diff --git a/CVE-2023/CVE-2023-321xx/CVE-2023-32197.json b/CVE-2023/CVE-2023-321xx/CVE-2023-32197.json index b1f835bc373..c9c6d1b09f2 100644 --- a/CVE-2023/CVE-2023-321xx/CVE-2023-32197.json +++ b/CVE-2023/CVE-2023-321xx/CVE-2023-32197.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32197", "sourceIdentifier": "meissner@suse.de", "published": "2025-04-16T09:15:24.103", - "lastModified": "2025-04-16T09:15:24.103", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5616.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5616.json index abd4dd21e2e..43f7d8aba49 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5616.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5616.json @@ -2,13 +2,17 @@ "id": "CVE-2023-5616", "sourceIdentifier": "security@ubuntu.com", "published": "2025-04-15T19:16:06.647", - "lastModified": "2025-04-15T21:15:46.583", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user." + }, + { + "lang": "es", + "value": "En Ubuntu, gnome-control-center no reflejaba correctamente el estado de inicio de sesi\u00f3n remoto SSH cuando el sistema estaba configurado para usar la activaci\u00f3n del socket systemd para openssh-server. Esto pod\u00eda dejar, sin que el usuario lo supiera, la m\u00e1quina local expuesta al acceso remoto SSH, contrariamente a lo esperado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10680.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10680.json index da599de45dd..b8ff436c402 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10680.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10680.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10680", "sourceIdentifier": "contact@wpscan.com", "published": "2025-04-16T06:15:42.367", - "lastModified": "2025-04-16T06:15:42.367", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + }, + { + "lang": "es", + "value": "El complemento Form Maker de 10Web para WordPress anterior a la versi\u00f3n 1.15.32 no depura ni escapa de algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados como el administrador realizar ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-134xx/CVE-2024-13452.json b/CVE-2024/CVE-2024-134xx/CVE-2024-13452.json index 55cd13f5c35..715454daafa 100644 --- a/CVE-2024/CVE-2024-134xx/CVE-2024-13452.json +++ b/CVE-2024/CVE-2024-134xx/CVE-2024-13452.json @@ -2,13 +2,17 @@ "id": "CVE-2024-13452", "sourceIdentifier": "security@wordfence.com", "published": "2025-04-16T03:15:17.067", - "lastModified": "2025-04-16T03:15:17.067", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Contact Form de Supsystic para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.7.29 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en la funci\u00f3n saveAsCopy. Esto permite a atacantes no autenticados actualizar la configuraci\u00f3n e inyectar scripts web maliciosos mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22036.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22036.json index 207e3b38401..d4b71aa433c 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22036.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22036.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22036", "sourceIdentifier": "meissner@suse.de", "published": "2025-04-16T09:15:27.300", - "lastModified": "2025-04-16T09:15:27.300", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42193.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42193.json index 5a952313564..32e6afbce5d 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42193.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42193.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42193", "sourceIdentifier": "psirt@hcl.com", "published": "2025-04-15T19:16:06.800", - "lastModified": "2025-04-15T19:16:06.800", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized access." + }, + { + "lang": "es", + "value": "El servicio de HCL BigFix Web Reports se comunica mediante HTTPS, pero presenta una vulnerabilidad en la validaci\u00f3n de certificados SSL. Este escenario presenta la posibilidad de ataques de intermediario (MITM) y exposici\u00f3n de datos, ya que, de explotarse, esta vulnerabilidad podr\u00eda provocar acceso no autorizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-448xx/CVE-2024-44843.json b/CVE-2024/CVE-2024-448xx/CVE-2024-44843.json index 19da0ae5486..adfb165ab28 100644 --- a/CVE-2024/CVE-2024-448xx/CVE-2024-44843.json +++ b/CVE-2024/CVE-2024-448xx/CVE-2024-44843.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44843", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T21:15:46.730", - "lastModified": "2025-04-15T21:15:46.730", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in the web socket handshake process of SteVe v3.7.1 allows attackers to bypass authentication and execute arbitrary coammands via supplying crafted OCPP requests." + }, + { + "lang": "es", + "value": "Un problema en el proceso de protocolo de enlace de sockets web de SteVe v3.7.1 permite a los atacantes eludir la autenticaci\u00f3n y ejecutar comandos arbitrarios mediante el suministro de solicitudes OCPP manipuladas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46915.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46915.json new file mode 100644 index 00000000000..138911322a5 --- /dev/null +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46915.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2024-46915", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-16T13:15:43.983", + "lastModified": "2025-04-16T13:15:43.983", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-492xx/CVE-2024-49200.json b/CVE-2024/CVE-2024-492xx/CVE-2024-49200.json index d0607eb72d6..85e03b7368a 100644 --- a/CVE-2024/CVE-2024-492xx/CVE-2024-49200.json +++ b/CVE-2024/CVE-2024-492xx/CVE-2024-49200.