admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-15T22:00:21.084397+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-15 22:03:59 +00:00
parent 1316b755df
commit 5f2888ed38
159 changed files with 8043 additions and 515 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2020/CVE-2020-182xx/CVE-2020-18243.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-18243",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T16:15:17.777",
"lastModified": "2025-04-15T18:39:27.967",
"lastModified": "2025-04-15T20:15:29.707",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "SQL injection vulnerability found in Enricozab CMS v.1.0 allows a remote attacker to execute arbitrary code via /hdo/hdo-view-case.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/enricozab/CMS/issues/1",

12
CVE-2022/CVE-2022-244xx/CVE-2022-24431.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24431",
"sourceIdentifier": "report@snyk.io",
"published": "2022-12-21T05:15:11.123",
"lastModified": "2024-11-21T06:50:24.457",
"lastModified": "2025-04-15T20:15:35.433",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-258xx/CVE-2022-25893.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25893",
"sourceIdentifier": "report@snyk.io",
"published": "2022-12-21T05:15:11.220",
"lastModified": "2024-11-21T06:53:10.577",
"lastModified": "2025-04-15T20:15:35.633",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-471"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-263xx/CVE-2022-26385.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-26385",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:21.923",
"lastModified": "2024-11-21T06:53:53.500",
"lastModified": "2025-04-15T21:15:45.007",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-263xx/CVE-2022-26386.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-26386",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:22.137",
"lastModified": "2024-11-21T06:53:53.593",
"lastModified": "2025-04-15T21:15:45.963",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-377"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-263xx/CVE-2022-26387.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-26387",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:22.340",
"lastModified": "2024-11-21T06:53:53.700",
"lastModified": "2025-04-15T21:15:46.117",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-367"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-282xx/CVE-2022-28281.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28281",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:23.023",
"lastModified": "2024-11-21T06:57:06.293",
"lastModified": "2025-04-15T21:15:46.270",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-282xx/CVE-2022-28282.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28282",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:23.430",
"lastModified": "2024-11-21T06:57:06.423",
"lastModified": "2025-04-15T20:15:35.830",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-299xx/CVE-2022-29912.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29912",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:26.010",
"lastModified": "2024-11-21T06:59:57.680",
"lastModified": "2025-04-15T20:15:36.013",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-601"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-299xx/CVE-2022-29913.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29913",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:26.203",
"lastModified": "2024-11-21T06:59:57.790",
"lastModified": "2025-04-15T20:15:36.187",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-299xx/CVE-2022-29914.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29914",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:26.397",
"lastModified": "2024-11-21T06:59:57.913",
"lastModified": "2025-04-15T20:15:36.377",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-344xx/CVE-2022-34472.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-34472",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:31.723",
"lastModified": "2024-11-21T07:09:38.383",
"lastModified": "2025-04-15T20:15:36.803",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-703"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-344xx/CVE-2022-34473.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-34473",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:31.917",
"lastModified": "2024-11-21T07:09:38.520",
"lastModified": "2025-04-15T20:15:37.010",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-344xx/CVE-2022-34474.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-34474",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:32.117",
"lastModified": "2024-11-21T07:09:38.643",
"lastModified": "2025-04-15T20:15:37.203",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-601"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-344xx/CVE-2022-34475.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-34475",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:32.307",
"lastModified": "2024-11-21T07:09:38.767",
"lastModified": "2025-04-15T20:15:37.370",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

16
CVE-2022/CVE-2022-438xx/CVE-2022-43840.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-43840",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-04-14T21:15:16.200",
"lastModified": "2025-04-15T18:39:27.967",
"lastModified": "2025-04-15T21:15:46.440",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-643"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7169766",

12
CVE-2022/CVE-2022-446xx/CVE-2022-44643.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44643",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-20T15:15:11.780",
"lastModified": "2024-11-21T07:28:15.233",
"lastModified": "2025-04-15T20:15:37.970",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

