admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-26T20:00:21.794550+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-26 20:04:00 +00:00
parent 2a2a2ecd7b
commit 7f7226949a
367 changed files with 3664 additions and 1228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2019/CVE-2019-65xx/CVE-2019-6535.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2019-6535",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2019-02-05T19:29:00.243",
"lastModified": "2025-06-26T17:15:29.873",
"lastModified": "2025-06-26T18:15:21.017",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash."
"value": "Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet stack crash and disruption to USB communication."
},
{
"lang": "es",

4
CVE-2019/CVE-2019-66xx/CVE-2019-6693.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-6693",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2019-11-21T16:15:13.173",
"lastModified": "2025-06-26T01:00:02.147",
"vulnStatus": "Modified",
"lastModified": "2025-06-26T19:31:29.797",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

4
CVE-2021/CVE-2021-416xx/CVE-2021-41691.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-41691",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-24T16:15:22.797",
"lastModified": "2025-06-25T15:15:20.810",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2021/CVE-2021-44xx/CVE-2021-4457.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2021-4457",
"sourceIdentifier": "contact@wpscan.com",
"published": "2025-06-25T15:15:21.100",
"lastModified": "2025-06-25T15:15:21.100",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server."
},
{
"lang": "es",
"value": "El complemento ZoomSounds anterior a la versi\u00f3n 6.05 contiene un archivo PHP que permite a los usuarios no autenticados cargar un archivo arbitrario en cualquier lugar del servidor web."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-449xx/CVE-2023-44915.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-44915",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-25T17:15:36.323",
"lastModified": "2025-06-25T18:15:21.283",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login_error parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting (XSS) en el componente /Login.php de c3crm hasta v3.0.4 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro login_error."
}
],
"metrics": {

9
CVE-2024/CVE-2024-07xx/CVE-2024-0769.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0769",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-21T08:15:07.550",
"lastModified": "2025-06-26T01:00:02.147",
"vulnStatus": "Modified",
"lastModified": "2025-06-26T19:29:56.650",
"vulnStatus": "Analyzed",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
@ -201,7 +201,10 @@
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0769",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
]
}
]
}

4
CVE-2024/CVE-2024-115xx/CVE-2024-11584.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11584",
"sourceIdentifier": "security@ubuntu.com",
"published": "2025-06-26T10:15:24.703",
"lastModified": "2025-06-26T13:15:28.650",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-276xx/CVE-2024-27685.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-27685",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-25T15:15:21.960",
"lastModified": "2025-06-25T16:15:25.390",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Student Record system Using PHP and MySQL v.3.20 allows a remote attacker to obtain sensitive information via a crafted payload to the $cshortname, $cfullname, and $cdate variables."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Student Record system Using PHP y MySQL v.3.20 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado para las variables $cshortname, $cfullname y $cdate."
}
],
"metrics": {

8
CVE-2024/CVE-2024-377xx/CVE-2024-37743.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37743",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-24T20:15:23.767",
"lastModified": "2025-06-24T20:15:23.767",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component."
},
{
"lang": "es",
"value": "Un problema en mmzdev KnowledgeGPT V.0.0.5 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del componente de visualizaci\u00f3n de documentos."
}
],
"metrics": {

4
CVE-2024/CVE-2024-519xx/CVE-2024-51977.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51977",
"sourceIdentifier": "cve@rapid7.com",
"published": "2025-06-25T08:15:30.053",
"lastModified": "2025-06-26T15:15:22.167",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-519xx/CVE-2024-51978.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-51978",
"sourceIdentifier": "cve@rapid7.com",
"published": "2025-06-25T08:15:31.223",
"lastModified": "2025-06-25T14:15:22.823",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request."
},
{
"lang": "es",
"value": "Un atacante no autenticado que conozca el n\u00famero de serie del dispositivo objetivo puede generar la contrase\u00f1a de administrador predeterminada. Un atacante no autenticado puede descubrir primero el n\u00famero de serie del dispositivo objetivo mediante CVE-2024-51977 a trav\u00e9s de HTTP/HTTPS/IPP, una solicitud PJL o una solicitud SNMP. "
}
],
"metrics": {

8
CVE-2024/CVE-2024-519xx/CVE-2024-51979.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-51979",
"sourceIdentifier": "cve@rapid7.com",
"published": "2025-06-25T08:15:31.590",
"lastModified": "2025-06-25T14:15:23.313",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631). The malformed request will contain an empty Origin header value and a malformed Referer header value. The Referer header value will trigger a stack based buffer overflow when the host value in the Referer header is processed and is greater than 64 bytes in length."
},
{
"lang": "es",
"value": "Un atacante autenticado puede provocar un desbordamiento de b\u00fafer basado en la pila mediante una solicitud malformada al servicio HTTP (puerto TCP 80), al servicio HTTPS (puerto TCP 443) o al servicio IPP (puerto TCP 631). La solicitud malformada contendr\u00e1 un valor de encabezado \"Origin\" vac\u00edo y un valor de encabezado \"Referer\" malformado. El valor de encabezado \"Referer\" provocar\u00e1 un desbordamiento de b\u00fafer basado en la pila cuando se procese el valor del host en el encabezado \"Referer\" y tenga una longitud superior a 64 bytes."
}
],
"metrics": {

8
CVE-2024/CVE-2024-519xx/CVE-2024-51980.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-51980",
"sourceIdentifier": "cve@rapid7.com",
"published": "2025-06-25T08:15:31.930",
"lastModified": "2025-06-25T15:15:22.187",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port 80) SOAP request. The attacker can not control the data sent in the SSRF connection, nor can the attacker receive any data back. This SSRF is suitable for TCP port scanning of an internal network when the Web service (HTTP TCP port 80) is exposed across a network segment."
},
{
"lang": "es",
"value": "Un atacante no autenticado puede realizar server side request forgery (SSRF) limitada, forzando al dispositivo objetivo a abrir una conexi\u00f3n TCP a un n\u00famero de puerto arbitrario en una direcci\u00f3n IP arbitraria. Esta SSRF aprovecha el elemento ReplyTo de WS-Addressing en una solicitud SOAP de servicio web (puerto TCP HTTP 80). El atacante no puede controlar los datos enviados en la conexi\u00f3n SSRF ni recibirlos a cambio. Esta SSRF es adecuada para el escaneo de puertos TCP de una red interna cuando el servicio web (puerto TCP HTTP 80) est\u00e1 expuesto en un segmento de red."
}
],
"metrics": {

8
CVE-2024/CVE-2024-519xx/CVE-2024-51981.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-51981",
"sourceIdentifier": "cve@rapid7.com",
"published": "2025-06-25T08:15:32.293",
"lastModified": "2025-06-25T15:15:22.713",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control all the HTTP data sent in the SSRF connection, but the attacker can not receive any data back from this connection."
},
{
"lang": "es",
"value": "Un atacante no autenticado podr\u00eda realizar server-side request forgery (SSRF) ciega debido a un problema de inyecci\u00f3n de CLRF que puede aprovecharse para el contrabando de solicitudes HTTP. Esta SSRF utiliza la funci\u00f3n WS-Addressing utilizada durante una operaci\u00f3n SOAP de suscripci\u00f3n WS-Eventing. El atacante puede controlar todos los datos HTTP enviados en la conexi\u00f3n SSRF, pero no puede recibirlos de vuelta."
}
],
"metrics": {

