-13T00:15:23.380",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-42xx/CVE-2025-4231.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4231",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2025-06-13T00:15:23.533",
"lastModified": "2025-06-13T00:15:23.533",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-42xx/CVE-2025-4232.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4232",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2025-06-13T00:15:23.697",
"lastModified": "2025-06-13T00:15:23.697",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-42xx/CVE-2025-4233.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4233",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2025-06-12T23:15:21.983",
"lastModified": "2025-06-12T23:15:21.983",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-438xx/CVE-2025-43863.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-43863",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-06-12T18:15:20.533",
"lastModified": "2025-06-12T18:15:20.533",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-438xx/CVE-2025-43866.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-43866",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-06-12T18:15:20.713",
"lastModified": "2025-06-12T18:15:20.713",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-440xx/CVE-2025-44019.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-44019",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-06-12T20:15:21.420",
"lastModified": "2025-06-12T20:15:21.420",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-440xx/CVE-2025-44091.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-44091",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-12T21:15:21.347",
"lastModified": "2025-06-13T16:15:25.863",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-44xx/CVE-2025-4417.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4417",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-06-12T20:15:21.760",
"lastModified": "2025-06-12T20:15:21.760",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-44xx/CVE-2025-4418.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4418",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-06-12T20:15:21.943",
"lastModified": "2025-06-12T20:15:21.943",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-459xx/CVE-2025-45984.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-45984",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T12:15:33.217",
"lastModified": "2025-06-13T15:15:20.423",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-459xx/CVE-2025-45985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-45985",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T12:15:34.053",
"lastModified": "2025-06-13T15:15:20.580",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-459xx/CVE-2025-45986.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-45986",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T12:15:34.167",
"lastModified": "2025-06-13T15:15:20.747",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-459xx/CVE-2025-45987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-45987",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T12:15:34.280",
"lastModified": "2025-06-13T15:15:20.947",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-459xx/CVE-2025-45988.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-45988",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T12:15:34.403",
"lastModified": "2025-06-13T15:15:21.097",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-45xx/CVE-2025-4584.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4584",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-13T03:15:51.420",
"lastModified": "2025-06-13T03:15:51.420",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-45xx/CVE-2025-4585.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4585",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-13T03:15:51.583",
"lastModified": "2025-06-13T03:15:51.583",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-45xx/CVE-2025-4586.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-4586",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-13T03:15:51.710",
"lastModified": "2025-06-13T03:15:51.710",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-45xx/CVE-2025-4592.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-4592",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T09:15:23.333",
"lastModified": "2025-06-14T09:15:23.333",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AI Image Lab \u2013 Free AI Image Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the 'wpz-ai-images' page. This makes it possible for unauthenticated attackers to update the plugin's API key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento AI Image Lab \u2013 Free AI Image Generator para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.0.6 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la p\u00e1gina 'wpz-ai-images'. Esto permite que atacantes no autenticados actualicen la clave API del complemento mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

4
CVE-2025/CVE-2025-460xx/CVE-2025-46035.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-46035",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-12T16:15:23.167",
"lastModified": "2025-06-12T16:15:23.167",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-460xx/CVE-2025-46060.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-46060",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T13:15:21.187",
"lastModified": "2025-06-13T16:15:26.030",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component"
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento de b\u00fafer en TOTOLINK N600R v4.3.0cu.7866_B2022506 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del componente UPLOAD_FILENAME"
}
],
"metrics": {

8
CVE-2025/CVE-2025-460xx/CVE-2025-46096.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-46096",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-13T13:15:21.710",
"lastModified": "2025-06-13T16:15:26.193",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component"
},
{
"lang": "es",
"value": "La vulnerabilidad de Directory Traversal en solon v.3.1.2 permite que un atacante remoto realice ataques XSS a trav\u00e9s del componente solon-faas-luffy"
}
],
"metrics": {

33
CVE-2025/CVE-2025-467xx/CVE-2025-46710.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-46710",
"sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"published": "2025-06-16T12:15:19.453",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Possible kernel exceptions caused by reading and writing kernel heap data after free."
}
],
"metrics": {},
"weaknesses": [
{
"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/",
"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce"
}
]
}

