admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-03-19T21:00:19.839456+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-03-19 21:03:49 +00:00
parent 9d43e3e1e7
commit 648e46c5e5
137 changed files with 4867 additions and 554 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2017/CVE-2017-126xx/CVE-2017-12637.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-12637",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-08-07T20:29:01.120",
"lastModified": "2024-11-21T03:09:56.703",
"lastModified": "2025-03-19T19:15:37.440",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-22"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [

4
CVE-2018/CVE-2018-151xx/CVE-2018-15133.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-15133",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-08-09T19:29:00.333",
"lastModified": "2025-02-03T17:15:11.260",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-19T20:50:22.950",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

6
CVE-2018/CVE-2018-68xx/CVE-2018-6867.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2018-6867",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-02-23T13:29:00.307",
"lastModified": "2024-11-21T04:11:19.643",
"lastModified": "2025-03-19T20:15:13.777",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -103,6 +103,10 @@
"VDB Entry"
]
},
{
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2018-6867/Alibaba%20Clone%20Script%201.0.2%20Cross%20Site%20Scripting.txt",
"source": "cve@mitre.org"
},
{
"url": "https://exploit-db.com/exploits/44171",
"source": "af854a3a-2127-422b-91ae-364da2661108",

12
CVE-2019/CVE-2019-10000xx/CVE-2019-1000018.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-1000018",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-02-04T21:29:01.377",
"lastModified": "2024-11-21T04:17:41.303",
"lastModified": "2025-03-19T20:15:15.843",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -186,6 +186,10 @@
"Third Party Advisory"
]
},
{
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-33216%2CCVE-2019-1000018/CommScope%20Ruckus%20IoT%20Controller%201.7.1.0%20Undocumented%20Account.txt",
"source": "cve@mitre.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00027.html",
"source": "cve@mitre.org",
@ -195,15 +199,15 @@
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3MDU3AH5SLYBKHH5PJ6PHC63ASIF42/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KR2OHTHMJVV4DO3HDRFQQZ5JENHDJQEN/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T42YYNWJZG422GATWAHAEK4A24OKY557/",
"source": "cve@mitre.org"
},
{

6
CVE-2019/CVE-2019-130xx/CVE-2019-13029.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-13029",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-07-11T19:15:13.237",
"lastModified": "2024-11-21T04:24:04.627",
"lastModified": "2025-03-19T20:15:16.460",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -111,6 +111,10 @@
"VDB Entry"
]
},
{
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2019-13029/REDCap%20Cross%20Site%20Scripting.txt",
"source": "cve@mitre.org"
},
{
"url": "https://gitlab.com/snippets/1874216",
"source": "cve@mitre.org",

32
CVE-2020/CVE-2020-198xx/CVE-2020-19825.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-19825",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-15T22:15:10.860",
"lastModified": "2024-11-21T05:09:25.253",
"lastModified": "2025-03-19T19:15:37.733",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

4
CVE-2020/CVE-2020-57xx/CVE-2020-5722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-5722",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2020-03-23T20:15:12.043",
"lastModified": "2025-02-06T21:15:15.403",
"vulnStatus": "Modified",
"lastModified": "2025-03-19T20:56:38.223",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2020/CVE-2020-57xx/CVE-2020-5735.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-5735",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2020-04-08T13:15:13.003",
"lastModified": "2025-02-06T21:15:15.593",
"vulnStatus": "Modified",
"lastModified": "2025-03-19T20:56:21.727",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2020/CVE-2020-57xx/CVE-2020-5741.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-5741",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2020-05-08T13:15:11.137",
"lastModified": "2025-02-06T21:15:15.817",
"vulnStatus": "Modified",
"lastModified": "2025-03-19T20:56:12.090",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2021/CVE-2021-200xx/CVE-2021-20090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-20090",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2021-04-29T15:15:10.630",
"lastModified": "2025-02-06T21:15:16.230",
"vulnStatus": "Modified",
"lastModified": "2025-03-19T20:56:01.547",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2021/CVE-2021-422xx/CVE-2021-42258.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-42258",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-10-22T22:15:07.907",
"lastModified": "2025-02-03T16:15:31.850",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-19T20:50:35.467",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

6
CVE-2021/CVE-2021-454xx/CVE-2021-45422.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-45422",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-01-13T19:15:08.540",
"lastModified": "2024-11-21T06:32:11.640",
"lastModified": "2025-03-19T20:15:16.623",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -101,6 +101,10 @@
"Broken Link"
]
},
{
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2021-45422/RLM%2014.2%20Cross%20Site%20Scripting.txt",
"source": "cve@mitre.org"
},
{
"url": "https://seclists.org/fulldisclosure/2022/Jan/31",
"source": "cve@mitre.org",

10
CVE-2022/CVE-2022-263xx/CVE-2022-26352.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-26352",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-07-17T22:15:08.787",
"lastModified": "2025-02-03T16:15:32.033",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-19T20:50:08.570",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -133,7 +133,8 @@
"url": "https://groups.google.com/g/dotcms",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
"Third Party Advisory",
"Permissions Required"
]
},
{
@ -149,7 +150,8 @@
"url": "https://groups.google.com/g/dotcms",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
"Third Party Advisory",
"Permissions Required"
]
}
]