8
CVE-2024/CVE-2024-519xx/CVE-2024-51982.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-51982",
"sourceIdentifier": "cve@rapid7.com",
"published": "2025-06-25T08:15:32.650",
"lastModified": "2025-06-25T15:15:23.170",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash."
},
{
"lang": "es",
"value": "Un atacante no autenticado que se conecte al puerto TCP 9100 puede ejecutar un comando de lenguaje de trabajo de impresora (PJL) que bloquear\u00e1 el dispositivo objetivo. Este se reiniciar\u00e1, tras lo cual el atacante puede volver a ejecutar el comando para bloquearlo repetidamente. Una variable PJL mal formada, FORMLINES, se establece en un valor distinto de un n\u00famero, lo que provoca el bloqueo del dispositivo objetivo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-519xx/CVE-2024-51983.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-51983",
"sourceIdentifier": "cve@rapid7.com",
"published": "2025-06-25T08:15:32.873",
"lastModified": "2025-06-25T15:15:23.390",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device."
},
{
"lang": "es",
"value": "Un atacante no autenticado que pueda conectarse a la funci\u00f3n de Servicios Web (puerto HTTP TCP 80) puede emitir una solicitud SOAP WS-Scan con un valor JobToken inesperado que bloquear\u00e1 el dispositivo objetivo. El dispositivo se reiniciar\u00e1, tras lo cual el atacante puede volver a ejecutar el comando para bloquearlo repetidamente."
}
],
"metrics": {

8
CVE-2024/CVE-2024-519xx/CVE-2024-51984.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-51984",
"sourceIdentifier": "cve@rapid7.com",
"published": "2025-06-25T08:15:33.220",
"lastModified": "2025-06-25T15:15:23.853",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the existing credentials for that external service. In the case of an external LDAP or FTP service, this will disclose the plaintext password for that external service to the attacker."
},
{
"lang": "es",
"value": "Un atacante autenticado puede reconfigurar el dispositivo objetivo para que use un servicio externo (como LDAP o FTP) controlado por \u00e9l. Si existe una contrase\u00f1a para un servicio externo, el atacante puede forzar al dispositivo objetivo a autenticarse en un dispositivo controlado por \u00e9l utilizando las credenciales existentes para ese servicio externo. En el caso de un servicio LDAP o FTP externo, esto revelar\u00e1 la contrase\u00f1a en texto plano de ese servicio externo al atacante."
}
],
"metrics": {

4
CVE-2024/CVE-2024-529xx/CVE-2024-52928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-52928",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-26T17:15:30.287",
"lastModified": "2025-06-26T17:15:30.287",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

315
CVE-2024/CVE-2024-540xx/CVE-2024-54085.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54085",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2025-03-11T14:15:22.893",
"lastModified": "2025-06-26T01:00:02.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-26T19:29:28.430",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,6 +59,28 @@
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"cisaExploitAdd": "2025-06-25",
@ -77,22 +99,303 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12",
"versionEndExcluding": "12.7",
"matchCriteriaId": "402A5B6D-465C-4CC8-B75C-F96F0DE0A67C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13",
"versionEndExcluding": "13.5",
"matchCriteriaId": "CC09C9C4-F549-4EB7-9EE3-64C4C6E8633D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:sg6160_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "503414B6-66ED-4280-BBA7-8CE250F1049A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:sg6160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F84B8A44-FC01-4211-B5B3-A0931F9E82CC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:sgf6112_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12BD7C95-1574-4414-80F3-F17BD75DFEFE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:sgf6112:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1323E5-8C23-42D3-94FB-D06D5EADF278"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:sg110_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC09386-D8C1-4EEF-8E21-AFCAE3891510"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:sg110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083478BA-3640-4A85-8114-07BC1FE083D7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:sg1100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81305B7C-0070-4B4D-8B0C-34AD60E58994"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netapp:sg1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "379CF2E2-D43B-4DD1-AABA-885397BB7D64"
}
]
}
]
}
],
"references": [
{
"url": "https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0003/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54085",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0003/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-567xx/CVE-2024-56731.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-56731",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-06-24T04:15:45.813",
"lastModified": "2025-06-24T04:15:45.813",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users' code hosted on the same instance. This issue has been patched in version 0.13.3."
},
{
"lang": "es",
"value": "Gogs es un servicio Git autoalojado de c\u00f3digo abierto. Antes de la versi\u00f3n 0.13.3, a\u00fan era posible eliminar archivos del directorio .git y ejecutar comandos de forma remota debido a un parche insuficiente para CVE-2024-39931. Las cuentas de usuario sin privilegios pueden ejecutar comandos arbitrarios en la instancia de Gogs con los privilegios de la cuenta especificada por RUN_USER en la configuraci\u00f3n. Esto permite a los atacantes acceder y modificar el c\u00f3digo de cualquier usuario alojado en la misma instancia. Este problema se ha corregido en la versi\u00f3n 0.13.3."
}
],
"metrics": {

4
CVE-2024/CVE-2024-569xx/CVE-2024-56915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-56915",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-26T15:15:22.570",
"lastModified": "2025-06-26T16:15:25.910",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-569xx/CVE-2024-56916.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-56916",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-24T18:15:24.240",
"lastModified": "2025-06-24T20:15:24.643",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a Configuration History version or attempts to Add a new version, the XSS payload will trigger."
},
{
"lang": "es",
"value": "En Netbox Community 4.1.7, una vez autenticado, la opci\u00f3n \"Historial de Configuraci\u00f3n > Agregar\" es vulnerable a ataques de Cross-Site Scripting (XSS) debido a que el campo \"valor actual\" representa el HTML proporcionado por el usuario. Un atacante autenticado puede aprovechar esto para agregar JavaScript malicioso al campo \"Cualquier banner\". Al editar una versi\u00f3n del Historial de Configuraci\u00f3n o intentar agregar una nueva versi\u00f3n, se activa el payload XSS."
}
],
"metrics": {

8
CVE-2024/CVE-2024-569xx/CVE-2024-56917.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-56917",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-24T20:15:24.790",
"lastModified": "2025-06-24T20:15:24.790",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode."
},
{
"lang": "es",
"value": "Netbox Community 4.1.7 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s del banner de mantenimiento en modo de mantenimiento."
}
],
"metrics": {

8
CVE-2024/CVE-2024-569xx/CVE-2024-56918.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-56918",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-24T17:15:29.333",
"lastModified": "2025-06-24T20:15:24.953",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form."
},
{
"lang": "es",
"value": "En Netbox Community 4.1.7, la p\u00e1gina de inicio de sesi\u00f3n es vulnerable a Cross-Site Scripting (XSS), lo que permite que un atacante autenticado y privilegiado filtre la entrada del usuario del formulario de inicio de sesi\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-577xx/CVE-2024-57708.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-57708",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-25T16:15:25.590",
"lastModified": "2025-06-26T05:15:23.387",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier who does not agree it is a prototype pollution vulnerability."
},
{
"lang": "es",
"value": "Un problema en el SDK de OneTrust v.6.33.0 permite que un atacante local provoque una denegaci\u00f3n de servicio mediante los componentes Object.setPrototypeOf, __proto__ y Object.assign. NOTA: El proveedor lo niega y no acepta que se trate de una vulnerabilidad de contaminaci\u00f3n del prototipo."
}
],
"metrics": {