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49200", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T22:15:15.467", - "lastModified": "2025-04-15T22:15:15.467", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory corruption vulnerability has been identified. The root cause is use of a pointer originating from the value of an NVRAM variable as the target of a write operation. This can be leveraged by an attacker to perform arbitrary writes, potentially leading to arbitrary code execution. The issue has been fixed in kernel 5.2, Version 05.29.44; kernel 5.3, Version 05.38.44; kernel 5.4, Version 05.46.44; kernel 5.5, Version 05.54.44; kernel 5.6, Version 05.61.44; and kernel 5.7, Version 05.70.44." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en AcpiS3SaveDxe y ChipsetSvcDxe en Insyde InsydeH2O con las versiones del kernel 5.2 a 5.7. Se identific\u00f3 una posible vulnerabilidad de corrupci\u00f3n de memoria DXE. La causa principal es el uso de un puntero originado en el valor de una variable NVRAM como destino de una operaci\u00f3n de escritura. Un atacante puede aprovechar esto para realizar escrituras arbitrarias, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. El problema se ha corregido en las versiones del kernel 5.2, 05.29.44; 5.3, 05.38.44; 5.4, 05.46.44; 5.5, 05.54.44; 5.6, 05.61.44; y 5.7, 05.70.44." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52281.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52281.json index 2016a82a043..8198020f863 100644 --- a/CVE-2024/CVE-2024-522xx/CVE-2024-52281.json +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52281.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52281", "sourceIdentifier": "meissner@suse.de", "published": "2025-04-16T09:15:27.620", - "lastModified": "2025-04-16T09:15:27.620", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-572xx/CVE-2024-57222.json b/CVE-2024/CVE-2024-572xx/CVE-2024-57222.json index a4b8aaeac13..9af8a6cfaa9 100644 --- a/CVE-2024/CVE-2024-572xx/CVE-2024-57222.json +++ b/CVE-2024/CVE-2024-572xx/CVE-2024-57222.json @@ -2,8 +2,8 @@ "id": "CVE-2024-57222", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-10T18:15:24.807", - "lastModified": "2025-01-14T17:15:19.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-16T13:59:08.477", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linksys:e7350_firmware:1.1.00.032:*:*:*:*:*:*:*", + "matchCriteriaId": "F262DB25-2184-4755-A3B3-DE21D743D0BF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:linksys:e7350:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFB82A85-4363-480C-83D9-071E81C842EB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/yanggao017/vuln/blob/main/Linksys/E7350/CI_5_apcli_cancel_wps/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-580xx/CVE-2024-58092.json b/CVE-2024/CVE-2024-580xx/CVE-2024-58092.json index cc13a9a0de9..823ed062885 100644 --- a/CVE-2024/CVE-2024-580xx/CVE-2024-58092.json +++ b/CVE-2024/CVE-2024-580xx/CVE-2024-58092.json @@ -2,8 +2,8 @@ "id": "CVE-2024-58092", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-16T11:15:42.427", - "lastModified": "2025-04-16T11:15:42.427", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-91xx/CVE-2024-9102.json b/CVE-2024/CVE-2024-91xx/CVE-2024-9102.json index 48bb031afa3..d58c1810861 100644 --- a/CVE-2024/CVE-2024-91xx/CVE-2024-9102.json +++ b/CVE-2024/CVE-2024-91xx/CVE-2024-9102.json @@ -2,13 +2,20 @@ "id": "CVE-2024-9102", "sourceIdentifier": "vulnerability@ncsc.ch", "published": "2024-12-19T14:15:06.327", - "lastModified": "2024-12-19T14:15:06.327", + "lastModified": "2025-04-16T12:15:15.727", "vulnStatus": "Awaiting Analysis", - "cveTags": [], + "cveTags": [ + { + "sourceIdentifier": "vulnerability@ncsc.ch", + "tags": [ + "disputed" + ] + } + ], "descriptions": [ { "lang": "en", - "value": "phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection." + "value": "phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection. NOTE: This vulnerability will not be addressed, the maintainer's position is that it is not the intention of phpLDAPadmin to control what data Administrators can put in their LDAP database, nor filter it on export." }, { "lang": "es", @@ -78,6 +85,10 @@ "url": "https://github.com/leenooks/phpLDAPadmin/commit/ea17aadef46fd29850160987fe7740ceed1381ad#diff-93b9f3e6d4c5bdacf469ea0ec74c1e9217ca6272da9be5a1bfd711f7da16f9e3R240", "source": "vulnerability@ncsc.ch" }, + { + "url": "https://github.com/leenooks/phpLDAPadmin/issues/274#issuecomment-2586859072", + "source": "vulnerability@ncsc.ch" + }, { "url": "https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.0", "source": "vulnerability@ncsc.ch" diff --git a/CVE-2025/CVE-2025-01xx/CVE-2025-0101.json b/CVE-2025/CVE-2025-01xx/CVE-2025-0101.json index cc8a7b7c8a3..bbf698b7497 100644 --- a/CVE-2025/CVE-2025-01xx/CVE-2025-0101.json +++ b/CVE-2025/CVE-2025-01xx/CVE-2025-0101.json @@ -2,13 +2,17 @@ "id": "CVE-2025-0101", "sourceIdentifier": "info@cert.vde.com", "published": "2025-04-16T08:15:13.423", - "lastModified": "2025-04-16T08:15:13.423", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes some functions to work unexpected or stop working at all. Both during runtime and after a restart." + }, + { + "lang": "es", + "value": "Un usuario con pocos privilegios puede establecer la fecha de los dispositivos al 19 de enero de 2038 y, por lo tanto, superar el l\u00edmite de 32 bits. Esto provoca que algunas funciones se ejecuten inesperadamente o dejen de funcionar, tanto durante la ejecuci\u00f3n como despu\u00e9s de un reinicio." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-07xx/CVE-2025-0721.json b/CVE-2025/CVE-2025-07xx/CVE-2025-0721.json index e224b97a548..aa9c7a80a8c 100644 --- a/CVE-2025/CVE-2025-07xx/CVE-2025-0721.json +++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0721.json @@ -2,13 +2,13 @@ "id": "CVE-2025-0721", "sourceIdentifier": "cna@vuldb.com", "published": "2025-01-27T00:15:26.317", - "lastModified": "2025-02-25T20:28:55.787", - "vulnStatus": "Analyzed", + "lastModified": "2025-04-16T12:15:16.413", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "es", @@ -22,14 +22,14 @@ "type": "Secondary", "cvssData": { "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "baseScore": 6.9, + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", - "userInteraction": "NONE", + "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", diff --git a/CVE-2025/CVE-2025-11xx/CVE-2025-1122.json b/CVE-2025/CVE-2025-11xx/CVE-2025-1122.json index 115ee08a80e..7fc9f118451 100644 --- a/CVE-2025/CVE-2025-11xx/CVE-2025-1122.json +++ b/CVE-2025/CVE-2025-11xx/CVE-2025-1122.