32
CVE-2022/CVE-2022-276xx/CVE-2022-27677.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-27677",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-03-01T08:15:10.407",
"lastModified": "2024-11-21T06:56:09.347",
"lastModified": "2025-03-19T19:15:37.900",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-269"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-324xx/CVE-2022-32478.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-32478",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-15T02:15:09.813",
"lastModified": "2024-11-21T07:06:24.737",
"lastModified": "2025-03-19T20:15:16.767",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-367"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-329xx/CVE-2022-32955.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-32955",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-15T02:15:09.940",
"lastModified": "2024-11-21T07:07:18.477",
"lastModified": "2025-03-19T19:15:38.053",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-367"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"configurations": [

32
CVE-2022/CVE-2022-388xx/CVE-2022-38868.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38868",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-15T22:15:11.723",
"lastModified": "2024-11-21T07:17:12.523",
"lastModified": "2025-03-19T19:15:38.210",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

4
CVE-2023/CVE-2023-13xx/CVE-2023-1389.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1389",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-03-15T23:15:09.403",
"lastModified": "2025-01-28T17:15:10.167",
"vulnStatus": "Modified",
"lastModified": "2025-03-19T20:57:29.073",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

32
CVE-2023/CVE-2023-210xx/CVE-2023-21014.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-21014",
"sourceIdentifier": "security@android.com",
"published": "2023-03-24T20:15:13.073",
"lastModified": "2024-11-21T07:42:00.217",
"lastModified": "2025-03-19T19:15:38.360",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.8,
"impactScore": 4.2
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-125"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-230xx/CVE-2023-23004.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23004",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-01T20:15:14.673",
"lastModified": "2024-11-21T07:45:46.863",
"lastModified": "2025-03-19T20:15:17.083",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-476"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-230xx/CVE-2023-23005.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23005",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-01T20:15:15.100",
"lastModified": "2024-11-21T07:45:47.017",
"lastModified": "2025-03-19T19:15:38.563",
"vulnStatus": "Modified",
"cveTags": [
{
@ -39,6 +39,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -52,6 +72,16 @@
"value": "CWE-476"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-230xx/CVE-2023-23006.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23006",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-01T20:15:15.520",
"lastModified": "2024-11-21T07:45:47.170",
"lastModified": "2025-03-19T19:15:38.733",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-476"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [

36
CVE-2023/CVE-2023-234xx/CVE-2023-23458.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23458",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-02-15T19:15:12.300",
"lastModified": "2024-11-21T07:46:14.480",
"lastModified": "2025-03-19T20:15:17.273",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -52,13 +52,33 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",
@ -68,13 +88,23 @@
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-234xx/CVE-2023-23459.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23459",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-02-15T19:15:12.380",
"lastModified": "2024-11-21T07:46:14.607",
"lastModified": "2025-03-19T20:15:17.500",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -52,13 +52,33 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cna@cyber.gov.il",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",
@ -68,6 +88,16 @@
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{

32
CVE-2023/CVE-2023-234xx/CVE-2023-23460.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23460",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-02-15T19:15:12.453",
"lastModified": "2024-11-21T07:46:14.730",
"lastModified": "2025-03-19T19:15:38.927",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -52,6 +52,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -65,6 +85,16 @@
"value": "CWE-287"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [

22
CVE-2023/CVE-2023-234xx/CVE-2023-23461.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23461",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2023-02-15T19:15:12.520",
"lastModified": "2024-11-21T07:46:14.837",
"lastModified": "2025-03-19T19:15:39.133",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

32
CVE-2023/CVE-2023-257xx/CVE-2023-25762.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25762",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-02-15T14:15:13.470",
"lastModified": "2024-11-21T07:50:08.430",
"lastModified": "2025-03-19T19:15:39.727",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-257xx/CVE-2023-25763.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25763",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-02-15T14:15:13.543",
"lastModified": "2024-11-21T07:50:08.563",
"lastModified": "2025-03-19T19:15:39.867",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

16
CVE-2023/CVE-2023-279xx/CVE-2023-27992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27992",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-06-19T12:15:09.433",
"lastModified": "2024-11-21T07:53:53.520",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-19T20:58:46.307",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -72,8 +72,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nas326_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.21\\(aazf.13\\)c0",
"matchCriteriaId": "E1C7EF7A-7A3B-4DAB-B42A-2C84F861A5D2"
"versionEndExcluding": "5.21\\(aazf.14\\)c0",
"matchCriteriaId": "A4A72863-E165-4A25-B53F-EE5F97236C5A"
}
]
},
@ -100,8 +100,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nas540_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.21\\(aatb.10\\)c0",
"matchCriteriaId": "0E8018F0-97F9-46E1-954B-08BA1BCE33AB"
"versionEndExcluding": "5.21\\(aatb.11\\)c0",
"matchCriteriaId": "E86737DF-B02E-484D-AFB8-00D4F3B15330"
}
]
},
@ -128,8 +128,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nas542_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.21\\(abag.10\\)c0",
"matchCriteriaId": "1F106841-EEF2-4EFA-BD32-514AF9C74F22"
"versionEndExcluding": "5.21\\(abag.11\\)c0",
"matchCriteriaId": "DB6182FF-5301-474F-B324-651208839B0F"
}
]
},

8
CVE-2023/CVE-2023-331xx/CVE-2023-33140.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33140",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-14T00:15:12.433",
"lastModified": "2025-02-28T20:15:43.667",
"lastModified": "2025-03-19T20:15:17.950",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -15,7 +15,7 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
@ -103,6 +103,10 @@
"Vendor Advisory"
]
},
{
"url": "https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2023-33140/Microsoft%20OneNote%20(Version%202305%20Build%2016.0.16501.20074)%2064-bit%20-%20Spoofing%20Vulnerability.txt",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33140",
"source": "af854a3a-2127-422b-91ae-364da2661108",