52
CVE-2023/CVE-2023-256xx/CVE-2023-25699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25699",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-03T13:15:59.923",
"lastModified": "2024-11-21T07:49:57.770",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-04-15T21:08:51.860",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:videowhisper:videowhisper_live_streaming_integration:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.5.16",
"matchCriteriaId": "37D16760-4C6E-4945-AFDE-956BA448B884"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/videowhisper-live-streaming-integration/wordpress-broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-plugin-5-5-15-remote-code-execution-rce?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/videowhisper-live-streaming-integration/wordpress-broadcast-live-video-live-streaming-html5-webrtc-hls-rtsp-rtmp-plugin-5-5-15-remote-code-execution-rce?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-259xx/CVE-2023-25966.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25966",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-09T13:15:24.370",
"lastModified": "2024-12-09T13:15:24.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-15T20:49:05.790",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ninjateam:filebird:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.1.5",
"matchCriteriaId": "39ECEEA4-A26A-4190-B324-0DBBCC91E883"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/filebird/vulnerability/wordpress-filebird-plugin-5-1-4-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-483xx/CVE-2023-48319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48319",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-17T09:15:13.873",
"lastModified": "2024-11-21T08:31:28.970",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-04-15T20:56:20.810",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -49,16 +69,50 @@
"value": "CWE-269"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salonbookingsystem:salon_booking_system:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "8.7",
"matchCriteriaId": "4E7A8DEA-09F7-4E2B-BD35-128C5294EBA2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/salon-booking-system/wordpress-salon-booking-system-plugin-8-7-editor-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/salon-booking-system/wordpress-salon-booking-system-plugin-8-7-editor-privilege-escalation-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-515xx/CVE-2023-51525.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51525",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-15T14:15:07.457",
"lastModified": "2024-11-21T21:15:15.553",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-15T21:13:12.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpsimplebookingcalendar:wp_simple_booking_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.8.4",
"matchCriteriaId": "81186547-1133-47E5-8E80-C23F193F8273"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-simple-booking-calendar/wordpress-wp-simple-booking-calendar-plugin-2-0-8-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/wp-simple-booking-calendar/wordpress-wp-simple-booking-calendar-plugin-2-0-8-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

39
CVE-2023/CVE-2023-56xx/CVE-2023-5616.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5616",
"sourceIdentifier": "security@ubuntu.com",
"published": "2025-04-15T19:16:06.647",
"lastModified": "2025-04-15T19:16:06.647",
"lastModified": "2025-04-15T21:15:46.583",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.4,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"references": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577",