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1122", "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-04-15T20:15:38.317", - "lastModified": "2025-04-15T20:15:38.317", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nbypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process." + }, + { + "lang": "es", + "value": "La escritura fuera de los l\u00edmites en TPM2 Reference Library in Google ChromeOS 122.0.6261.132 estable en placas Cr50 permite que un atacante con acceso de root obtenga persistencia y eluda la verificaci\u00f3n del sistema operativo mediante la explotaci\u00f3n de la funcionalidad NV_Read durante el proceso de desaf\u00edo-respuesta." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-12xx/CVE-2025-1273.json b/CVE-2025/CVE-2025-12xx/CVE-2025-1273.json index 25cffacd16a..4c72f98ec55 100644 --- a/CVE-2025/CVE-2025-12xx/CVE-2025-1273.json +++ b/CVE-2025/CVE-2025-12xx/CVE-2025-1273.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1273", "sourceIdentifier": "psirt@autodesk.com", "published": "2025-04-15T21:15:46.960", - "lastModified": "2025-04-15T21:15:46.960", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo PDF manipulado con fines maliciosos, al vincularse o importarse a aplicaciones de Autodesk, puede generar una vulnerabilidad de desbordamiento basado en mont\u00f3n. Un agente malicioso puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-12xx/CVE-2025-1274.json b/CVE-2025/CVE-2025-12xx/CVE-2025-1274.json index 691bd277261..bebab2a47da 100644 --- a/CVE-2025/CVE-2025-12xx/CVE-2025-1274.json +++ b/CVE-2025/CVE-2025-12xx/CVE-2025-1274.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1274", "sourceIdentifier": "psirt@autodesk.com", "published": "2025-04-15T21:15:47.083", - "lastModified": "2025-04-15T21:15:47.083", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo RCS manipulado con fines maliciosos, al analizarse mediante Autodesk Revit, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-12xx/CVE-2025-1275.json b/CVE-2025/CVE-2025-12xx/CVE-2025-1275.json index e6634415c60..ab152646f89 100644 --- a/CVE-2025/CVE-2025-12xx/CVE-2025-1275.json +++ b/CVE-2025/CVE-2025-12xx/CVE-2025-1275.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1275", "sourceIdentifier": "psirt@autodesk.com", "published": "2025-04-15T21:15:47.197", - "lastModified": "2025-04-15T21:15:47.197", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo JPG manipulado con fines maliciosos, al vincularse o importarse a ciertas aplicaciones de Autodesk, puede generar una vulnerabilidad de desbordamiento basado en mont\u00f3n. Un agente malicioso puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-12xx/CVE-2025-1276.json b/CVE-2025/CVE-2025-12xx/CVE-2025-1276.json index a0f7dc8e018..7a4bf717c62 100644 --- a/CVE-2025/CVE-2025-12xx/CVE-2025-1276.json +++ b/CVE-2025/CVE-2025-12xx/CVE-2025-1276.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1276", "sourceIdentifier": "psirt@autodesk.com", "published": "2025-04-15T21:15:47.320", - "lastModified": "2025-04-15T21:15:47.320", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWG manipulado con fines maliciosos, al analizarse mediante ciertas aplicaciones de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-12xx/CVE-2025-1277.json b/CVE-2025/CVE-2025-12xx/CVE-2025-1277.json index 9d3ae19fd5d..c0d64a0f3fb 100644 --- a/CVE-2025/CVE-2025-12xx/CVE-2025-1277.json +++ b/CVE-2025/CVE-2025-12xx/CVE-2025-1277.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1277", "sourceIdentifier": "psirt@autodesk.com", "published": "2025-04-15T21:15:47.443", - "lastModified": "2025-04-15T21:15:47.443", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo PDF manipulado con fines maliciosos, al analizarse mediante aplicaciones de Autodesk, puede generar una vulnerabilidad de corrupci\u00f3n de memoria. Un agente malicioso puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-12xx/CVE-2025-1292.json b/CVE-2025/CVE-2025-12xx/CVE-2025-1292.json index 72bada069b4..340f60688dd 100644 --- a/CVE-2025/CVE-2025-12xx/CVE-2025-1292.json +++ b/CVE-2025/CVE-2025-12xx/CVE-2025-1292.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1292", "sourceIdentifier": "7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f", "published": "2025-04-15T20:15:38.410", - "lastModified": "2025-04-15T20:15:38.410", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and \nbypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process." + }, + { + "lang": "es", + "value": "La escritura fuera de los l\u00edmites en TPM2 Reference Library in Google ChromeOS 122.0.6261.132 estable en placas Cr50 permite que un atacante con acceso de root obtenga persistencia y eluda la verificaci\u00f3n del sistema operativo mediante la explotaci\u00f3n de la funcionalidad NV_Read durante el proceso de desaf\u00edo-respuesta." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-16xx/CVE-2025-1656.json b/CVE-2025/CVE-2025-16xx/CVE-2025-1656.json index 24f6766aa10..5364ea37167 100644 --- a/CVE-2025/CVE-2025-16xx/CVE-2025-1656.json +++ b/CVE-2025/CVE-2025-16xx/CVE-2025-1656.json @@ -2,13 +2,17 @@ "id": "CVE-2025-1656", "sourceIdentifier": "psirt@autodesk.com", "published": "2025-04-15T21:15:47.560", - "lastModified": "2025-04-15T21:15:47.560", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo PDF manipulado con fines maliciosos, al vincularse o importarse a aplicaciones de Autodesk, puede generar una vulnerabilidad de desbordamiento basado en mont\u00f3n. Un agente malicioso puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1980.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1980.json new file mode 100644 index 00000000000..078c89c72a1 --- /dev/null +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1980.