14
CVE-2023/CVE-2023-429xx/CVE-2023-42928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42928",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:50.603",
"lastModified": "2024-12-04T22:34:44.777",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-19T19:15:40.030",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [

22
CVE-2023/CVE-2023-429xx/CVE-2023-42962.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42962",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-28T16:15:08.430",
"lastModified": "2024-11-21T08:23:37.137",
"lastModified": "2025-03-19T20:15:18.083",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

52
CVE-2023/CVE-2023-478xx/CVE-2023-47846.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47846",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:51.737",
"lastModified": "2024-11-21T08:30:54.270",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-19T19:03:05.937",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:terryl:wp_githuber_md:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.16.3",
"matchCriteriaId": "6D03C742-C6B2-4018-8147-248873FF728C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-githuber-md/wordpress-wp-githuber-md-plugin-1-16-2-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/wp-githuber-md/wordpress-wp-githuber-md-plugin-1-16-2-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-478xx/CVE-2023-47873.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47873",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T21:15:51.933",
"lastModified": "2024-11-21T08:30:56.700",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-19T19:24:55.360",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wensolutions:wp_child_theme_generator:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.3",
"matchCriteriaId": "0D85E9EA-DE05-4841-B5AC-D98873EAA310"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-child-theme-generator/wordpress-wp-child-theme-generator-plugin-1-0-8-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/wp-child-theme-generator/wordpress-wp-child-theme-generator-plugin-1-0-8-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-56xx/CVE-2023-5631.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5631",
"sourceIdentifier": "security@eset.com",
"published": "2023-10-18T15:15:08.727",
"lastModified": "2025-02-13T18:15:59.250",
"vulnStatus": "Modified",
"lastModified": "2025-03-19T20:57:50.170",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

27
CVE-2024/CVE-2024-12xx/CVE-2024-1231.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1231",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-03-25T05:15:50.443",
"lastModified": "2024-11-21T08:50:06.870",
"lastModified": "2025-03-19T20:15:18.433",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento CM Download Manager de WordPress anterior a 2.9.0 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los administradores registrados anulen la publicaci\u00f3n de las descargas mediante un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 5.5
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/7d3968d9-61ed-4c00-8764-0360cf03255e/",

14
CVE-2024/CVE-2024-216xx/CVE-2024-21686.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21686",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-07-16T20:15:02.900",
"lastModified": "2025-02-13T17:09:31.977",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-19T19:15:40.200",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -71,6 +71,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

41
CVE-2024/CVE-2024-228xx/CVE-2024-22880.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22880",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-13T14:15:22.180",
"lastModified": "2025-03-13T14:15:22.180",
"vulnStatus": "Received",
"lastModified": "2025-03-19T19:15:40.330",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de Cross Site Scripting en Zadarma Zadarma extension v.1.0.11 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para el componente de chat web."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/sAjibuu/372fd7d103218dabac95bf12580adbe4",

39
CVE-2024/CVE-2024-239xx/CVE-2024-23962.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23962",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-01-31T00:15:09.367",
"lastModified": "2025-02-18T19:15:15.260",
"lastModified": "2025-03-19T19:15:40.467",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre instalaciones afectadas de dispositivos Alpine Halo9. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la interfaz DLT, que escucha en el puerto TCP 3490 de manera predeterminada. El problema es el resultado de la falta de autenticaci\u00f3n antes de permitir el acceso a la funcionalidad. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del dispositivo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-847/",

52
CVE-2024/CVE-2024-259xx/CVE-2024-25920.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25920",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T06:15:18.200",
"lastModified": "2024-11-21T09:01:34.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-19T19:25:32.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:veronalabs:wp_sms:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "6.4",
"matchCriteriaId": "8E3B9A86-9614-49AA-A45A-F7C4337833BC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-sms/wordpress-wp-sms-plugin-6-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/wp-sms/wordpress-wp-sms-plugin-6-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-288xx/CVE-2024-28803.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28803",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-13T14:15:24.997",
"lastModified": "2025-03-13T14:15:24.997",
"vulnStatus": "Received",
"lastModified": "2025-03-19T19:15:40.657",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,50 @@
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en Italtel SpA i-MCS NFV v.12.1.0-20211215 permite a atacantes remotos no autenticados inyectar secuencias de comandos web o HTML arbitrarios en par\u00e1metros HTTP/POST."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

14
CVE-2024/CVE-2024-28xx/CVE-2024-2859.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-2859",
"sourceIdentifier": "sirt@brocade.com",
"published": "2024-04-27T00:15:07.010",
"lastModified": "2025-02-21T17:15:11.730",
"lastModified": "2025-03-19T19:15:40.793",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240628-0003/",

52
CVE-2024/CVE-2024-28xx/CVE-2024-2888.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2888",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-26T06:15:09.300",
"lastModified": "2024-11-21T09:10:45.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-19T19:02:10.360",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:boldgrid:post_and_page_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.26.3",
"matchCriteriaId": "EE43E3F9-BC79-41F4-962D-ADC622BD683B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/post-and-page-builder/wordpress-post-and-page-builder-by-boldgrid-plugin-1-26-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/post-and-page-builder/wordpress-post-and-page-builder-by-boldgrid-plugin-1-26-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-299xx/CVE-2024-29915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29915",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-27T07:15:53.110",
"lastModified": "2024-11-21T09:08:36.560",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-19T19:37:19.997",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:podlove:podlove_podcast_publisher:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.0.10",
"matchCriteriaId": "91B16126-D4B7-4FDF-885D-53F21147FB6C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/podlove-podcasting-plugin-for-wordpress/wordpress-podlove-podcast-publisher-plugin-4-0-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-304xx/CVE-2024-30454.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30454",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-29T17:15:17.770",
"lastModified": "2024-11-21T09:11:57.490",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-19T19:37:29.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:veronalabs:wp_sms:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "6.6.3",
"matchCriteriaId": "E59C762E-F614-4F36-A202-65A86623FF96"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-sms/wordpress-wp-sms-plugin-6-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/wp-sms/wordpress-wp-sms-plugin-6-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