52
CVE-2024/CVE-2024-271xx/CVE-2024-27193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27193",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-15T13:15:09.043",
"lastModified": "2024-11-21T09:04:04.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-15T21:12:22.507",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce:payu_india_payment_gateway:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.8.2",
"matchCriteriaId": "42779C4A-AF4C-4D32-B3E2-66A3FEE00C50"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/payu-india/wordpress-payu-india-plugin-3-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/payu-india/wordpress-payu-india-plugin-3-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-271xx/CVE-2024-27196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27196",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-15T13:15:09.277",
"lastModified": "2024-11-21T09:04:04.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-15T21:12:42.587",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jmash:postmash:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.0",
"matchCriteriaId": "B78E6213-BC1E-4AA9-8E3B-62B6907E42BD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/postmash/wordpress-postmash-custom-post-order-plugin-1-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/postmash/wordpress-postmash-custom-post-order-plugin-1-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-304xx/CVE-2024-30477.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30477",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-29T16:15:09.687",
"lastModified": "2024-11-21T09:12:00.047",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-04-15T21:08:30.220",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:klarna:klarna_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.4",
"matchCriteriaId": "9ECBEE8C-A94C-451C-9BAF-4717C0008560"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/klarna-payments-for-woocommerce/wordpress-klarna-payments-for-woocommerce-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/klarna-payments-for-woocommerce/wordpress-klarna-payments-for-woocommerce-plugin-3-2-4-broken-access-control-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-304xx/CVE-2024-30482.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30482",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-29T16:15:09.943",
"lastModified": "2024-11-21T09:12:00.690",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-04-15T21:11:59.110",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:b-website:simple_revisions_delete:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.3",
"matchCriteriaId": "78BDAE16-A8FA-4AAB-8455-3A6A07AE7024"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-revisions-delete/wordpress-simple-revisions-delete-plugin-1-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/simple-revisions-delete/wordpress-simple-revisions-delete-plugin-1-5-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-310xx/CVE-2024-31099.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31099",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-01T14:15:07.517",
"lastModified": "2024-11-21T09:12:51.237",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-04-15T21:11:00.347",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:depicter:shortcodes_and_extra_features_for_phlox_theme:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.15.7",
"matchCriteriaId": "DD6DB8A2-8870-4057-A294-66D52EF48745"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/auxin-elements/wordpress-phlox-core-elements-plugin-2-15-5-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/auxin-elements/wordpress-phlox-core-elements-plugin-2-15-5-broken-access-control-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-336xx/CVE-2024-33651.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33651",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-26T08:15:13.370",
"lastModified": "2024-11-21T09:17:19.423",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-15T20:02:09.200",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.1",
"matchCriteriaId": "9A95FA02-9E77-43CF-8A55-E9C907928ED7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/mf-gig-calendar/wordpress-mf-gig-calendar-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-351xx/CVE-2024-35166.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35166",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-05-14T15:39:40.047",
"lastModified": "2024-11-21T09:19:51.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-15T20:56:04.463",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,16 +69,50 @@
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ninjateam:filebird:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.6.4",
"matchCriteriaId": "FB9EE551-2AD2-44AA-9AC1-969D9C7DB9C0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/filebird/wordpress-filebird-wordpress-media-library-folders-file-manager-plugin-5-6-3-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/filebird/wordpress-filebird-wordpress-media-library-folders-file-manager-plugin-5-6-3-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-368xx/CVE-2024-36842.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36842",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T16:15:23.187",
"lastModified": "2025-04-15T18:39:27.967",
"lastModified": "2025-04-15T20:15:38.160",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/abbiy/Backdooring-Oncord-Android-Sterio-/blob/main/README.md",

29
CVE-2024/CVE-2024-448xx/CVE-2024-44843.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-44843",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T21:15:46.730",
"lastModified": "2025-04-15T21:15:46.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Badranh/94359664799db6d4709871f0c353f476",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/steve-community/steve/blob/master/src/main/java/de/rwth/idsg/steve/ocpp/ws/OcppWebSocketHandshakeHandler.java",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/steve-community/steve/issues/1546",
"source": "cve@mitre.org"
}
]
}

32
CVE-2024/CVE-2024-534xx/CVE-2024-53481.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53481",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-10T20:15:21.033",
"lastModified": "2024-12-10T21:15:20.003",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-04-15T20:35:16.203",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:beauty_parlour_management_system:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0663F5C-7E50-4432-817D-518802751580"
}
]
}
]
}
],
"references": [
{
"url": "http://phpgurukul.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/sbksibi/CVEs/blob/main/CVE-2024-53481.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-538xx/CVE-2024-53825.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53825",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-06T14:15:24.937",
"lastModified": "2024-12-06T14:15:24.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-15T20:55:02.877",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ninjateam:filebird:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "6.3.2",
"matchCriteriaId": "52096E92-C169-4B06-8D81-6C548BAAAB91"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/filebird/vulnerability/wordpress-filebird-lite-plugin-6-3-2-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-542xx/CVE-2024-54211.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54211",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-12-06T14:15:26.093",
"lastModified": "2024-12-06T14:15:26.093",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-04-15T20:35:50.483",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:visualmodo:borderless:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.5.9",
"matchCriteriaId": "5A24B672-E9EC-4B65-9988-141268C3090D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/borderless/vulnerability/wordpress-borderless-widgets-elements-templates-and-toolkit-for-elementor-gutenberg-plugin-1-5-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