4
CVE-2025/CVE-2025-467xx/CVE-2025-46783.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-46783",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-06-13T09:15:19.620",
"lastModified": "2025-06-13T09:15:19.620",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-46xx/CVE-2025-4667.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-4667",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-14T10:15:18.853",
"lastModified": "2025-06-14T10:15:18.853",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ssa_admin_upcoming_appointments, ssa_admin_upcoming_appointments, and ssa_past_appointments shortcodes in all versions up to, and including, 1.6.8.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Appointment Booking Calendar \u2014 Simply Schedule Appointments Booking Plugin para WordPress es vulnerable a cross-site-scripting almacenado a trav\u00e9s de los shortcodes ssa_admin_upcoming_appointments, ssa_admin_upcoming_appointments y ssa_past_appointments en todas las versiones hasta la 1.6.8.30 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2025/CVE-2025-478xx/CVE-2025-47868.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-47868",
"sourceIdentifier": "security@apache.org",
"published": "2025-06-16T11:15:18.437",
"lastModified": "2025-06-16T11:15:18.437",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation).\n\nThis issue affects Apache NuttX: from 6.9 before 12.9.0.\n\nUsers are recommended to upgrade to version 12.9.0, which fixes the issue."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar un desbordamiento de b\u00fafer basado en el mont\u00f3n en la utilidad de conversi\u00f3n de fuentes tools/bdf-converter, que forma parte del repositorio de Apache NuttX RTOS. Este programa independiente es opcional y no forma parte de NuttX RTOS ni del entorno de ejecuci\u00f3n de aplicaciones, pero los usuarios activos de bdf-converter pueden verse afectados cuando esta herramienta se expone a datos de usuario externos (es decir, automatizaci\u00f3n p\u00fablica). Este problema afecta a Apache NuttX desde la versi\u00f3n 6.9 hasta la 12.9.0. Se recomienda actualizar a la versi\u00f3n 12.9.0, que soluciona el problema."
}
],
"metrics": {},

8
CVE-2025/CVE-2025-478xx/CVE-2025-47869.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-47869",
"sourceIdentifier": "security@apache.org",
"published": "2025-06-16T11:15:18.590",
"lastModified": "2025-06-16T11:15:18.590",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1.\n\nThis issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0.\n\nUsers of XMLRPC in Apache NuttX RTOS are advised to review their code \nfor this pattern and update buffer sizes as presented in the version of \nthe example in release 12.9.0."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de restricci\u00f3n incorrecta de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en la aplicaci\u00f3n Apache NuttX RTOS apps/exapmles/xmlrpc. En esta aplicaci\u00f3n de ejemplo, la estructura de estad\u00edsticas del dispositivo, que almacenaba par\u00e1metros proporcionados remotamente, ten\u00eda un tama\u00f1o de b\u00fafer codificado, lo que pod\u00eda provocar un desbordamiento del b\u00fafer. Los b\u00faferes de los miembros de la estructura se actualizaron a un tama\u00f1o v\u00e1lido de CONFIG_XMLRPC_STRINGSIZE+1. Este problema afecta a los usuarios de Apache NuttX RTOS que hayan usado o basado su c\u00f3digo en la aplicaci\u00f3n de ejemplo presentada en versiones anteriores a la 6.22 y anteriores a la 12.9.0. Se recomienda a los usuarios de XMLRPC en Apache NuttX RTOS que revisen su c\u00f3digo para detectar este patr\u00f3n y actualicen los tama\u00f1os de b\u00fafer seg\u00fan la versi\u00f3n del ejemplo en la versi\u00f3n 12.9.0."
}
],
"metrics": {},