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-1980", + "sourceIdentifier": "cvd@cert.pl", + "published": "2025-04-16T13:15:44.083", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Ready_ application's Profile section allows users to upload files of any type and extension without restriction. If the server is misconfigured, as it was by default when installed at the turn of 2021 and 2022, it can result in Remote Code Execution. Refer to the Required Configuration for Exposure section for more information." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.4, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "HIGH", + "subAvailabilityImpact": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://cert.pl/en/posts/2025/04/CVE-2025-1980", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2025/04/CVE-2025-1980", + "source": "cvd@cert.pl" + }, + { + "url": "https://ready-os.com/pl/", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1981.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1981.json new file mode 100644 index 00000000000..aad5c8e595d --- /dev/null +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1981.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-1981", + "sourceIdentifier": "cvd@cert.pl", + "published": "2025-04-16T13:15:44.223", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of input provided by a low-privileged user into a file search functionality in Ready_'s Invoices module allows for SQL Injection attacks." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.4, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "HIGH", + "subAvailabilityImpact": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://cert.pl/en/posts/2025/04/CVE-2025-1980", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2025/04/CVE-2025-1980", + "source": "cvd@cert.pl" + }, + { + "url": "https://ready-os.com/pl/", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1982.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1982.json new file mode 100644 index 00000000000..eb9b02d144b --- /dev/null +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1982.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-1982", + "sourceIdentifier": "cvd@cert.pl", + "published": "2025-04-16T13:15:44.343", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read content of system files." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "references": [ + { + "url": "https://cert.pl/en/posts/2025/04/CVE-2025-1980", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2025/04/CVE-2025-1980", + "source": "cvd@cert.pl" + }, + { + "url": "https://ready-os.com/pl/", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-19xx/CVE-2025-1983.json b/CVE-2025/CVE-2025-19xx/CVE-2025-1983.json new file mode 100644 index 00000000000..50b0a9fabfa --- /dev/null +++ b/CVE-2025/CVE-2025-19xx/CVE-2025-1983.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2025-1983", + "sourceIdentifier": "cvd@cert.pl", + "published": "2025-04-16T13:15:44.477", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in Ready_'s File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is executed every time a user interacts with the uploaded file." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://cert.pl/en/posts/2025/04/CVE-2025-1980", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2025/04/CVE-2025-1980", + "source": "cvd@cert.pl" + }, + { + "url": "https://ready-os.com/pl/", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21573.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21573.json index a3d38a555a4..3b4c5368d35 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21573.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21573.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21573", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:47.670", - "lastModified": "2025-04-15T21:15:47.670", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Revenue Management and Billing. CVSS 3.1 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Financial Services Revenue Management and Billing de Oracle Financial Services Applications (componente: Chatbot). Las versiones compatibles afectadas son 5.1.0.0.0, 6.1.0.0.0 y 7.0.0.0.0. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Financial Services Revenue Management and Billing. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizadas de datos cr\u00edticos o de todos los datos accesibles de Oracle Financial Services Revenue Management and Billing, as\u00ed como en el acceso no autorizado a datos cr\u00edticos o a todos los datos accesibles de Oracle Financial Services Revenue Management and Billing, y en la posibilidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Financial Services Revenue Management and Billing. Puntuaci\u00f3n base CVSS 3.1: 6.0 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21574.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21574.json index 2324dabd5c0..1ee0b6419c9 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21574.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21574.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21574", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:47.793", - "lastModified": "2025-04-15T21:15:47.793", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Parser). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 6.5 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21575.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21575.json index 99d23629610..102886863dc 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21575.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21575.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21575", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:47.897", - "lastModified": "2025-04-15T21:15:47.897", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Parser). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 6.5 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21576.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21576.json index 82d7cb7051c..b6a85d137d5 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21576.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21576.