16
CVE-2024/CVE-2024-61xx/CVE-2024-6174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6174",
"sourceIdentifier": "security@ubuntu.com",
"published": "2025-06-26T10:15:25.133",
"lastModified": "2025-06-26T10:15:25.133",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -35,6 +35,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/canonical/cloud-init/releases/tag/25.1.3",

8
CVE-2025/CVE-2025-09xx/CVE-2025-0966.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-0966",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-25T03:15:26.580",
"lastModified": "2025-06-25T03:15:26.580",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a la inyecci\u00f3n SQL. Un atacante remoto podr\u00eda enviar sentencias SQL especialmente manipuladas, lo que le permitir\u00eda ver, a\u00f1adir, modificar o eliminar informaci\u00f3n en la base de datos backend."
}
],
"metrics": {

8
CVE-2025/CVE-2025-17xx/CVE-2025-1718.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-1718",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2025-06-24T12:15:20.033",
"lastModified": "2025-06-24T14:15:27.847",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM600-IO series device to reboot due to improper disk space management."
},
{
"lang": "es",
"value": "Un usuario autenticado con privilegio de acceso a archivos a trav\u00e9s de acceso FTP puede provocar que el dispositivo de la serie Relion 670/650 y SAM600-IO se reinicie debido a una administraci\u00f3n incorrecta del espacio en disco."
}
],
"metrics": {

8
CVE-2025/CVE-2025-17xx/CVE-2025-1754.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-1754",
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-06-26T06:15:22.570",
"lastModified": "2025-06-26T06:15:22.570",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde la 17.2 hasta la 17.11.5, la 18.0 hasta la 18.0.3 y la 18.1 hasta la 18.1.1 que podr\u00eda haber permitido a atacantes no autenticados cargar archivos arbitrarios en proyectos p\u00fablicos mediante el env\u00edo de solicitudes de API manipuladas, lo que podr\u00eda provocar un abuso de recursos y un almacenamiento de contenido no autorizado."
}
],
"metrics": {

8
CVE-2025/CVE-2025-202xx/CVE-2025-20264.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-20264",
"sourceIdentifier": "psirt@cisco.com",
"published": "2025-06-25T16:15:25.833",
"lastModified": "2025-06-25T16:15:25.833",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.\r\n\r\nThis vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online. "
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco Identity Services Engine (ISE) podr\u00eda permitir que un atacante remoto autenticado eluda los mecanismos de autorizaci\u00f3n para funciones administrativas espec\u00edficas. Esta vulnerabilidad se debe a la insuficiencia de los mecanismos de aplicaci\u00f3n de la autorizaci\u00f3n para los usuarios creados por la integraci\u00f3n de SSO SAML con un proveedor de identidad externo. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una serie de comandos espec\u00edficos a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitirle modificar un n\u00famero limitado de configuraciones del sistema, incluyendo algunas que provocar\u00edan el reinicio del sistema. En implementaciones de Cisco ISE de un solo nodo, los dispositivos que no est\u00e9n autenticados en la red no podr\u00e1n autenticarse hasta que el sistema Cisco ISE vuelva a estar en l\u00ednea."
}
],
"metrics": {

8
CVE-2025/CVE-2025-202xx/CVE-2025-20281.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-20281",
"sourceIdentifier": "psirt@cisco.com",
"published": "2025-06-25T16:15:26.017",
"lastModified": "2025-06-25T16:15:26.017",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en una API espec\u00edfica de Cisco ISE y Cisco ISE-PIC podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario en el sistema operativo subyacente como root. El atacante no necesita credenciales v\u00e1lidas para explotar esta vulnerabilidad. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la informaci\u00f3n proporcionada por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud de API manipulada. Una explotaci\u00f3n exitosa podr\u00eda permitirle obtener privilegios de root en un dispositivo afectado."
}
],
"metrics": {

8
CVE-2025/CVE-2025-202xx/CVE-2025-20282.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-20282",
"sourceIdentifier": "psirt@cisco.com",
"published": "2025-06-25T17:15:37.490",
"lastModified": "2025-06-25T17:15:37.490",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root.\r\n\r\nThis vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en una API interna de Cisco ISE y Cisco ISE-PIC podr\u00eda permitir que un atacante remoto no autenticado cargue archivos arbitrarios en un dispositivo afectado y los ejecute en el sistema operativo subyacente como root. Esta vulnerabilidad se debe a la falta de comprobaciones de validaci\u00f3n de archivos que impedir\u00edan que los archivos cargados se colocaran en directorios privilegiados en un sistema afectado. Un atacante podr\u00eda explotar esta vulnerabilidad subiendo un archivo manipulado al dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitirle almacenar archivos maliciosos en el sistema afectado y luego ejecutar c\u00f3digo arbitrario u obtener privilegios de root."
}
],
"metrics": {

4
CVE-2025/CVE-2025-230xx/CVE-2025-23092.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-23092",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-23T21:15:24.460",
"lastModified": "2025-06-24T18:15:24.360",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-232xx/CVE-2025-23260.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-23260",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2025-06-24T18:15:24.533",
"lastModified": "2025-06-24T18:15:24.533",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure."
},
{
"lang": "es",
"value": "NVIDIA AIStore contiene una vulnerabilidad en el operador AIS que permite a un usuario obtener acceso elevado al cl\u00faster k8s mediante la cuenta de servicio asociada al rol de cl\u00faster. Explotar esta vulnerabilidad podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n."
}
],
"metrics": {

8
CVE-2025/CVE-2025-232xx/CVE-2025-23264.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-23264",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2025-06-24T16:15:25.990",
"lastModified": "2025-06-24T16:15:25.990",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering."
},
{
"lang": "es",
"value": "NVIDIA Megatron-LM para todas las plataformas contiene una vulnerabilidad en un componente de Python que permite a un atacante causar un problema de inyecci\u00f3n de c\u00f3digo al proporcionar un archivo malicioso. Explotar esta vulnerabilidad puede provocar ejecuci\u00f3n de c\u00f3digo, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."
}
],
"metrics": {

8
CVE-2025/CVE-2025-232xx/CVE-2025-23265.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-23265",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2025-06-24T16:15:26.183",
"lastModified": "2025-06-24T16:15:26.183",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering."
},
{
"lang": "es",
"value": "NVIDIA Megatron-LM para todas las plataformas contiene una vulnerabilidad en un componente de Python que permite a un atacante causar un problema de inyecci\u00f3n de c\u00f3digo al proporcionar un archivo malicioso. Explotar esta vulnerabilidad puede provocar ejecuci\u00f3n de c\u00f3digo, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."
}
],
"metrics": {

8
CVE-2025/CVE-2025-24xx/CVE-2025-2403.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-2403",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2025-06-24T12:15:20.863",
"lastModified": "2025-06-24T14:15:28.330",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service vulnerability due to improper prioritization of network traffic over protection mechanism exists in Relion 670/650 and SAM600-IO series device that if exploited could potentially cause critical functions like LDCM (Line Distance Communication Module) to malfunction."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio debido a una priorizaci\u00f3n incorrecta del tr\u00e1fico de red sobre el mecanismo de protecci\u00f3n en los dispositivos de las series Relion 670/650 y SAM600-IO que, si se explota, podr\u00eda provocar que funciones cr\u00edticas como LDCM (m\u00f3dulo de comunicaci\u00f3n de distancia de l\u00ednea) funcionen mal."
}
],
"metrics": {