26
CVE-2024/CVE-2024-571xx/CVE-2024-57159.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57159",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-16T16:15:32.700",
"lastModified": "2025-03-13T14:15:33.960",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-15T20:09:13.510",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:07fly:07flycms:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E565AA-68C6-429F-BC02-0680396BD9A3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/1091101/yang.xian/tree/main/6/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

26
CVE-2024/CVE-2024-576xx/CVE-2024-57611.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57611",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-16T16:15:33.893",
"lastModified": "2025-02-03T19:15:13.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-15T20:09:27.233",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:07fly:07flycms:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E565AA-68C6-429F-BC02-0680396BD9A3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/daodaoshao/Yunpeng-Yin/tree/main/7/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

14
CVE-2025/CVE-2025-05xx/CVE-2025-0539.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-0539",
"sourceIdentifier": "security@octopus.com",
"published": "2025-04-10T06:15:53.133",
"lastModified": "2025-04-11T15:40:10.277",
"lastModified": "2025-04-15T21:15:46.847",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -61,6 +61,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://advisories.octopus.com/post/2025/sa2025-06",

25
CVE-2025/CVE-2025-11xx/CVE-2025-1122.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-1122",
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"published": "2025-04-15T20:15:38.317",
"lastModified": "2025-04-15T20:15:38.317",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nbypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process."
}
],
"metrics": {},
"references": [
{
"url": "https://issues.chromium.org/issues/b/324336238",
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"
},
{
"url": "https://issuetracker.google.com/issues/324336238",
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"
}
]
}

56
CVE-2025/CVE-2025-12xx/CVE-2025-1273.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-1273",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2025-04-15T21:15:46.960",
"lastModified": "2025-04-15T21:15:46.960",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003",
"source": "psirt@autodesk.com"
}
]
}

56
CVE-2025/CVE-2025-12xx/CVE-2025-1274.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-1274",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2025-04-15T21:15:47.083",
"lastModified": "2025-04-15T21:15:47.083",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0007",
"source": "psirt@autodesk.com"
}
]
}

56
CVE-2025/CVE-2025-12xx/CVE-2025-1275.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-1275",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2025-04-15T21:15:47.197",
"lastModified": "2025-04-15T21:15:47.197",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0006",
"source": "psirt@autodesk.com"
}
]
}

56
CVE-2025/CVE-2025-12xx/CVE-2025-1276.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-1276",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2025-04-15T21:15:47.320",
"lastModified": "2025-04-15T21:15:47.320",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004",
"source": "psirt@autodesk.com"
}
]
}

56
CVE-2025/CVE-2025-12xx/CVE-2025-1277.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-1277",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2025-04-15T21:15:47.443",
"lastModified": "2025-04-15T21:15:47.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003",
"source": "psirt@autodesk.com"
}
]
}

25
CVE-2025/CVE-2025-12xx/CVE-2025-1292.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-1292",
"sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f",
"published": "2025-04-15T20:15:38.410",
"lastModified": "2025-04-15T20:15:38.410",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nbypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process."
}
],
"metrics": {},
"references": [
{
"url": "https://issues.chromium.org/issues/b/324336238",
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"
},
{
"url": "https://issuetracker.google.com/issues/324336238",
"source": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f"
}
]
}