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21576", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:48.007", - "lastModified": "2025-04-15T21:15:48.007", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Commerce Platform (componente: Dynamo Personalization Server). Las versiones compatibles afectadas son 11.3.0, 11.3.1 y 11.3.2. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Commerce Platform. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante y, si bien la vulnerabilidad se encuentra en Oracle Commerce Platform, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de Oracle Commerce Platform, as\u00ed como en accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuaci\u00f3n base CVSS 3.1: 5.4 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21577.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21577.json index 726b5d29687..8caf918dd7f 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21577.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21577.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21577", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:48.120", - "lastModified": "2025-04-15T21:15:48.120", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 6.5 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21578.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21578.json index 24aff45fcd6..edce50c18c8 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21578.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21578.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21578", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:48.240", - "lastModified": "2025-04-15T21:15:48.240", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in Oracle Secure Backup (component: General). Supported versions that are affected are 12.1.0.1, 12.1.0.2, 12.1.0.3, 18.1.0.0, 18.1.0.1 and 18.1.0.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Secure Backup executes to compromise Oracle Secure Backup. Successful attacks of this vulnerability can result in takeover of Oracle Secure Backup. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Secure Backup (componente: General). Las versiones compatibles afectadas son 12.1.0.1, 12.1.0.2, 12.1.0.3, 18.1.0.0, 18.1.0.1 y 18.1.0.2. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados, con acceso a la infraestructura donde se ejecuta Oracle Secure Backup, comprometer Oracle Secure Backup. Los ataques con \u00e9xito pueden resultar en la toma de control de Oracle Secure Backup. Puntuaci\u00f3n base de CVSS 3.1: 6.7 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21579.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21579.json index fe0ffa6fa33..6e71e44482e 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21579.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21579.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21579", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:53.233", - "lastModified": "2025-04-15T21:15:53.233", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Options). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21580.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21580.json index ec431fb776e..a0f9def5f5a 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21580.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21580.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21580", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:53.393", - "lastModified": "2025-04-15T21:15:53.393", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: DML). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21581.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21581.json index 0867dd8c9d1..02e326b8bca 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21581.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21581.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21581", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:53.557", - "lastModified": "2025-04-15T21:15:53.557", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21582.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21582.json index 0610ff66343..1df492c190b 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21582.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21582.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21582", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:53.687", - "lastModified": "2025-04-15T21:15:53.687", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data as well as unauthorized read access to a subset of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle CRM Technical Foundation de Oracle E-Business Suite (componente: Preferencias). Las versiones compatibles afectadas son la 12.2.3-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle CRM Technical Foundation. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante y, si bien la vulnerabilidad afecta a Oracle CRM Technical Foundation, pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de Oracle CRM Technical Foundation, as\u00ed como en accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 6.1 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21583.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21583.json index fce6239ef7d..2e197105542 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21583.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21583.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21583", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:53.797", - "lastModified": "2025-04-15T21:15:53.797", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.0 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: DDL). Las versiones compatibles afectadas son 8.4.0 y 9.0.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21584.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21584.json index 52059ccbfbb..c8adbed633c 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21584.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21584.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21584", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:53.910", - "lastModified": "2025-04-15T21:15:53.910", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: DDL). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21585.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21585.json index 1780e915cdd..d05dbd9b245 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21585.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21585.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21585", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:54.037", - "lastModified": "2025-04-15T21:15:54.037", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21586.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21586.json index d47b6a356f8..c3f615e4331 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21586.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21586.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21586", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:54.160", - "lastModified": "2025-04-15T21:15:54.160", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto JD Edwards EnterpriseOne Tools de Oracle JD Edwards (componente: Web Runtime SEC). Las versiones compatibles afectadas son 9.2.0.0-9.2.9.2. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer JD Edwards EnterpriseOne Tools. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante y, si bien la vulnerabilidad se encuentra en JD Edwards EnterpriseOne Tools, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de JD Edwards EnterpriseOne Tools, as\u00ed como en accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 5.4 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21587.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21587.json index 9e03b08ebc4..1675aed21f6 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21587.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21587.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21587", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:54.293", - "lastModified": "2025-04-15T21:15:54.293", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition:20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition (componente: JSSE). Las versiones compatibles afectadas son Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6 y 24; Oracle GraalVM para JDK: 17.0.14, 21.0.6 y 24; Oracle GraalVM Enterprise Edition: 20.3.17 y 21.3.13. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o a todos los datos accesibles de Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, as\u00ed como acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se puede explotar mediante el uso de API en el componente especificado, p. ej., a trav\u00e9s de un servicio web que suministra datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a implementaciones de Java, t\u00edpicamente en clientes que ejecutan aplicaciones Java Web Start en espacio aislado o subprogramas Java en espacio aislado, que cargan y ejecutan c\u00f3digo no confiable (p. ej., c\u00f3digo que proviene de Internet) y dependen del espacio aislado de Java para su seguridad. Puntuaci\u00f3n base CVSS 3.1 7.4 (impactos en la confidencialidad e integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-215xx/CVE-2025-21588.json b/CVE-2025/CVE-2025-215xx/CVE-2025-21588.json index 159566bb564..c85854d5a6e 100644 --- a/CVE-2025/CVE-2025-215xx/CVE-2025-21588.json +++ b/CVE-2025/CVE-2025-215xx/CVE-2025-21588.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21588", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:54.427", - "lastModified": "2025-04-15T21:15:54.427", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: DML). Las versiones compatibles afectadas son 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-220xx/CVE-2025-22018.json b/CVE-2025/CVE-2025-220xx/CVE-2025-22018.json index 126aabf4c91..e49c02b1075 100644 --- a/CVE-2025/CVE-2025-220xx/CVE-2025-22018.json +++ b/CVE-2025/CVE-2025-220xx/CVE-2025-22018.json @@ -2,13 +2,17 @@ "id": "CVE-2025-22018", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-16T05:15:31.297", - "lastModified": "2025-04-16T05:15:31.297", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Fix NULL pointer dereference\n\nWhen MPOA_cache_impos_rcvd() receives the msg, it can trigger\nNull Pointer Dereference Vulnerability if both entry and\nholding_time are NULL. Because there is only for the situation\nwhere entry is NULL and holding_time exists, it can be passed\nwhen both entry and holding_time are NULL. If these are NULL,\nthe entry will be passd to eg_cache_put() as parameter and\nit is referenced by entry->use code in it.\n\nkasan log:\n\n[ 3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I\n[ 3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[ 3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102\n[ 3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470\n[ 3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80\n[ 3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006\n[ 3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e\n[ 3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030\n[ 3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88\n[ 3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15\n[ 3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068\n[ 3.324185] FS: 000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000\n[ 3.325042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0\n[ 3.326430] Call Trace:\n[ 3.326725] \n[ 3.326927] ? die_addr+0x3c/0xa0\n[ 3.327330] ? exc_general_protection+0x161/0x2a0\n[ 3.327662] ? asm_exc_general_protection+0x26/0x30\n[ 3.328214] ? vprintk_emit+0x15e/0x420\n[ 3.328543] ? eg_cache_remove_entry+0xa5/0x470\n[ 3.328910] ? eg_cache_remove_entry+0x9a/0x470\n[ 3.329294] ? __pfx_eg_cache_remove_entry+0x10/0x10\n[ 3.329664] ? console_unlock+0x107/0x1d0\n[ 3.329946] ? __pfx_console_unlock+0x10/0x10\n[ 3.330283] ? do_syscall_64+0xa6/0x1a0\n[ 3.330584] ? entry_SYSCALL_64_after_hwframe+0x47/0x7f\n[ 3.331090] ? __pfx_prb_read_valid+0x10/0x10\n[ 3.331395] ? down_trylock+0x52/0x80\n[ 3.331703] ? vprintk_emit+0x15e/0x420\n[ 3.331986] ? __pfx_vprintk_emit+0x10/0x10\n[ 3.332279] ? down_trylock+0x52/0x80\n[ 3.332527] ? _printk+0xbf/0x100\n[ 3.332762] ? __pfx__printk+0x10/0x10\n[ 