8
CVE-2025/CVE-2025-250xx/CVE-2025-25012.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-25012",
"sourceIdentifier": "bressers@elastic.co",
"published": "2025-06-25T12:15:19.920",
"lastModified": "2025-06-25T12:15:19.920",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL."
},
{
"lang": "es",
"value": "La redirecci\u00f3n de URL a un sitio no confiable (\"Redirecci\u00f3n abierta\") en Kibana puede llevar al env\u00edo de un usuario a un sitio arbitrario y a server-side request forgery a trav\u00e9s de una URL especialmente manipulada."
}
],
"metrics": {

8
CVE-2025/CVE-2025-259xx/CVE-2025-25905.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-25905",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-25T16:15:26.173",
"lastModified": "2025-06-25T16:15:26.173",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the \"tree\" parameter."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross site scripting (XSS) en CADClick v1.13.0 y anteriores permite a atacantes remotos inyectar script web o HTML arbitrarios a trav\u00e9s del par\u00e1metro \"\u00e1rbol\". "
}
],
"metrics": {

8
CVE-2025/CVE-2025-25xx/CVE-2025-2566.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-2566",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-06-24T19:15:23.520",
"lastModified": "2025-06-24T19:15:23.520",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server."
},
{
"lang": "es",
"value": "Kaleris NAVIS N4 ULC (Cliente Ultraligero) contiene una vulnerabilidad de deserializaci\u00f3n de Java insegura. Un atacante no autenticado puede realizar solicitudes especialmente manipuladas para ejecutar c\u00f3digo arbitrario en el servidor."
}
],
"metrics": {

8
CVE-2025/CVE-2025-278xx/CVE-2025-27827.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-27827",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-24T14:15:28.050",
"lastModified": "2025-06-24T15:15:23.000",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker to access sensitive information, leading to unauthorized access to active chat rooms, reading chat data, and sending messages during an active chat session."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente de chat heredado de Mitel MiContact Center Business (versi\u00f3n 10.2.0.3) podr\u00eda permitir que un atacante no autenticado realice un ataque de divulgaci\u00f3n de informaci\u00f3n mediante el manejo inadecuado de los datos de la sesi\u00f3n. Una explotaci\u00f3n exitosa requiere la interacci\u00f3n del usuario y podr\u00eda permitir que un atacante acceda a informaci\u00f3n confidencial, lo que conlleva el acceso no autorizado a salas de chat activas, la lectura de datos de chat y el env\u00edo de mensajes durante una sesi\u00f3n de chat activa."
}
],
"metrics": {

8
CVE-2025/CVE-2025-278xx/CVE-2025-27828.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-27828",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-24T14:15:28.200",
"lastModified": "2025-06-24T15:15:23.267",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through 10.2.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts with a limited impact on the confidentiality and the integrity."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente de chat heredado de Mitel MiContact Center Business (versiones 10.0.0.4, 10.1.0.0 a 10.1.0.5 y 10.2.0.0 a 10.2.0.4) podr\u00eda permitir que un atacante no autenticado realice un ataque de cross-site scripting (XSS) reflejado debido a una validaci\u00f3n de entrada insuficiente. Una explotaci\u00f3n exitosa requiere la interacci\u00f3n del usuario y podr\u00eda permitir que un atacante ejecute secuencias de comandos arbitrarias con un impacto limitado en la confidencialidad y la integridad."
}
],
"metrics": {

8
CVE-2025/CVE-2025-28xx/CVE-2025-2828.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-2828",
"sourceIdentifier": "security@huntr.dev",
"published": "2025-06-23T21:15:25.210",
"lastModified": "2025-06-24T14:15:28.490",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en el componente RequestsToolkit del paquete langchain-community (en concreto, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) en la versi\u00f3n 0.0.27 de langchain-ai/langchain. Esta vulnerabilidad se debe a que el kit de herramientas no impone restricciones a las solicitudes a direcciones de internet remotas, lo que le permite acceder tambi\u00e9n a direcciones locales. Por lo tanto, un atacante podr\u00eda explotar esta vulnerabilidad para realizar escaneos de puertos, acceder a servicios locales, recuperar metadatos de instancias de entornos en la nube (p. ej., Azure, AWS) e interactuar con servidores de la red local. Este problema se ha corregido en la versi\u00f3n 0.0.28."
}
],
"metrics": {

4
CVE-2025/CVE-2025-293xx/CVE-2025-29331.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-29331",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-26T15:15:22.690",
"lastModified": "2025-06-26T16:15:26.300",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-29xx/CVE-2025-2938.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-2938",
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-06-26T06:15:22.980",
"lastModified": "2025-06-26T06:15:22.980",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde la 17.3 hasta la 17.11.5, la 18.0 hasta la 18.0.3 y la 18.1 hasta la 18.1.1 que podr\u00eda haber permitido que usuarios autenticados obtuvieran privilegios elevados de proyecto al solicitar acceso a proyectos en los que las modificaciones de roles durante el proceso de aprobaci\u00f3n dieron como resultado concesiones de permisos no deseadas."
}
],
"metrics": {

8
CVE-2025/CVE-2025-29xx/CVE-2025-2962.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-2962",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2025-06-24T06:15:21.343",
"lastModified": "2025-06-24T06:15:21.343",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service issue in the dns implemenation could cause an infinite loop."
},
{
"lang": "es",
"value": "Un problema de denegaci\u00f3n de servicio en la implementaci\u00f3n de DNS podr\u00eda provocar un bucle infinito."
}
],
"metrics": {

4
CVE-2025/CVE-2025-301xx/CVE-2025-30131.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-30131",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-26T17:15:30.743",
"lastModified": "2025-06-26T17:15:30.743",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

28
CVE-2025/CVE-2025-307xx/CVE-2025-30702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-30702",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:15:59.580",
"lastModified": "2025-04-17T18:15:50.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-26T19:14:33.750",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:fleet_patching_and_provisioning:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.3",
"versionEndIncluding": "19.26",
"matchCriteriaId": "B3089FB7-357B-48CC-9ED0-951759B50A57"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

28
CVE-2025/CVE-2025-307xx/CVE-2025-30708.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-30708",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-04-15T21:16:00.290",
"lastModified": "2025-04-17T18:15:50.460",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-26T18:57:46.120",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,10 +51,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:user_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.2.4",
"versionEndIncluding": "12.2.14",
"matchCriteriaId": "2F73E832-8633-4852-B4AD-59A17644AEC9"
}
]
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2025/CVE-2025-30xx/CVE-2025-3090.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-3090",
"sourceIdentifier": "info@cert.vde.com",
"published": "2025-06-24T08:15:23.110",
"lastModified": "2025-06-24T08:15:23.110",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function."
},
{
"lang": "es",
"value": "Un atacante remoto no autenticado puede obtener informaci\u00f3n confidencial limitada y/o atacar el dispositivo debido a la falta de autenticaci\u00f3n para una funci\u00f3n cr\u00edtica."
}
],
"metrics": {