14
CVE-2024/CVE-2024-353xx/CVE-2024-35353.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35353",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T17:15:33.580",
"lastModified": "2024-11-21T09:20:11.600",
"lastModified": "2025-03-19T19:15:40.930",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298777/vuln8-insecure-direct-object-references-idor",

32
CVE-2024/CVE-2024-384xx/CVE-2024-38466.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38466",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-16T16:15:09.803",
"lastModified": "2024-11-21T09:25:59.697",
"lastModified": "2025-03-19T20:15:18.590",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-798"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [

12
CVE-2024/CVE-2024-399xx/CVE-2024-39936.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39936",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-04T21:15:10.180",
"lastModified": "2024-11-21T09:28:36.910",
"lastModified": "2025-03-19T20:15:18.770",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-367"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"configurations": [

32
CVE-2024/CVE-2024-407xx/CVE-2024-40786.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-40786",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:12.070",
"lastModified": "2024-11-21T09:31:37.657",
"lastModified": "2025-03-19T20:15:18.927",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

22
CVE-2024/CVE-2024-411xx/CVE-2024-41107.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41107",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-19T11:15:03.323",
"lastModified": "2025-02-21T17:15:12.663",
"lastModified": "2025-03-19T19:15:41.073",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},

39
CVE-2024/CVE-2024-437xx/CVE-2024-43767.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-43767",
"sourceIdentifier": "security@android.com",
"published": "2025-01-03T01:15:07.847",
"lastModified": "2025-02-18T22:15:11.020",
"lastModified": "2025-03-19T19:15:41.263",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En prepare_to_draw_into_mask de SkBlurMaskFilterImpl.cpp, existe un posible desbordamiento de pila debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/external/skia/+/796c2040f641bb287dba66c9823ce45e9f8b5807",

34
CVE-2024/CVE-2024-441xx/CVE-2024-44135.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44135",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:50.393",
"lastModified": "2024-09-25T13:28:09.067",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-19T19:15:41.400",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-441xx/CVE-2024-44162.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44162",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:51.060",
"lastModified": "2024-09-29T00:16:28.033",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-19T19:15:41.543",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

43
CVE-2024/CVE-2024-448xx/CVE-2024-44866.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-44866",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-17T19:15:22.453",
"lastModified": "2025-03-17T19:15:22.453",
"lastModified": "2025-03-19T19:15:41.687",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in the GuitarPro1::read function of MuseScore Studio v4.3.2 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via opening a crafted GuitarPro file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la funci\u00f3n GuitarPro1::read de MuseScore Studio v4.3.2 permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) al abrir un archivo GuitarPro manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/moonadon9/CVE_2024",

34
CVE-2024/CVE-2024-484xx/CVE-2024-48428.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48428",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T15:15:18.827",
"lastModified": "2024-11-14T23:15:02.760",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-19T19:15:41.880",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-640"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-487xx/CVE-2024-48791.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48791",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T18:15:05.420",
"lastModified": "2024-10-15T15:35:19.917",
"lastModified": "2025-03-19T19:15:42.043",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "http://www.starvedia.com/",

56
CVE-2024/CVE-2024-514xx/CVE-2024-51459.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51459",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-03-19T19:15:42.180",
"lastModified": "2025-03-19T19:15:42.180",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-280"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7185056",
"source": "psirt@us.ibm.com"
}
]
}

39
CVE-2024/CVE-2024-533xx/CVE-2024-53310.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-53310",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-13T23:15:10.493",
"lastModified": "2025-02-13T23:15:10.493",
"lastModified": "2025-03-19T19:15:42.327",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer basada en el controlador de excepciones estructurado en Effectmatrix Total Video Converter Command Line (TVCC) 2.50 cuando se pasa un archivo especialmente manipulado al par\u00e1metro -ff. La vulnerabilidad se produce debido a una gesti\u00f3n inadecuada de la entrada de archivos con caracteres demasiado largos, lo que provoca la corrupci\u00f3n de la memoria. Esto puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario o la denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/ufist/vulnerability-research/blob/main/CVE-2024-53310/CVE-2024-53310.md",

41
CVE-2024/CVE-2024-534xx/CVE-2024-53406.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53406",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-13T17:15:33.410",
"lastModified": "2025-03-13T17:15:33.410",
"vulnStatus": "Received",
"lastModified": "2025-03-19T19:15:42.463",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Espressif Esp idf v5.3.0 es vulnerable a permisos inseguros, lo que resulta en la omisi\u00f3n de la autenticaci\u00f3n. Durante la fase de reconexi\u00f3n, el dispositivo reutiliza la clave de sesi\u00f3n de una sesi\u00f3n anterior, lo que permite a los atacantes ejecutar ataques de omisi\u00f3n de seguridad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://github.com/espressif/esp-idf",

39
CVE-2024/CVE-2024-545xx/CVE-2024-54550.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-54550",
"sourceIdentifier": "product-security@apple.com",
"published": "2025-01-27T22:15:14.580",
"lastModified": "2025-02-18T20:15:22.183",
"lastModified": "2025-03-19T19:15:42.697",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Este problema se solucion\u00f3 con una redacci\u00f3n mejorada de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en macOS Sequoia 15.2, iOS 18.2 y iPadOS 18.2. Es posible que una aplicaci\u00f3n pueda ver la informaci\u00f3n de contacto completada autom\u00e1ticamente de Mensajes y Correo en los registros de sistema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121837",