3.333007] ? _raw_write_lock_irq+0x81/0xe0\n[ 3.333284] ? __pfx__raw_write_lock_irq+0x10/0x10\n[ 3.333614] msg_from_mpoad+0x1185/0x2750\n[ 3.333893] ? __build_skb_around+0x27b/0x3a0\n[ 3.334183] ? __pfx_msg_from_mpoad+0x10/0x10\n[ 3.334501] ? __alloc_skb+0x1c0/0x310\n[ 3.334809] ? __pfx___alloc_skb+0x10/0x10\n[ 3.335283] ? _raw_spin_lock+0xe0/0xe0\n[ 3.335632] ? finish_wait+0x8d/0x1e0\n[ 3.335975] vcc_sendmsg+0x684/0xba0\n[ 3.336250] ? __pfx_vcc_sendmsg+0x10/0x10\n[ 3.336587] ? __pfx_autoremove_wake_function+0x10/0x10\n[ 3.337056] ? fdget+0x176/0x3e0\n[ 3.337348] __sys_sendto+0x4a2/0x510\n[ 3.337663] ? __pfx___sys_sendto+0x10/0x10\n[ 3.337969] ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400\n[ 3.338364] ? sock_ioctl+0x1bb/0x5a0\n[ 3.338653] ? __rseq_handle_notify_resume+0x825/0xd20\n[ 3.339017] ? __pfx_sock_ioctl+0x10/0x10\n[ 3.339316] ? __pfx___rseq_handle_notify_resume+0x10/0x10\n[ 3.339727] ? selinux_file_ioctl+0xa4/0x260\n[ 3.340166] __x64_sys_sendto+0xe0/0x1c0\n[ 3.340526] ? syscall_exit_to_user_mode+0x123/0x140\n[ 3.340898] do_syscall_64+0xa6/0x1a0\n[ 3.341170] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 3.341533] RIP: 0033:0x44a380\n[ 3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00\n[ \n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: atm: Correcci\u00f3n de la desreferencia de puntero nulo. Cuando MPOA_cache_impos_rcvd() recibe el mensaje, puede activar la vulnerabilidad de desreferencia de puntero nulo si tanto la entrada como el tiempo de retenci\u00f3n son nulos. Dado que solo existe cuando la entrada es nula y el tiempo de retenci\u00f3n existe, se puede pasar cuando tanto la entrada como el tiempo de retenci\u00f3n son nulos. Si son nulos, la entrada se pasa a eg_cache_put() como par\u00e1metro y se referencia mediante el c\u00f3digo de entrada->uso. registro de kasan: [3.316691] Ups: fallo de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000006:I [3.317568] KASAN: null-ptr-deref en el rango [0x0000000000000030-0x0000000000000037] [3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex No contaminado 6.14.0-rc2 #102 [3.318601] Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470 [ 3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80 [ 3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006 [ 3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e [ 3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030 [ 3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88 [ 3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15 [ 3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068 [ 3.324185] FS: 000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000 [ 3.325042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0 [ 3.326430] Call Trace: [ 3.326725] [ 3.326927] ? die_addr+0x3c/0xa0 [ 3.327330] ? exc_general_protection+0x161/0x2a0 [ 3.327662] ? asm_exc_general_protection+0x26/0x30 [ 3.328214] ? vprintk_emit+0x15e/0x420 [ 3.328543] ? eg_cache_remove_entry+0xa5/0x470 [ 3.328910] ? eg_cache_remove_entry+0x9a/0x470 [ 3.329294] ? __pfx_eg_cache_remove_entry+0x10/0x10 [ 3.329664] ? console_unlock+0x107/0x1d0 [ 3.329946] ? __pfx_console_unlock+0x10/0x10 [ 3.330283] ? do_syscall_64+0xa6/0x1a0 [ 3.330584] ? entry_SYSCALL_64_after_hwframe+0x47/0x7f [ 3.331090] ? __pfx_prb_read_valid+0x10/0x10 [ 3.331395] ? down_trylock+0x52/0x80 [ 3.331703] ? vprintk_emit+0x15e/0x420 [ 3.331986] ? __pfx_vprintk_emit+0x10/0x10 [ 3.332279] ? down_trylock+0x52/0x80 [ 3.332527] ? _printk+0xbf/0x100 [ 3.332762] ? __pfx__printk+0x10/0x10 [ 3.333007] ? _raw_write_lock_irq+0x81/0xe0 [ 3.333284] ? __pfx__raw_write_lock_irq+0x10/0x10 [ 3.333614] msg_from_mpoad+0x1185/0x2750 [ 3.333893] ? __build_skb_around+0x27b/0x3a0 [ 3.334183] ? __pfx_msg_from_mpoad+0x10/0x10 [ 3.334501] ? __alloc_skb+0x1c0/0x310 [ 3.334809] ? __pfx___alloc_skb+0x10/0x10 [ 3.335283] ? _raw_spin_lock+0xe0/0xe0 [ 3.335632] ? finish_wait+0x8d/0x1e0 [ 3.335975] vcc_sendmsg+0x684/0xba0 [ 3.336250] ? __pfx_vcc_sendmsg+0x10/0x10 [ 3.336587] ? __pfx_autoremove_wake_function+0x10/0x10 [ 3.337056] ? fdget+0x176/0x3e0 [ 3.337348] __sys_sendto+0x4a2/0x510 [ 3.337663] ? __pfx___sys_sendto+0x10/0x10 [ 3.337969] ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400 [ 3.338364] ? sock_ioctl+0x1bb/0x5a0 [ 3.338653] ? __rseq_handle_notify_resume+0x825/0xd20 [ 3.339017] ? __pfx_sock_ioctl+0x10/0x10 [ 3.339316] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 3.339727] ? selinux_file_ioctl+0xa4/0x260 [ 3.340166] __x64_sys_sendto+0xe0/0x1c0 [ 3.340526] ? syscall_exit_to_user_mode+0x123/0x140 [ 3.340898] do_syscall_64+0xa6/0x1a0 [ 3.341170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3.341533] RIP: 0033:0x44a380 [ 3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00 [ ---truncado---" } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-220xx/CVE-2025-22019.json b/CVE-2025/CVE-2025-220xx/CVE-2025-22019.json index c5befb9527d..7356383104f 100644 --- a/CVE-2025/CVE-2025-220xx/CVE-2025-22019.json +++ b/CVE-2025/CVE-2025-220xx/CVE-2025-22019.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22019", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-16T11:15:42.537", - "lastModified": "2025-04-16T11:15:42.537", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-220xx/CVE-2025-22020.json b/CVE-2025/CVE-2025-220xx/CVE-2025-22020.json index 8a90d86f522..a623856bfee 100644 --- a/CVE-2025/CVE-2025-220xx/CVE-2025-22020.json +++ b/CVE-2025/CVE-2025-220xx/CVE-2025-22020.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22020", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-16T11:15:42.640", - "lastModified": "2025-04-16T11:15:42.640", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-220xx/CVE-2025-22021.json b/CVE-2025/CVE-2025-220xx/CVE-2025-22021.json index 93c1b4bdbb3..ea3d6b0866e 100644 --- a/CVE-2025/CVE-2025-220xx/CVE-2025-22021.json +++ b/CVE-2025/CVE-2025-220xx/CVE-2025-22021.