8
CVE-2025/CVE-2025-30xx/CVE-2025-3091.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-3091",
"sourceIdentifier": "info@cert.vde.com",
"published": "2025-06-24T09:15:25.190",
"lastModified": "2025-06-24T09:15:25.190",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password."
},
{
"lang": "es",
"value": "Un atacante remoto con pocos privilegios en posesi\u00f3n del segundo factor de otro usuario puede iniciar sesi\u00f3n como ese usuario sin conocer la contrase\u00f1a del otro usuario."
}
],
"metrics": {

8
CVE-2025/CVE-2025-30xx/CVE-2025-3092.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-3092",
"sourceIdentifier": "info@cert.vde.com",
"published": "2025-06-24T09:15:25.407",
"lastModified": "2025-06-24T09:15:25.407",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint."
},
{
"lang": "es",
"value": "Un atacante remoto no autenticado puede enumerar nombres de usuarios v\u00e1lidos desde un endpoint desprotegido."
}
],
"metrics": {

8
CVE-2025/CVE-2025-329xx/CVE-2025-32975.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-32975",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-24T15:15:23.710",
"lastModified": "2025-06-24T15:15:23.710",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover."
},
{
"lang": "es",
"value": "Quest KACE Systems Management Appliance (SMA) 13.0.x (anterior a la 13.0.385), 13.1.x (anterior a la 13.1.81), 13.2.x (anterior a la 13.2.183), 14.0.x (anterior a la 14.0.341 [Parche 5]) y 14.1.x (anterior a la 14.1.101 [Parche 4]) contienen una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n que permite a los atacantes suplantar la identidad de usuarios leg\u00edtimos sin credenciales v\u00e1lidas. Esta vulnerabilidad se encuentra en el mecanismo de gesti\u00f3n de la autenticaci\u00f3n SSO y puede provocar la toma de control administrativo completo."
}
],
"metrics": {

8
CVE-2025/CVE-2025-329xx/CVE-2025-32976.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-32976",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-24T15:15:23.930",
"lastModified": "2025-06-24T16:15:26.930",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains a logic flaw in its two-factor authentication implementation that allows authenticated users to bypass TOTP-based 2FA requirements. The vulnerability exists in the 2FA validation process and can be exploited to gain elevated access."
},
{
"lang": "es",
"value": "Quest KACE Systems Management Appliance (SMA) 13.0.x (anterior a la versi\u00f3n 13.0.385), 13.1.x (anterior a la versi\u00f3n 13.1.81), 13.2.x (anterior a la versi\u00f3n 13.2.183), 14.0.x (anterior a la versi\u00f3n 14.0.341 [Parche 5]) y 14.1.x (anterior a la versi\u00f3n 14.1.101 [Parche 4]) contiene una falla l\u00f3gica en su implementaci\u00f3n de autenticaci\u00f3n de dos factores que permite a los usuarios autenticados eludir los requisitos de autenticaci\u00f3n de dos factores basada en TOTP. La vulnerabilidad existe en el proceso de validaci\u00f3n de dos factores y puede explotarse para obtener acceso elevado."
}
],
"metrics": {

8
CVE-2025/CVE-2025-329xx/CVE-2025-32977.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-32977",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-24T15:15:24.063",
"lastModified": "2025-06-24T15:15:24.063",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to upload backup files to the system. While signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity."
},
{
"lang": "es",
"value": "Quest KACE Systems Management Appliance (SMA) 13.0.x (anterior a la 13.0.385), 13.1.x (anterior a la 13.1.81), 13.2.x (anterior a la 13.2.183), 14.0.x (anterior a la 14.0.341 [Parche 5]) y 14.1.x (anterior a la 14.1.101 [Parche 4]) permiten a usuarios no autenticados cargar archivos de copia de seguridad al sistema. Aunque se implementa la validaci\u00f3n de firmas, las vulnerabilidades en el proceso de validaci\u00f3n pueden explotarse para cargar contenido de copia de seguridad malicioso que podr\u00eda comprometer la integridad del sistema."
}
],
"metrics": {

8
CVE-2025/CVE-2025-329xx/CVE-2025-32978.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-32978",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-24T15:15:24.260",
"lastModified": "2025-06-24T15:15:24.260",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service."
},
{
"lang": "es",
"value": "Quest KACE Systems Management Appliance (SMA) 13.0.x (anterior a la 13.0.385), 13.1.x (anterior a la 13.1.81), 13.2.x (anterior a la 13.2.183), 14.0.x (anterior a la 14.0.341 [Parche 5]) y 14.1.x (anterior a la 14.1.101 [Parche 4]) permite a usuarios no autenticados reemplazar licencias del sistema a trav\u00e9s de una interfaz web dise\u00f1ada para la renovaci\u00f3n de licencias. Los atacantes pueden aprovechar esta vulnerabilidad para reemplazar licencias v\u00e1lidas por licencias caducadas o de prueba, lo que provoca una denegaci\u00f3n de servicio."
}
],
"metrics": {

8
CVE-2025/CVE-2025-32xx/CVE-2025-3279.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-3279",
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-06-26T06:15:23.307",
"lastModified": "2025-06-26T06:15:23.307",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde la 10.7 hasta la 17.11.5, la 18.0 hasta la 18.0.3 y la 18.1 hasta la 18.1.1 que podr\u00eda haber permitido a atacantes autenticados crear una condici\u00f3n de denegaci\u00f3n de servicio mediante el env\u00edo de solicitudes GraphQL manipuladas."
}
],
"metrics": {

4
CVE-2025/CVE-2025-340xx/CVE-2025-34031.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-34031",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-24T01:15:23.340",
"lastModified": "2025-06-25T13:15:25.270",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-340xx/CVE-2025-34032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-34032",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-24T01:15:24.350",
"lastModified": "2025-06-25T13:15:25.400",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-340xx/CVE-2025-34033.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-34033",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-24T01:15:24.493",
"lastModified": "2025-06-24T22:15:21.157",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the ping_addr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can inject arbitrary commands by appending shell metacharacters to the ping_addr parameter in a crafted GET request to /cgi-bin/webctrl.cgi?action=pingtest_update. The command's output is reflected in the application's web interface, enabling attackers to view results directly. Default and backdoor credentials can be used to access the interface and exploit the issue. Successful exploitation results in arbitrary command execution as the root user."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en Blue Angel Software Suite, que se ejecuta en dispositivos Linux integrados, mediante el par\u00e1metro ping_addr del script webctrl.cgi. La aplicaci\u00f3n no depura correctamente la entrada antes de pasarla al comando ping a nivel de sistema. Un atacante autenticado puede inyectar comandos arbitrarios a\u00f1adiendo metacaracteres de shell al par\u00e1metro ping_addr en una solicitud GET manipulada a /cgi-bin/webctrl.cgi?action=pingtest_update. La salida del comando se refleja en la interfaz web de la aplicaci\u00f3n, lo que permite a los atacantes ver los resultados directamente. Se pueden usar credenciales predeterminadas y de puerta trasera para acceder a la interfaz y explotar el problema. Una explotaci\u00f3n exitosa resulta en la ejecuci\u00f3n de comandos arbitrarios como usuario root. "
}
],
"metrics": {