49
CVE-2024/CVE-2024-550xx/CVE-2024-55060.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-55060",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-13T21:15:42.507",
"lastModified": "2025-03-13T21:15:42.507",
"vulnStatus": "Received",
"lastModified": "2025-03-19T19:15:42.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) en el componente index.php de Rafed CMS Website v1.44 permite a los atacantes ejecutar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un payload manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bigzooooz/CVE-2024-55060",
@ -20,6 +59,10 @@
{
"url": "https://www.rafed-system.org/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bigzooooz/CVE-2024-55060",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

45
CVE-2024/CVE-2024-551xx/CVE-2024-55198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-55198",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-13T15:15:49.460",
"lastModified": "2025-03-13T15:15:49.460",
"vulnStatus": "Received",
"lastModified": "2025-03-19T19:15:42.970",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Enumeraci\u00f3n de usuarios mediante discrepancias en los mensajes de error en la funcionalidad de recuperaci\u00f3n de contrase\u00f1a de Celk Sistemas Celk Saude v.3.1.252.1 que permite a un atacante remoto enumerar usuarios a trav\u00e9s de discrepancias en las respuestas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-204"
}
]
}
],
"references": [
{
"url": "https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html",
@ -24,6 +59,10 @@
{
"url": "https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-55198",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-55198",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

39
CVE-2024/CVE-2024-552xx/CVE-2024-55215.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-55215",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-07T22:15:13.247",
"lastModified": "2025-02-18T19:15:18.970",
"lastModified": "2025-03-19T19:15:43.100",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en trojan v.2.0.0 a v.2.15.3 permite a un atacante remoto escalar privilegios a trav\u00e9s de la interfaz de inicializaci\u00f3n /auth/register."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://github.com/ainrm/Jrohy-trojan-unauth-poc/blob/main/README.en.md",

39
CVE-2024/CVE-2024-555xx/CVE-2024-55551.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-55551",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-19T14:15:37.733",
"lastModified": "2025-03-19T14:15:37.733",
"lastModified": "2025-03-19T19:15:43.240",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "An issue was discovered in Exasol jdbc driver 24.2.0. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution vulnerability."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://docs.exasol.com/db/latest/connect_exasol/drivers/jdbc.htm",

47
CVE-2024/CVE-2024-562xx/CVE-2024-56242.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56242",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-02T12:15:25.640",
"lastModified": "2025-01-02T12:15:25.640",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-19T19:52:59.910",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tychesoftwares:arconix_shortcodes:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.5",
"matchCriteriaId": "D4CFEA71-83D2-471C-8D6D-8778A3E3E455"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/arconix-shortcodes/vulnerability/wordpress-arconix-shortcodes-plugin-2-1-14-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

29
CVE-2024/CVE-2024-570xx/CVE-2024-57061.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-57061",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-19T19:15:43.377",
"lastModified": "2025-03-19T19:15:43.377",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration."
}
],
"metrics": {},
"references": [
{
"url": "https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection",
"source": "cve@mitre.org"
},
{
"url": "https://sha999.medium.com/cve-2024-57061-termius-insufficient-electron-fuses-configuration-limited-disclosure-ab00d0970159",
"source": "cve@mitre.org"
},
{
"url": "https://www.electron.build/tutorials/adding-electron-fuses.html",
"source": "cve@mitre.org"
}
]
}

41
CVE-2024/CVE-2024-570xx/CVE-2024-57062.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57062",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-13T16:15:25.773",
"lastModified": "2025-03-13T16:15:25.773",
"vulnStatus": "Received",
"lastModified": "2025-03-19T19:15:43.523",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Un problema en la aplicaci\u00f3n SoundCloud IOS v.7.65.2 permite que un atacante local escale privilegios y obtenga informaci\u00f3n confidencial a trav\u00e9s del componente de gesti\u00f3n de sesiones."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "http://soundcloud.com",

39
CVE-2024/CVE-2024-570xx/CVE-2024-57081.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-57081",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-05T22:15:32.397",
"lastModified": "2025-02-18T19:15:21.140",
"lastModified": "2025-03-19T19:15:43.663",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un prototipo de contaminaci\u00f3n en la funci\u00f3n lib.fromQuery de underscore-contrib v0.3.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante el suministro de un payload manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/tariqhawis/4b2c7273054f0d70ef162aa5b6daec01",

43
CVE-2024/CVE-2024-571xx/CVE-2024-57151.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-57151",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-18T21:15:31.663",
"lastModified": "2025-03-18T21:15:31.663",
"lastModified": "2025-03-19T19:15:43.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execute arbitrary code via the inputAction.php file and the saveAjax function"
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n SQL en rainrocka xinhu v.2.6.5 y anteriores permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del archivo inputAction.php y la funci\u00f3n saveAjax"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/jcxj/jcxj/blob/master/source/_posts/%E4%BF%A1%E5%91%BCoa%E5%AE%A1%E8%AE%A1.md",

22
CVE-2024/CVE-2024-62xx/CVE-2024-6244.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6244",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-22T06:15:02.737",
"lastModified": "2024-11-21T09:49:16.333",
"lastModified": "2025-03-19T20:15:19.200",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