56
CVE-2025/CVE-2025-16xx/CVE-2025-1656.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-1656",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2025-04-15T21:15:47.560",
"lastModified": "2025-04-15T21:15:47.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003",
"source": "psirt@autodesk.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21573.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21573",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:47.670",
"lastModified": "2025-04-15T21:15:47.670",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 0.5,
"impactScore": 5.5
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21574.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21574",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:47.793",
"lastModified": "2025-04-15T21:15:47.793",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21575.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21575",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:47.897",
"lastModified": "2025-04-15T21:15:47.897",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21576.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21576",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:48.007",
"lastModified": "2025-04-15T21:15:48.007",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21577.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21577",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:48.120",
"lastModified": "2025-04-15T21:15:48.120",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21578.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21578",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:48.240",
"lastModified": "2025-04-15T21:15:48.240",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Oracle Secure Backup (component: General). Supported versions that are affected are 12.1.0.1, 12.1.0.2, 12.1.0.3, 18.1.0.0, 18.1.0.1 and 18.1.0.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Secure Backup executes to compromise Oracle Secure Backup. Successful attacks of this vulnerability can result in takeover of Oracle Secure Backup. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21579.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21579",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:53.233",
"lastModified": "2025-04-15T21:15:53.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21580.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21580",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:53.393",
"lastModified": "2025-04-15T21:15:53.393",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21581.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21581",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:53.557",
"lastModified": "2025-04-15T21:15:53.557",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21582.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21582",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:53.687",
"lastModified": "2025-04-15T21:15:53.687",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data as well as unauthorized read access to a subset of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21583.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21583",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:53.797",
"lastModified": "2025-04-15T21:15:53.797",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.0 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21584.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21584",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:53.910",
"lastModified": "2025-04-15T21:15:53.910",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21585.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21585",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:54.037",
"lastModified": "2025-04-15T21:15:54.037",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21586.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21586",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:54.160",
"lastModified": "2025-04-15T21:15:54.160",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21587.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21587",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:54.293",
"lastModified": "2025-04-15T21:15:54.293",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-215xx/CVE-2025-21588.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-21588",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:54.427",
"lastModified": "2025-04-15T21:15:54.427",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

16
CVE-2025/CVE-2025-216xx/CVE-2025-21601.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-21601",
"sourceIdentifier": "sirt@juniper.net",
"published": "2025-04-09T20:15:26.350",
"lastModified": "2025-04-11T15:40:10.277",
"lastModified": "2025-04-15T21:15:54.560",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -63,7 +63,7 @@
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
@ -83,6 +83,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-573"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA96452",

100
CVE-2025/CVE-2025-244xx/CVE-2025-24487.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-24487",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T21:15:54.717",
"lastModified": "2025-04-15T21:15:54.717",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can infer the existence of usernames in the system by querying an API."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

39
CVE-2025/CVE-2025-249xx/CVE-2025-24948.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-24948",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T16:16:05.830",
"lastModified": "2025-04-15T18:39:27.967",
"lastModified": "2025-04-15T20:15:38.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-598"
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",

39
CVE-2025/CVE-2025-249xx/CVE-2025-24949.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-24949",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T16:16:05.927",
"lastModified": "2025-04-15T18:39:27.967",
"lastModified": "2025-04-15T20:15:38.690",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "In JotUrl 2.0, is possible to bypass security requirements during the password change process."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",

56
CVE-2025/CVE-2025-24xx/CVE-2025-2497.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-2497",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2025-04-15T21:15:56.630",
"lastModified": "2025-04-15T21:15:56.630",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0005",
"source": "psirt@autodesk.com"
}
]
}

31
CVE-2025/CVE-2025-253xx/CVE-2025-25379.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25379",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-28T23:15:10.790",
"lastModified": "2025-03-04T16:15:39.433",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-15T20:10:40.157",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,14 +51,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:07fly:07flycms:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E565AA-68C6-429F-BC02-0680396BD9A3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/R2og/Sun-jialiang/tree/main/9/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/R2og/Sun-jialiang/tree/main/9/readme.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Broken Link"
]
}
]
}