8
CVE-2025/CVE-2025-340xx/CVE-2025-34034.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-34034",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-24T01:15:24.630",
"lastModified": "2025-06-24T22:15:22.230",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device\u2019s web interface."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de credenciales codificada en Blue Angel Software Suite, implementada en sistemas Linux incorporados. La aplicaci\u00f3n contiene varias cuentas de usuario predeterminadas y codificadas que no se divulgan en la documentaci\u00f3n p\u00fablica. Estas cuentas permiten a atacantes no autenticados o con pocos privilegios obtener acceso administrativo a la interfaz web del dispositivo. "
}
],
"metrics": {

8
CVE-2025/CVE-2025-340xx/CVE-2025-34035.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-34035",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-24T01:15:24.763",
"lastModified": "2025-06-24T14:15:28.820",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en EnGenius EnShare Cloud Service versi\u00f3n 1.4.11 y anteriores. El script usbinteract.cgi no depura correctamente la entrada del usuario enviada al par\u00e1metro path, lo que permite a atacantes remotos no autenticados inyectar comandos de shell arbitrarios. Los comandos inyectados se ejecutan con privilegios de root, lo que compromete por completo el sistema."
}
],
"metrics": {

8
CVE-2025/CVE-2025-340xx/CVE-2025-34036.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-34036",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-24T01:15:24.903",
"lastModified": "2025-06-24T14:15:28.953",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in white-labeled DVRs manufactured by TVT, affecting a custom HTTP service called \"Cross Web Server\" that listens on TCP ports 81 and 82. The web interface fails to sanitize input in the URI path passed to the language extraction functionality. When the server processes a request to /language/[lang]/index.html, it uses the [lang] input unsafely in a tar extraction command without proper escaping. This allows an unauthenticated remote attacker to inject shell commands and achieve arbitrary command execution as root."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en los DVR de marca blanca fabricados por TVT, que afecta a un servicio HTTP personalizado llamado \"Cross Web Server\" que escucha en los puertos TCP 81 y 82. La interfaz web no depura la entrada en la ruta URI enviada a la funci\u00f3n de extracci\u00f3n de idioma. Cuando el servidor procesa una solicitud a /language/[lang]/index.html, utiliza la entrada [lang] de forma insegura en un comando de extracci\u00f3n de tar sin el escape adecuado. Esto permite que un atacante remoto no autenticado inyecte comandos de shell y ejecute comandos arbitrarios como root."
}
],
"metrics": {

8
CVE-2025/CVE-2025-340xx/CVE-2025-34037.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-34037",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-24T01:15:25.037",
"lastModified": "2025-06-24T03:15:33.400",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in various models of E-Series Linksys\u00a0routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability is exploited in the wild by the \"TheMoon\" worm to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. This vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en varios modelos de routers E-Series Linksys a trav\u00e9s de los endpoints /tmUnblock.cgi y /hndUnblock.cgi a trav\u00e9s de HTTP en el puerto 8080. Los scripts CGI procesan incorrectamente la entrada proporcionada por el usuario al par\u00e1metro ttcp_ip sin sanitizarla, lo que permite a atacantes no autenticados inyectar comandos de shell. Esta vulnerabilidad es explotada por el gusano \"TheMoon\" para desplegar un payload MIPS ELF, lo que permite la ejecuci\u00f3n de c\u00f3digo arbitrario en el router. Esta vulnerabilidad puede afectar a otros productos Linksys, incluyendo, entre otros, los modelos de routers de las series WAG/WAP/WES/WET/WRT y los puntos de acceso y routers Wireless-N."
}
],
"metrics": {

8
CVE-2025/CVE-2025-340xx/CVE-2025-34038.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-34038",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-24T02:15:21.667",
"lastModified": "2025-06-24T03:15:33.507",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in Fanwei e-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId workflow in the AjaxManager. This allows unauthenticated attackers to execute arbitrary SQL queries, potentially exposing sensitive data such as administrator password hashes."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en Fanwei e-cology 8.0 a trav\u00e9s del endpoint getdata.jsp. La aplicaci\u00f3n pasa directamente la entrada de usuario no saneada del par\u00e1metro sql a una consulta de base de datos dentro del m\u00e9todo getSelectAllIds(sql, type), accesible mediante el flujo de trabajo cmd=getSelectAllId en AjaxManager. Esto permite a atacantes no autenticados ejecutar consultas SQL arbitrarias, lo que podr\u00eda exponer datos confidenciales, como hashes de contrase\u00f1as de administrador."
}
],
"metrics": {

8
CVE-2025/CVE-2025-340xx/CVE-2025-34039.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-34039",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-24T02:15:22.540",
"lastModified": "2025-06-24T02:15:22.540",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This can be exploited to run system commands and ultimately gain full control over the target server. The issue is rooted in a third-party JAR component bundled with the application, and the servlet is accessible without authentication on vulnerable installations."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en Yonyou UFIDA NC v6.5 y versiones anteriores debido a la exposici\u00f3n del servlet de pruebas BeanShell (bsh.servlet.BshServlet) sin los controles de acceso adecuados. El servlet permite a atacantes remotos no autenticados ejecutar c\u00f3digo Java arbitrario mediante el par\u00e1metro bsh.script. Esto puede explotarse para ejecutar comandos del sistema y, en \u00faltima instancia, obtener el control total del servidor objetivo. El problema se origina en un componente JAR de terceros incluido en la aplicaci\u00f3n, y el servlet es accesible sin autenticaci\u00f3n en instalaciones vulnerables."
}
],
"metrics": {

8
CVE-2025/CVE-2025-340xx/CVE-2025-34040.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-34040",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-24T02:15:22.673",
"lastModified": "2025-06-24T02:15:22.673",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directories using path traversal. Successful exploitation enables remote code execution as the uploaded file can be accessed and executed through the web server."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de carga arbitraria de archivos en la plataforma Zhiyuan OA 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1 y 8.0 - 8.0sp2 a trav\u00e9s de la interfaz wpsAssistServlet. Los par\u00e1metros realFileType y fileId se validan incorrectamente durante la carga de archivos multiparte, lo que permite a atacantes no autenticados cargar archivos JSP manipulados fuera de los directorios previstos mediante el path traversal Una explotaci\u00f3n exitosa permite la ejecuci\u00f3n remota de c\u00f3digo, ya que se puede acceder y ejecutar el archivo cargado a trav\u00e9s del servidor web."
}
],
"metrics": {

8
CVE-2025/CVE-2025-340xx/CVE-2025-34041.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-34041",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-24T02:15:22.820",
"lastModified": "2025-06-24T02:15:22.820",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated attackers to construct and send malicious HTTP requests to the EDR Manager interface, leading to arbitrary command execution with elevated privileges. This flaw only affects the Chinese-language EDR builds."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en las versiones en chino de la plataforma de gesti\u00f3n Sangfor Endpoint Detection and Response (EDR) 3.2.16, 3.2.17 y 3.2.19. Esta vulnerabilidad permite a atacantes no autenticados crear y enviar solicitudes HTTP maliciosas a la interfaz del Administrador de EDR, lo que provoca la ejecuci\u00f3n de comandos arbitrarios con privilegios elevados. Esta falla solo afecta a las compilaciones de EDR en chino."
}
],
"metrics": {