60
CVE-2024/CVE-2024-76xx/CVE-2024-7631.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-7631",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-03-19T19:15:43.920",
"lastModified": "2025-03-19T19:15:43.920",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-7631",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296053",
"source": "secalert@redhat.com"
}
]
}

39
CVE-2025/CVE-2025-04xx/CVE-2025-0443.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-0443",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-01-15T11:15:10.483",
"lastModified": "2025-02-18T21:15:25.007",
"lastModified": "2025-03-19T19:15:44.070",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " La validaci\u00f3n de datos insuficiente en las extensiones de Google Chrome anteriores a la versi\u00f3n 132.0.6834.83 permiti\u00f3 que un atacante remoto convenciera a un usuario para que realizara gestos espec\u00edficos de la interfaz de usuario para realizar una escalada de privilegios a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: media)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html",

54
CVE-2025/CVE-2025-05xx/CVE-2025-0554.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-0554",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-18T06:15:28.160",
"lastModified": "2025-01-18T06:15:28.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-19T19:53:31.407",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.0,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:podlove:podlove_podcast_publisher:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.2.0",
"matchCriteriaId": "D7088445-3ACD-47FD-8A4A-88126ABB1C37"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3217075%40podlove-podcasting-plugin-for-wordpress&new=3217075%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39d41772-49f3-4bce-a170-cbe64ba99184?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2025/CVE-2025-08xx/CVE-2025-0859.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-0859",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-02-06T10:15:08.340",
"lastModified": "2025-02-06T10:15:08.340",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-19T20:35:32.317",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,26 +51,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:boldgrid:post_and_page_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.27.7",
"matchCriteriaId": "469FDBFB-A9C4-4C1E-85DA-7235C7415863"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/BoldGrid/post-and-page-builder/pull/638/commits/10e4d1d96fd2735379049259d15896fa6dd35471",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/post-and-page-builder/trunk/includes/class-boldgrid-editor-preview.php#L178",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?old=3234175&old_path=post-and-page-builder%2Ftags%2F1.27.7%2Fincludes%2Fclass-boldgrid-editor-preview.php&new=3234175&new_path=post-and-page-builder%2Ftags%2F1.27.7%2Fincludes%2Fclass-boldgrid-editor-preview.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/post-and-page-builder/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/111a1e7f-bc87-4130-a0b2-422d0f98afb6?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

42
CVE-2025/CVE-2025-13xx/CVE-2025-1383.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1383",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-06T12:15:35.937",
"lastModified": "2025-03-06T12:15:35.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-19T20:47:28.020",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:podlove:podlove_podcast_publisher:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.2.3",
"matchCriteriaId": "7A0BCD51-C042-4529-9BBC-8D02DF2ABD9D"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/podlove-podcasting-plugin-for-wordpress/tags/4.2.0/lib/modules/transcripts/transcripts.php#L223",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3246867/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/plugins/podlove-podcasting-plugin-for-wordpress/#developers",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/00a95ae7-3c58-4e5e-aaef-c04d1dacf27f?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

42
CVE-2025/CVE-2025-16xx/CVE-2025-1661.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-1661",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-11T04:15:24.803",
"lastModified": "2025-03-11T04:15:24.803",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-19T20:48:03.360",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,22 +51,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluginus:husky_-_products_filter_professional_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.6.6",
"matchCriteriaId": "E0D61F93-67D0-42D0-86C1-2FBF35CA2385"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-products-filter/trunk/ext/by_text/index.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3249621%40woocommerce-products-filter&new=3249621%40woocommerce-products-filter&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3253169%40woocommerce-products-filter&new=3253169%40woocommerce-products-filter&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae7b6fc-2120-4573-8b1b-d5422d435fa5?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

39
CVE-2025/CVE-2025-229xx/CVE-2025-22907.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-22907",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-16T03:15:06.630",
"lastModified": "2025-02-18T21:15:27.480",
"lastModified": "2025-03-19T19:15:44.263",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que RE11S v1.11 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro selSSID en la funci\u00f3n formWlSiteSurvey."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "http://re11s.com",

72
CVE-2025/CVE-2025-244xx/CVE-2025-24472.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24472",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2025-02-11T17:15:34.867",
"lastModified": "2025-03-19T01:00:02.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-03-19T20:21:38.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -53,12 +73,58 @@
"value": "CWE-288"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.20",
"matchCriteriaId": "1B14CD59-F557-48A0-8458-BECD3AD7DB3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.13",
"matchCriteriaId": "EDC18768-0891-465E-9900-3DF5D22A5CB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.17",
"matchCriteriaId": "BD357034-B2FD-4C2E-97FE-2C54D686D885"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-535",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2025/CVE-2025-246xx/CVE-2025-24605.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24605",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-02-03T15:15:26.473",
"lastModified": "2025-02-03T15:15:26.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-19T19:53:58.787",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluginus:wolf_-_wordpress_posts_bulk_editor_and_products_manager_professional:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.8.6",
"matchCriteriaId": "B40D857A-BF73-40FE-BA25-0DB2EB13149D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/bulk-editor/vulnerability/wordpress-wolf-plugin-1-0-8-5-path-traversal-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

37
CVE-2025/CVE-2025-24xx/CVE-2025-2476.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2025-2476",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2025-03-19T19:15:50.447",
"lastModified": "2025-03-19T19:15:50.447",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_19.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/401029609",
"source": "chrome-cve-admin@google.com"
}
]
}