47
CVE-2025/CVE-2025-254xx/CVE-2025-25456.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-25456",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T19:16:07.327",
"lastModified": "2025-04-15T19:16:07.327",
"lastModified": "2025-04-15T21:15:54.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/xyqer1/ab1e6a2bd369aaada0666639c843aff0",
@ -20,6 +55,14 @@
{
"url": "https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-mac2-StackOverflow",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/xyqer1/ab1e6a2bd369aaada0666639c843aff0",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
},
{
"url": "https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-mac2-StackOverflow",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

100
CVE-2025/CVE-2025-25xx/CVE-2025-2567.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-2567",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T20:15:38.990",
"lastModified": "2025-04-15T20:15:38.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker could modify or disable settings, disrupt fuel monitoring \nand supply chain operations, leading to disabling of ATG monitoring. \nThis would result in potential safety hazards in fuel storage and \ntransportation."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-05",
"source": "ics-cert@hq.dhs.gov"
}
]
}

47
CVE-2025/CVE-2025-269xx/CVE-2025-26977.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-26977",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-02-25T15:15:30.443",
"lastModified": "2025-02-25T15:15:30.443",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-04-15T20:15:04.003",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ninjateam:filebird:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.4.6",
"matchCriteriaId": "2EE6CCFF-7FA7-4B8D-ADCD-375345E95ED2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/filebird/vulnerability/wordpress-filebird-plugin-6-4-2-1-insecure-direct-object-references-idor-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

77
CVE-2025/CVE-2025-274xx/CVE-2025-27410.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-27410",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-02-28T21:15:27.677",
"lastModified": "2025-03-04T21:15:14.197",
"lastModified": "2025-04-15T20:19:49.100",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -53,28 +73,73 @@
"value": "CWE-23"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pwndoc_project:pwndoc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.0",
"matchCriteriaId": "11E7BA7B-6D6B-4186-80A8-06B69AA22B20"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pwndoc/pwndoc/blob/14acb704891245bf1703ce6296d62112e85aa995/backend/src/routes/backup.js#L527",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/pwndoc/pwndoc/commit/98f284291d73d3a0b11d3181d845845c192d1080",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pwndoc/pwndoc/releases/tag/v1.2.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-mxw8-vgvx-89hx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-mxw8-vgvx-89hx",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

79
CVE-2025/CVE-2025-274xx/CVE-2025-27413.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27413",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-02-28T21:15:27.820",
"lastModified": "2025-03-04T21:15:14.303",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-04-15T20:27:24.010",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
@ -51,34 +71,75 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pwndoc_project:pwndoc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.0",
"matchCriteriaId": "11E7BA7B-6D6B-4186-80A8-06B69AA22B20"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pwndoc/pwndoc/blob/14acb704891245bf1703ce6296d62112e85aa995/backend/src/models/template.js#L170-L175",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/pwndoc/pwndoc/blob/14acb704891245bf1703ce6296d62112e85aa995/backend/src/routes/backup.js#L826-L827",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/pwndoc/pwndoc/blob/14acb704891245bf1703ce6296d62112e85aa995/backend/src/routes/template.js#L63-L66",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/pwndoc/pwndoc/commit/68aa1ea676a91e17bfb333a27571151bd07fb21d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pwndoc/pwndoc/releases/tag/v1.2.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-r3vj-47cf-4672",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-r3vj-47cf-4672",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

100
CVE-2025/CVE-2025-275xx/CVE-2025-27568.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-27568",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T21:15:55.060",
"lastModified": "2025-04-15T21:15:55.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can get users' emails by knowing usernames. A password reset email will be sent in response to this unsolicited request."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-279xx/CVE-2025-27938.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-27938",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T21:15:55.273",
"lastModified": "2025-04-15T21:15:55.273",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., \"rooms\")."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-279xx/CVE-2025-27939.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-27939",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T21:15:55.433",
"lastModified": "2025-04-15T21:15:55.433",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker can change registered email addresses of other users and take over arbitrary accounts."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