4
CVE-2025/CVE-2025-340xx/CVE-2025-34042.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-34042",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-26T16:15:27.197",
"lastModified": "2025-06-26T16:15:27.197",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-340xx/CVE-2025-34043.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-34043",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-26T16:15:27.490",
"lastModified": "2025-06-26T16:15:27.490",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-340xx/CVE-2025-34044.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-34044",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-26T16:15:27.670",
"lastModified": "2025-06-26T16:15:27.670",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-340xx/CVE-2025-34045.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-34045",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-26T16:15:27.830",
"lastModified": "2025-06-26T16:15:27.830",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-340xx/CVE-2025-34046.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-34046",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-26T16:15:27.987",
"lastModified": "2025-06-26T16:15:27.987",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-340xx/CVE-2025-34047.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-34047",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-26T16:15:28.140",
"lastModified": "2025-06-26T16:15:28.140",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-340xx/CVE-2025-34048.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-34048",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-26T16:15:28.273",
"lastModified": "2025-06-26T16:15:28.273",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-340xx/CVE-2025-34049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-34049",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2025-06-26T16:15:28.413",
"lastModified": "2025-06-26T16:15:28.413",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

87
CVE-2025/CVE-2025-35xx/CVE-2025-3568.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3568",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-14T14:15:25.630",
"lastModified": "2025-04-15T18:39:27.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-26T19:21:05.930",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -63,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV2": [
@ -122,28 +142,79 @@
"value": "CWE-94"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webkul:krayin_crm:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF19D6B3-C3A2-4C2E-9661-36A9F1B62246"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webkul:krayin_crm:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "411B1AF0-FD00-4BD0-9196-7A8C98DDA09F"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1LMzZyCgloWquJRWzJAV2bpWMTuiMs6Xa/view?usp=sharing",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://gist.github.com/shellkraft/a8b1f35d5c3ba313605065889563fb00",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.304609",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.304609",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.549591",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

83
CVE-2025/CVE-2025-35xx/CVE-2025-3570.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3570",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-04-14T15:15:26.333",
"lastModified": "2025-04-15T18:39:27.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-06-26T19:13:15.840",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -63,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
@ -80,6 +80,26 @@
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
@ -122,28 +142,75 @@
"value": "CWE-94"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jameszbl:db-hospital-drug:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA80EE60-5263-47FC-A7D9-6245FB81525E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/db-hospital-drug-xss.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.304611",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.304611",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.549923",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/db-hospital-drug-xss.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2025/CVE-2025-360xx/CVE-2025-36004.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-36004",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-25T03:15:27.687",
"lastModified": "2025-06-25T03:15:27.687",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege."
},
{
"lang": "es",
"value": "IBM i 7.2, 7.3, 7.4 y 7.5 podr\u00eda permitir que un usuario obtuviera privilegios elevados debido a una llamada de librer\u00eda no cualificada en IBM Facsimile Support for i. Un agente malicioso podr\u00eda provocar que c\u00f3digo controlado por el usuario se ejecute con privilegios de administrador."
}
],
"metrics": {

4
CVE-2025/CVE-2025-360xx/CVE-2025-36034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-36034",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-26T16:15:28.567",
"lastModified": "2025-06-26T16:15:28.567",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-360xx/CVE-2025-36038.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-36038",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2025-06-25T21:15:20.447",
"lastModified": "2025-06-25T21:15:20.447",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects."
},
{
"lang": "es",
"value": "IBM WebSphere Application Server 8.5 y 9.0 podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario en el sistema con una secuencia especialmente manipulada de objetos serializados."
}
],
"metrics": {

8
CVE-2025/CVE-2025-365xx/CVE-2025-36519.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-36519",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-06-24T05:15:23.030",
"lastModified": "2025-06-24T05:15:23.030",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2 and WRC-1167GST2. If a specially crafted file is uploaded by a remote authenticated attacker, arbitrary code may be executed on the product."
},
{
"lang": "es",
"value": "Existe un problema de carga sin restricciones de archivos con tipos peligrosos en WRC-2533GST2 y WRC-1167GST2. Si un atacante remoto autenticado carga un archivo especialmente manipulado, podr\u00eda ejecutarse c\u00f3digo arbitrario en el producto."
}
],
"metrics": {

8
CVE-2025/CVE-2025-365xx/CVE-2025-36537.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-36537",
"sourceIdentifier": "psirt@teamviewer.com",
"published": "2025-06-24T15:15:24.453",
"lastModified": "2025-06-24T16:15:27.383",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management."
},
{
"lang": "es",
"value": "La asignaci\u00f3n incorrecta de permisos para recursos cr\u00edticos en TeamViewer Client (Full y Host) de TeamViewer Remote y Tensor (versi\u00f3n anterior a la 15.67) en Windows permite que un usuario local sin privilegios active la eliminaci\u00f3n arbitraria de archivos con privilegios de SYSTEM mediante el mecanismo de reversi\u00f3n de MSI. La vulnerabilidad solo afecta a las funciones de administraci\u00f3n remota: copia de seguridad, monitorizaci\u00f3n y administraci\u00f3n de parches."
}
],
"metrics": {

8
CVE-2025/CVE-2025-371xx/CVE-2025-37101.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-37101",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2025-06-26T06:15:23.130",
"lastModified": "2025-06-26T06:15:23.130",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions)."
},
{
"lang": "es",
"value": "Se ha identificado una posible vulnerabilidad de seguridad en HPE OneView para VMware vCenter (OV4VC). Esta vulnerabilidad podr\u00eda explotarse para permitir que un atacante con privilegios de solo lectura provoque una escalada vertical de privilegios (el operador puede realizar acciones de administrador)."
}
],
"metrics": {

4
CVE-2025/CVE-2025-37xx/CVE-2025-3722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3722",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2025-06-26T11:15:26.427",
"lastModified": "2025-06-26T11:15:26.427",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-37xx/CVE-2025-3771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3771",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2025-06-26T11:15:29.030",
"lastModified": "2025-06-26T12:15:20.883",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2025/CVE-2025-37xx/CVE-2025-3773.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-3773",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2025-06-26T12:15:21.713",
"lastModified": "2025-06-26T12:15:21.713",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2025/CVE-2025-38xx/CVE-2025-3863.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-3863",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-26T02:15:20.200",
"lastModified": "2025-06-26T02:15:20.200",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the process_wbelps_promo_form() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the plugin\u2019s support\u2010form handler to send arbitrary emails to the site\u2019s support address."
},
{
"lang": "es",
"value": "El complemento Post Carousel Slider para Elementor de WordPress es vulnerable a una autorizaci\u00f3n incorrecta debido a la falta de una comprobaci\u00f3n de capacidad en la funci\u00f3n process_wbelps_promo_form() en todas las versiones hasta la 1.6.0 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, activen el gestor del formulario de soporte del complemento para enviar correos electr\u00f3nicos arbitrarios a la direcci\u00f3n de soporte del sitio."
}
],
"metrics": {

8
CVE-2025/CVE-2025-392xx/CVE-2025-39201.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-39201",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2025-06-24T12:15:21.050",
"lastModified": "2025-06-24T14:15:29.090",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en el producto MicroSCADA X SYS600. Si se explota, podr\u00eda permitir que un atacante local no autenticado altere un archivo del sistema, lo que provocar\u00eda la denegaci\u00f3n del servicio de notificaci\u00f3n."
}
],
"metrics": {