41
CVE-2025/CVE-2025-253xx/CVE-2025-25363.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-25363",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-13T18:15:50.733",
"lastModified": "2025-03-13T18:15:50.733",
"vulnStatus": "Received",
"lastModified": "2025-03-19T19:15:44.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) almacenado y autenticadas en The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) anterior a v4.1.69-dc permite a atacantes con privilegios de administrador ejecutar Javascript arbitrario en el contexto del navegador de un usuario mediante la inyecci\u00f3n de un payload manipulado en el campo HTML de una plantilla."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://github.com/florkie/CVE/blob/main/CVE-2025-25363.md",

43
CVE-2025/CVE-2025-255xx/CVE-2025-25565.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-25565",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-12T16:15:22.660",
"lastModified": "2025-03-12T16:15:22.660",
"lastModified": "2025-03-19T19:15:44.520",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,11 +15,50 @@
"value": "SoftEther VPN 5.02.5187 es vulnerable al desbordamiento del b\u00fafer en el archivo Command.c a trav\u00e9s de las funciones PtMakeCert y PtMakeCert2048."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://lzydry.github.io/CVE-2025-25565/",
"source": "cve@mitre.org"
},
{
"url": "https://lzydry.github.io/CVE-2025-25565/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

43
CVE-2025/CVE-2025-255xx/CVE-2025-25567.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-25567",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-12T16:15:22.840",
"lastModified": "2025-03-12T16:15:22.840",
"lastModified": "2025-03-19T19:15:44.653",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,11 +15,50 @@
"value": "SoftEther VPN 5.02.5187 es vulnerable al desbordamiento del b\u00fafer en Internat.c a trav\u00e9s de la funci\u00f3n UniToStrForSingleChars."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://lzydry.github.io/CVE-2025-25567/",
"source": "cve@mitre.org"
},
{
"url": "https://lzydry.github.io/CVE-2025-25567/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

43
CVE-2025/CVE-2025-255xx/CVE-2025-25568.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-25568",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-12T16:15:22.930",
"lastModified": "2025-03-12T16:15:22.930",
"lastModified": "2025-03-19T19:15:44.790",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,11 +15,50 @@
"value": "SoftEtherVPN 5.02.5187 es vulnerable a uso despu\u00e9s de la liberaci\u00f3n en el archivo Command.c a trav\u00e9s de la funci\u00f3n CheckNetworkAcceptThread."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://lzydry.github.io/CVE-2025-25568/",
"source": "cve@mitre.org"
},
{
"url": "https://lzydry.github.io/CVE-2025-25568/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

43
CVE-2025/CVE-2025-255xx/CVE-2025-25580.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25580",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-18T15:16:00.123",
"lastModified": "2025-03-18T15:16:00.123",
"lastModified": "2025-03-19T19:15:44.917",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que yimioa anterior a v2024.07.04 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del m\u00e9todo listNameBySql() en /xml/UserMapper.xml."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/r1bbit/yimioa/issues/IBI6XT",

43
CVE-2025/CVE-2025-255xx/CVE-2025-25582.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25582",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-18T16:15:26.900",
"lastModified": "2025-03-18T16:15:26.900",
"lastModified": "2025-03-19T19:15:45.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the selectNoticeList() method at /xml/OaNoticeMapper.xml."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que yimioa anterior a v2024.07.04 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del m\u00e9todo selectNoticeList() en /xml/OaNoticeMapper.xml."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/r1bbit/yimioa/issues/IBI74K",

43
CVE-2025/CVE-2025-255xx/CVE-2025-25585.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25585",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-18T15:16:00.253",
"lastModified": "2025-03-18T15:16:00.253",
"lastModified": "2025-03-19T19:15:45.203",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in the component /config/WebSecurityConfig.java of yimioa before v2024.07.04 allows unauthorized attackers to arbitrarily modify Administrator passwords."
},
{
"lang": "es",
"value": "El control de acceso incorrecto en el componente /config/WebSecurityConfig.java de yimioa anterior a v2024.07.04 permite a atacantes no autorizados modificar arbitrariamente las contrase\u00f1as de administrador."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/r1bbit/yimioa/issues/IBI7PG",

43
CVE-2025/CVE-2025-255xx/CVE-2025-25586.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25586",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-18T16:15:27.047",
"lastModified": "2025-03-18T16:15:27.047",
"lastModified": "2025-03-19T19:15:45.367",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que yimioa anterior a v2024.07.04 conten\u00eda una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del componente /resources/application.yml."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-538"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/r1bbit/yimioa/issues/IBI7LR",

43
CVE-2025/CVE-2025-255xx/CVE-2025-25589.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25589",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-18T16:15:27.200",
"lastModified": "2025-03-18T16:15:27.200",
"lastModified": "2025-03-19T19:15:45.507",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de entidad externa XML (XXE) en el componente /weixin/aes/XMLParse.java de yimioa anterior a v2024.07.04 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante el suministro de un archivo XML manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-91"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/r1bbit/yimioa/issues/IBI81R",

43
CVE-2025/CVE-2025-255xx/CVE-2025-25590.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25590",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-18T15:16:00.373",
"lastModified": "2025-03-18T15:16:00.373",
"lastModified": "2025-03-19T19:15:45.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que yimioa anterior a v2024.07.04 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente /mapper/xml/AddressDao.xml."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/r1bbit/yimioa/issues/IBI7XH",

39
CVE-2025/CVE-2025-256xx/CVE-2025-25625.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-25625",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-13T15:15:53.650",
"lastModified": "2025-03-18T17:15:46.357",
"lastModified": "2025-03-19T19:15:45.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "FS Inc S3150 8T2F Switch s3150-8t2f-switch-fsos-220d_118101 tiene una vulnerabilidad de Cross Site Scripting (XSS) almacenado en la interfaz de administraci\u00f3n web."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/whitewhale-dmb/Vulnerability-Research/tree/main/CVE-2025-25625",