4
CVE-2025/CVE-2025-479xx/CVE-2025-47959.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-47959",
"sourceIdentifier": "secure@microsoft.com",
"published": "2025-06-13T02:15:29.180",
"lastModified": "2025-06-13T02:15:29.180",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-47xx/CVE-2025-4748.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-4748",
"sourceIdentifier": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"published": "2025-06-16T11:15:18.730",
"lastModified": "2025-06-16T11:15:18.730",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2\u00a0unless the memory option is passed.\n\nThis issue affects OTP from OTP 17.0 until OTP\u00a028.0.1, OTP\u00a027.3.4.1 and OTP\u00a026.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4."
},
{
"lang": "es",
"value": "La vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en Erlang OTP (m\u00f3dulos stdlib) permite Absolute Path Traversal y la manipulaci\u00f3n de archivos. Esta vulnerabilidad est\u00e1 asociada a los archivos de programa lib/stdlib/src/zip.erl y a las rutinas zip:unzip/1, zip:unzip/2, zip:extract/1 y zip:extract/2, a menos que se utilice la opci\u00f3n de memoria. Este problema afecta a OTP desde OTP 17.0 hasta OTP 28.0.1, OTP 27.3.4.1 y OTP 26.2.5.13, correspondientes a stdlib desde 2.0 hasta 7.0.1, 6.2.2.1 y 5.2.3.4."
}
],
"metrics": {

4
CVE-2025/CVE-2025-488xx/CVE-2025-48825.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-48825",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-06-13T09:15:19.937",
"lastModified": "2025-06-13T09:15:19.937",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-489xx/CVE-2025-48914.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-48914",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-06-13T16:15:26.457",
"lastModified": "2025-06-13T19:15:21.317",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal COOKiES Consent Management permite Cross-Site Scripting (XSS). Este problema afecta a COOKiES Consent Management: desde la versi\u00f3n 0.0.0 hasta la 1.2.15."
}
],
"metrics": {

8
CVE-2025/CVE-2025-489xx/CVE-2025-48915.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-48915",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-06-13T16:15:26.580",
"lastModified": "2025-06-13T19:15:21.470",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal COOKiES Consent Management permite Cross-Site Scripting (XSS). Este problema afecta a COOKiES Consent Management: desde la versi\u00f3n 0.0.0 hasta la 1.2.15."
}
],
"metrics": {

8
CVE-2025/CVE-2025-489xx/CVE-2025-48916.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-48916",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-06-13T16:15:26.790",
"lastModified": "2025-06-13T18:15:21.870",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13."
},
{
"lang": "es",
"value": "La vulnerabilidad de autorizaci\u00f3n faltante en Drupal Bookable Calendar permite la navegaci\u00f3n forzada. Este problema afecta a Bookable Calendar: desde la versi\u00f3n 0.0.0 hasta la 2.2.13."
}
],
"metrics": {

8
CVE-2025/CVE-2025-489xx/CVE-2025-48917.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-48917",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-06-13T16:15:26.930",
"lastModified": "2025-06-13T17:15:21.713",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal EU Cookie Compliance (GDPR Compliance) allows Cross-Site Scripting (XSS).This issue affects EU Cookie Compliance (GDPR Compliance): from 0.0.0 before 1.26.0."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal EU Cookie Compliance (GDPR Compliance) permite Cross-Site Scripting (XSS). Este problema afecta a EU Cookie Compliance (GDPR Compliance): desde la versi\u00f3n 0.0.0 hasta la 1.26.0."
}
],
"metrics": {

8
CVE-2025/CVE-2025-489xx/CVE-2025-48918.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-48918",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-06-13T16:15:27.053",
"lastModified": "2025-06-13T18:15:22.020",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal Simple Klaro permite Cross-Site Scripting (XSS). Este problema afecta a Simple Klaro: desde la versi\u00f3n 0.0.0 hasta la 1.10.0."
}
],
"metrics": {

8
CVE-2025/CVE-2025-489xx/CVE-2025-48919.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-48919",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-06-13T16:15:27.177",
"lastModified": "2025-06-13T17:15:22.757",
"vulnStatus": "Received",
"lastModified": "2025-06-16T12:32:18.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal Simple Klaro permite Cross-Site Scripting (XSS). Este problema afecta a Simple Klaro: desde la versi\u00f3n 0.0.0 hasta la 1.10.0."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More