39
CVE-2025/CVE-2025-279xx/CVE-2025-27980.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-27980",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T15:16:07.940",
"lastModified": "2025-04-15T18:39:27.967",
"lastModified": "2025-04-15T21:15:55.583",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://blog.csdn.net/qq_52469895/article/details/145496958?sharetype=blogdetail&sharerId=145496958&sharerefer=PC&sharesource=qq_52469895&spm=1011.2480.3001.8118",

39
CVE-2025/CVE-2025-281xx/CVE-2025-28136.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-28136",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T14:15:41.283",
"lastModified": "2025-04-15T18:39:27.967",
"lastModified": "2025-04-15T21:15:55.767",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/Zerone0x00/CVE/blob/main/TOTOLINK/CVE-2025-28136.md",

39
CVE-2025/CVE-2025-281xx/CVE-2025-28142.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-28142",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T15:16:08.243",
"lastModified": "2025-04-15T18:39:27.967",
"lastModified": "2025-04-15T21:15:55.927",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the foldername in /boafrm/formDiskCreateShare."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/regainer27/fb033d40b9d0245c36e520eeb34b7e76",

39
CVE-2025/CVE-2025-281xx/CVE-2025-28143.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-28143",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T15:16:08.360",
"lastModified": "2025-04-15T18:39:27.967",
"lastModified": "2025-04-15T21:15:56.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3_1.0.15 was discovered to contain a command injection vulnerability via the groupname at the /boafrm/formDiskCreateGroup."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/regainer27/885505cda80f81069ba39b11f2f996fc",

39
CVE-2025/CVE-2025-281xx/CVE-2025-28144.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-28144",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T15:16:08.463",
"lastModified": "2025-04-15T18:39:27.967",
"lastModified": "2025-04-15T21:15:56.283",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/regainer27/31a4df78e523635085908ddd4b68d91f",

39
CVE-2025/CVE-2025-281xx/CVE-2025-28145.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-28145",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T15:16:08.563",
"lastModified": "2025-04-15T18:39:27.967",
"lastModified": "2025-04-15T21:15:56.457",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via partition in /boafrm/formDiskFormat."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/regainer27/cee49ede0f576447cc4b1bb078e7a981",

39
CVE-2025/CVE-2025-281xx/CVE-2025-28198.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-28198",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T16:16:06.137",
"lastModified": "2025-04-15T18:39:27.967",
"lastModified": "2025-04-15T20:15:38.833",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/Hitout/carsale/issues/24",

64
CVE-2025/CVE-2025-302xx/CVE-2025-30206.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-30206",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-15T20:15:39.127",
"lastModified": "2025-04-15T20:15:39.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. This issue is patched in version 1.6.1. A workaround for this vulnerability involves replacing the hardcoded secret with a securely generated value and load it from secure configuration storage."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-321"
},
{
"lang": "en",
"value": "CWE-453"
},
{
"lang": "en",
"value": "CWE-547"
}
]
}
],
"references": [
{
"url": "https://github.com/donknap/dpanel/security/advisories/GHSA-j752-cjcj-w847",
"source": "security-advisories@github.com"
}
]
}

100
CVE-2025/CVE-2025-302xx/CVE-2025-30254.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-30254",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T21:15:56.807",
"lastModified": "2025-04-15T21:15:56.807",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