43
CVE-2025/CVE-2025-256xx/CVE-2025-25650.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25650",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-17T15:15:44.293",
"lastModified": "2025-03-17T15:15:44.293",
"lastModified": "2025-03-19T19:15:45.910",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows attackers to produce cloned NFC cards to bypass authentication."
},
{
"lang": "es",
"value": "Un problema en el almacenamiento de datos de tarjetas NFC en Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 permite a los atacantes producir tarjetas NFC clonadas para eludir la autenticaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/AbhijithAJ/Dorset_SmartLock_Vulnerability/blob/main/Dorset_Smart_Lock_Security_Assessment_Report.pdf",

43
CVE-2025/CVE-2025-256xx/CVE-2025-25684.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25684",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-17T17:15:39.463",
"lastModified": "2025-03-17T17:15:39.463",
"lastModified": "2025-03-19T20:15:19.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A lack of validation in the path parameter (/download) of GL-INet Beryl AX GL-MT3000 v4.7.0 allows attackers to download arbitrary files from the device's file system via a crafted POST request."
},
{
"lang": "es",
"value": "La falta de validaci\u00f3n en el par\u00e1metro de ruta (/download) de GL-INet Beryl AX GL-MT3000 v4.7.0 permite a los atacantes descargar archivos arbitrarios del sistema de archivos del dispositivo a trav\u00e9s de una solicitud POST manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://medium.com/@tfortinsec/multiple-path-traversal-vulnerabilities-in-the-beryl-ax-gl-mt300-router-e7f856d14af9",

45
CVE-2025/CVE-2025-258xx/CVE-2025-25871.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25871",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-14T16:15:40.767",
"lastModified": "2025-03-14T16:15:40.767",
"vulnStatus": "Received",
"lastModified": "2025-03-19T19:15:46.047",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function"
},
{
"lang": "es",
"value": "Un problema en Open Panel v.0.3.4 permite que un atacante remoto escale privilegios a trav\u00e9s de la funci\u00f3n Fix Permissions"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://openpanel.com/docs/changelog/0.3.5/#%EF%B8%8F-security-fixes",

45
CVE-2025/CVE-2025-258xx/CVE-2025-25872.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25872",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-14T16:15:40.870",
"lastModified": "2025-03-14T16:15:40.870",
"vulnStatus": "Received",
"lastModified": "2025-03-19T19:15:46.183",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function"
},
{
"lang": "es",
"value": "Un problema en Open Panel v.0.3.4 permite que un atacante remoto escale privilegios a trav\u00e9s de la funci\u00f3n Fix Permissions"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://openpanel.com/docs/changelog/0.3.5/#%EF%B8%8F-security-fixes",

45
CVE-2025/CVE-2025-258xx/CVE-2025-25873.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-25873",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-14T16:15:40.980",
"lastModified": "2025-03-14T16:15:40.980",
"vulnStatus": "Received",
"lastModified": "2025-03-19T19:15:46.320",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in Open Panel OpenAdmin v.0.3.4 allows a remote attacker to escalate privileges via the Change Root Password function"
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Request Forgery en Open Panel OpenAdmin v.0.3.4 permite que un atacante remoto escale privilegios a trav\u00e9s de la funci\u00f3n Cambiar contrase\u00f1a de superusuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://openpanel.com/docs/",

43
CVE-2025/CVE-2025-259xx/CVE-2025-25975.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-25975",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-12T19:15:40.147",
"lastModified": "2025-03-12T19:15:40.147",
"lastModified": "2025-03-19T19:15:46.453",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,11 +15,50 @@
"value": "Un problema en parse-git-config v.3.0.0 permite a un atacante obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n expandKeys"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/jonschlinkert/parse-git-config/issues/14",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/jonschlinkert/parse-git-config/issues/14",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

78
CVE-2025/CVE-2025-25xx/CVE-2025-2536.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-2536",
"sourceIdentifier": "security@liferay.com",
"published": "2025-03-19T19:15:50.560",
"lastModified": "2025-03-19T19:15:50.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's layout-taglib/__liferay__/index.js allows remote attackers to inject arbitrary web script or HTML via toastData parameter"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-2536",
"source": "security@liferay.com"
}
]
}

43
CVE-2025/CVE-2025-260xx/CVE-2025-26042.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26042",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-17T19:15:26.587",
"lastModified": "2025-03-17T19:15:26.587",
"lastModified": "2025-03-19T19:15:46.587",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uptime Kuma >== 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack."
},
{
"lang": "es",
"value": "Uptime Kuma >== 1.23.0 presenta una vulnerabilidad de ReDoS, espec\u00edficamente cuando un administrador crea una notificaci\u00f3n a trav\u00e9s del servicio web. Si se proporciona una cadena, se desencadena un retroceso catastr\u00f3fico en la expresi\u00f3n regular, lo que provoca un ataque de ReDoS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.5,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/louislam/uptime-kuma/issues/5574",

43
CVE-2025/CVE-2025-261xx/CVE-2025-26125.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2025-26125",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-17T18:15:21.763",
"lastModified": "2025-03-17T18:15:21.763",
"lastModified": "2025-03-19T19:15:46.717",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges."
},
{
"lang": "es",
"value": "Un ioctl expuesto en el controlador IMFForceDelete de IObit Malware Fighter v12.1.0 permite a los atacantes eliminar archivos arbitrariamente y escalar privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-782"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZeroMemoryEx/CVE-2025-26125",

Some files were not shown because too many files have changed in this diff Show More