8
CVE-2025/CVE-2025-392xx/CVE-2025-39202.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-39202",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2025-06-24T12:15:21.200",
"lastModified": "2025-06-24T14:15:29.253",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en la interfaz Monitor Pro del producto MicroSCADA X SYS600. Un usuario autenticado con privilegios bajos puede ver y sobrescribir archivos, lo que provoca fugas de informaci\u00f3n y corrupci\u00f3n de datos."
}
],
"metrics": {

8
CVE-2025/CVE-2025-392xx/CVE-2025-39203.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-39203",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2025-06-24T12:15:21.380",
"lastModified": "2025-06-24T14:15:29.410",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the IEC 61850 of the MicroSCADA X SYS600 product. An IEC 61850-8 crafted message content from IED or remote system can cause a denial of service resulting in disconnection loop."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en la norma IEC 61850 del producto MicroSCADA X SYS600. Un mensaje IEC 61850-8 manipulado desde un dispositivo electr\u00f3nico (IED) o un sistema remoto puede causar una denegaci\u00f3n de servicio que genere un bucle de desconexi\u00f3n."
}
],
"metrics": {

8
CVE-2025/CVE-2025-392xx/CVE-2025-39204.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-39204",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2025-06-24T12:15:21.523",
"lastModified": "2025-06-24T14:15:29.553",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the Web interface of the MicroSCADA X SYS600 product. The filtering query in the Web interface can be malformed, so returning data can leak unauthorized information to the user."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en la interfaz web del producto MicroSCADA X SYS600. La consulta de filtrado en la interfaz web puede estar malformada, por lo que los datos devueltos pueden filtrar informaci\u00f3n no autorizada al usuario."
}
],
"metrics": {

8
CVE-2025/CVE-2025-392xx/CVE-2025-39205.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-39205",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2025-06-24T13:15:22.470",
"lastModified": "2025-06-24T14:15:29.707",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad en la norma IEC 61850 del producto MicroSCADA X SYS600. La validaci\u00f3n del certificado del protocolo TLS permite un ataque remoto de intermediario (Man-in-the-Middle) debido a la falta de una validaci\u00f3n adecuada."
}
],
"metrics": {

8
CVE-2025/CVE-2025-412xx/CVE-2025-41255.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-41255",
"sourceIdentifier": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"published": "2025-06-25T10:15:21.783",
"lastModified": "2025-06-25T14:15:23.713",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cyberduck and Mountain Duck improperly handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessarily installing it to the Windows Certificate Store of the current user without any restrictions.\n\n\n\n\n\n\n\n\n\n\n\nThis issue affects Cyberduck through 9.1.6 and Mountain Duck through\u00a04.17.5."
},
{
"lang": "es",
"value": "Cyberduck y Mountain Duck gestionan incorrectamente la fijaci\u00f3n de certificados TLS para certificados no confiables (p. ej., autofirmados), instal\u00e1ndolos innecesariamente en el almac\u00e9n de certificados de Windows del usuario actual sin ninguna restricci\u00f3n. Este problema afecta a Cyberduck hasta la versi\u00f3n 9.1.6 y a Mountain Duck hasta la versi\u00f3n 4.17.5."
}
],
"metrics": {

8
CVE-2025/CVE-2025-412xx/CVE-2025-41256.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-41256",
"sourceIdentifier": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a",
"published": "2025-06-25T10:15:22.610",
"lastModified": "2025-06-25T14:15:23.823",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak.\n\n\n\n\n\n\n\nThis issue affects Cyberduck: through 9.1.6; Mountain Duck: through 4.17.5."
},
{
"lang": "es",
"value": "Cyberduck y Mountain Duck gestionan incorrectamente la fijaci\u00f3n de certificados TLS para certificados no confiables (p. ej., autofirmados), ya que la huella digital del certificado se almacena como SHA-1, aunque SHA-1 se considera d\u00e9bil. Este problema afecta a Cyberduck: hasta la versi\u00f3n 9.1.6; Mountain Duck: hasta la versi\u00f3n 4.17.5."
}
],
"metrics": {

8
CVE-2025/CVE-2025-414xx/CVE-2025-41404.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-41404",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-06-26T06:15:23.497",
"lastModified": "2025-06-26T06:15:23.497",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Direct request ('Forced Browsing') issue exists in iroha Board versions v0.10.12 and earlier. If this vulnerability is exploited, non-public contents may be viewed by an attacker who can log in to the affected product."
},
{
"lang": "es",
"value": "Existe un problema de solicitud directa (navegaci\u00f3n forzada) en las versiones 0.10.12 y anteriores de iroha Board. Si se explota esta vulnerabilidad, un atacante que inicie sesi\u00f3n en el producto afectado podr\u00eda acceder a contenido no p\u00fablico."
}
],
"metrics": {

8
CVE-2025/CVE-2025-414xx/CVE-2025-41427.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-41427",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-06-24T05:15:24.243",
"lastModified": "2025-06-24T05:15:24.243",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed."
},
{
"lang": "es",
"value": "WRC-X3000GS, WRC-X3000GSA y WRC-X3000GSN presentan una vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo ('Inyecci\u00f3n de comandos del sistema operativo') en la p\u00e1gina Connection Diagnostics. Si un atacante remoto autenticado env\u00eda una solicitud especialmente manipulada al producto afectado, podr\u00eda ejecutarse un comando arbitrario del sistema operativo."
}
],
"metrics": {

8
CVE-2025/CVE-2025-416xx/CVE-2025-41647.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-41647",
"sourceIdentifier": "info@cert.vde.com",
"published": "2025-06-25T10:15:22.747",
"lastModified": "2025-06-25T10:15:22.747",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:57:43.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions."
},
{
"lang": "es",
"value": "Un atacante local con pocos privilegios puede conocer la contrase\u00f1a del controlador conectado en PLC Designer V4 debido a una implementaci\u00f3n incorrecta que hace que la contrase\u00f1a se muestre en texto simple en condiciones especiales."
}
],
"metrics": {

8
CVE-2025/CVE-2025-438xx/CVE-2025-43877.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-43877",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-06-24T05:15:24.403",
"lastModified": "2025-06-24T05:15:24.403",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product."
},
{
"lang": "es",
"value": "WRC-1167GHBK2-S contiene una vulnerabilidad de cross-site scripting almacenado en WebGUI. Si se explota, se podr\u00eda ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 a WebGUI del producto."
}
],
"metrics": {

8
CVE-2025/CVE-2025-438xx/CVE-2025-43879.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-43879",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2025-06-24T05:15:24.567",
"lastModified": "2025-06-24T05:15:24.567",
"vulnStatus": "Received",
"lastModified": "2025-06-26T18:58:14.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed."
},
{
"lang": "es",
"value": "WRH-733GBK y WRH-733GWH contienen una vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo ('Inyecci\u00f3n de comandos del sistema operativo') en la funci\u00f3n Telnet. Si un atacante remoto no autenticado env\u00eda una solicitud especialmente manipulada al producto afectado, podr\u00eda ejecutarse un comando arbitrario del sistema operativo."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More