208
CVE-2025/CVE-2025-302xx/CVE-2025-30285.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-30285",
"sourceIdentifier": "psirt@adobe.com",
"published": "2025-04-08T20:15:26.127",
"lastModified": "2025-04-09T20:02:41.860",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-04-15T20:02:19.560",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -51,10 +71,190 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*",
"matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*",
"matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*",
"matchCriteriaId": "F1FC7D1D-6DD2-48B2-980F-B001B0F24473"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*",
"matchCriteriaId": "1FA19E1D-61C2-4640-AF06-4BCFE750BDF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update12:*:*:*:*:*:*",
"matchCriteriaId": "3F331DEA-F3D0-4B13-AB1E-6FE39B2BB55D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update13:*:*:*:*:*:*",
"matchCriteriaId": "63D5CF84-4B0D-48AE-95D6-262AEA2FFDE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update14:*:*:*:*:*:*",
"matchCriteriaId": "10616A3A-0C1C-474A-BD7D-A2A5BB870F74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update15:*:*:*:*:*:*",
"matchCriteriaId": "D7DA523E-1D9B-45FD-94D9-D4F9F2B9296B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update16:*:*:*:*:*:*",
"matchCriteriaId": "151AFF8B-F05C-4D27-85FC-DF88E9C11BEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update17:*:*:*:*:*:*",
"matchCriteriaId": "53A0E245-2915-4DFF-AFB5-A12F5C435702"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update18:*:*:*:*:*:*",
"matchCriteriaId": "C5653D18-7534-48A3-819F-9F049A418F99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*",
"matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*",
"matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*",
"matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*",
"matchCriteriaId": "B38B9E86-BCD5-4BCA-8FB7-EC55905184E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*",
"matchCriteriaId": "5E7BAB80-8455-4570-A2A2-8F40469EE9CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*",
"matchCriteriaId": "F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*",
"matchCriteriaId": "6E22D701-B038-4795-AA32-A18BC93C2B6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*",
"matchCriteriaId": "CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*",
"matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*",
"matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*",
"matchCriteriaId": "645D1B5F-2DAB-4AB8-A465-AC37FF494F95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*",
"matchCriteriaId": "ED6D8996-0770-4C9F-BEA5-87EA479D40A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*",
"matchCriteriaId": "4836086E-3D4A-4A07-A372-382D385CB490"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*",
"matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*",
"matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*",
"matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*",
"matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*",
"matchCriteriaId": "E3A83642-BF14-4C37-BD94-FA76AABE8ADC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*",
"matchCriteriaId": "A892E1DC-F2C8-4F53-8580-A2D1BEED5A25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*",
"matchCriteriaId": "DB97ADBA-C1A9-4EE0-9509-68CB12358AE5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*",
"matchCriteriaId": "E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*",
"matchCriteriaId": "30779417-D4E5-4A01-BE0E-1CE1D134292A"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb25-15.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

100
CVE-2025/CVE-2025-305xx/CVE-2025-30511.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-30511",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T21:15:56.953",
"lastModified": "2025-04-15T21:15:56.953",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-305xx/CVE-2025-30514.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-30514",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T21:15:57.090",
"lastModified": "2025-04-15T21:15:57.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., \"scenes\")."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30681.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30681",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:57.233",
"lastModified": "2025-04-15T21:15:57.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 2.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30682.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30682",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:57.347",
"lastModified": "2025-04-15T21:15:57.347",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30683.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30683",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:57.447",
"lastModified": "2025-04-15T21:15:57.447",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30684.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30684",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:57.560",
"lastModified": "2025-04-15T21:15:57.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30685.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30685",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:57.670",
"lastModified": "2025-04-15T21:15:57.670",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30686.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30686",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:57.787",
"lastModified": "2025-04-15T21:15:57.787",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Supported versions that are affected are 19.1-19.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30687.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30687",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:57.903",
"lastModified": "2025-04-15T21:15:57.903",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30688.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30688",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:58.013",
"lastModified": "2025-04-15T21:15:58.013",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30689.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30689",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:58.130",
"lastModified": "2025-04-15T21:15:58.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30690.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30690",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:58.247",
"lastModified": "2025-04-15T21:15:58.247",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.6,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30691.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30691",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:58.360",
"lastModified": "2025-04-15T21:15:58.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30692.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30692",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:58.470",
"lastModified": "2025-04-15T21:15:58.470",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.2.7-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupplier Portal accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

44
CVE-2025/CVE-2025-306xx/CVE-2025-30693.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-30693",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:58.580",
"lastModified": "2025-04-15T21:15:58.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More