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22021", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-16T11:15:42.773", - "lastModified": "2025-04-16T11:15:42.773", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-220xx/CVE-2025-22022.json b/CVE-2025/CVE-2025-220xx/CVE-2025-22022.json index c64768f6391..996914f1728 100644 --- a/CVE-2025/CVE-2025-220xx/CVE-2025-22022.json +++ b/CVE-2025/CVE-2025-220xx/CVE-2025-22022.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22022", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-16T11:15:42.883", - "lastModified": "2025-04-16T11:15:42.883", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-220xx/CVE-2025-22023.json b/CVE-2025/CVE-2025-220xx/CVE-2025-22023.json index 5a007fdc85d..d4d551530cf 100644 --- a/CVE-2025/CVE-2025-220xx/CVE-2025-22023.json +++ b/CVE-2025/CVE-2025-220xx/CVE-2025-22023.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22023", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2025-04-16T11:15:42.987", - "lastModified": "2025-04-16T11:15:42.987", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22263.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22263.json index 24d4d4a2253..011be33a8b1 100644 --- a/CVE-2025/CVE-2025-222xx/CVE-2025-22263.json +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22263.json @@ -2,13 +2,17 @@ "id": "CVE-2025-22263", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:15.590", - "lastModified": "2025-04-15T22:15:15.590", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a through 8.8.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NotFound Global Gallery permite XSS reflejado. Este problema afecta a Global Gallery desde n/d hasta la versi\u00f3n 8.8.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22268.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22268.json index 66943c3d5f0..552661a46f8 100644 --- a/CVE-2025/CVE-2025-222xx/CVE-2025-22268.json +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22268.json @@ -2,13 +2,17 @@ "id": "CVE-2025-22268", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:15.730", - "lastModified": "2025-04-15T22:15:15.730", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS. This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.7.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Uncanny Owl Uncanny Toolkit para LearnDash permite XSS almacenado. Este problema afecta a Uncanny Toolkit para LearnDash desde n/d hasta la versi\u00f3n 3.7.0.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-222xx/CVE-2025-22269.json b/CVE-2025/CVE-2025-222xx/CVE-2025-22269.json index 5bfa97ef64c..c33b01ecb39 100644 --- a/CVE-2025/CVE-2025-222xx/CVE-2025-22269.json +++ b/CVE-2025/CVE-2025-222xx/CVE-2025-22269.json @@ -2,13 +2,17 @@ "id": "CVE-2025-22269", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:15.850", - "lastModified": "2025-04-15T22:15:15.850", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC Real Testimonials allows Stored XSS. This issue affects Real Testimonials: from n/a through 3.1.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en ShapedPlugin LLC Real Testimonials permite XSS almacenado. Este problema afecta a Real Testimonials desde n/d hasta la versi\u00f3n 3.1.6." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-229xx/CVE-2025-22900.json b/CVE-2025/CVE-2025-229xx/CVE-2025-22900.json index f95e7c9af9b..b7fdf796aa6 100644 --- a/CVE-2025/CVE-2025-229xx/CVE-2025-22900.json +++ b/CVE-2025/CVE-2025-229xx/CVE-2025-22900.json @@ -2,13 +2,17 @@ "id": "CVE-2025-22900", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T19:16:06.987", - "lastModified": "2025-04-15T19:16:06.987", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Totolink N600R v4.3.0cu.7647_B20210106 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro macCloneMac en la funci\u00f3n setWanConfig." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-229xx/CVE-2025-22903.json b/CVE-2025/CVE-2025-229xx/CVE-2025-22903.json index 31f3ebca69e..6167386e936 100644 --- a/CVE-2025/CVE-2025-229xx/CVE-2025-22903.json +++ b/CVE-2025/CVE-2025-229xx/CVE-2025-22903.json @@ -2,13 +2,17 @@ "id": "CVE-2025-22903", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T19:16:07.090", - "lastModified": "2025-04-15T19:16:07.090", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que TOTOLINK N600R V4.3.0cu.7647_B20210106 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro pin en la funci\u00f3n setWiFiWpsConfig." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-229xx/CVE-2025-22911.json b/CVE-2025/CVE-2025-229xx/CVE-2025-22911.json index ea3fd35b8c9..ef343221bfd 100644 --- a/CVE-2025/CVE-2025-229xx/CVE-2025-22911.json +++ b/CVE-2025/CVE-2025-229xx/CVE-2025-22911.json @@ -2,13 +2,17 @@ "id": "CVE-2025-22911", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T23:15:42.550", - "lastModified": "2025-04-15T23:15:42.550", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formiNICbasicREP function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que RE11S v1.11 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro rootAPmac en la funci\u00f3n formiNICbasicREP." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-23xx/CVE-2025-2314.json b/CVE-2025/CVE-2025-23xx/CVE-2025-2314.json index d7ffca7d2c7..99ab2665b04 100644 --- a/CVE-2025/CVE-2025-23xx/CVE-2025-2314.json +++ b/CVE-2025/CVE-2025-23xx/CVE-2025-2314.json @@ -2,13 +2,17 @@ "id": "CVE-2025-2314", "sourceIdentifier": "security@wordfence.com", "published": "2025-04-16T03:15:17.240", - "lastModified": "2025-04-16T03:15:17.240", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\r\nThe issue was partially patched in version 3.13.6 of the plugin, and fully patched in 3.13.7." + }, + { + "lang": "es", + "value": "El complemento User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles & User Role Editor para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s de los shortcodes del complemento en todas las versiones hasta la 3.13.5 incluida, debido a una depuraci\u00f3n de entrada y al escape de salida insuficiente en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada. El problema se solucion\u00f3 parcialmente en la versi\u00f3n 3.13.6 del complemento y completamente en la 3.13.7." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-242xx/CVE-2025-24297.json b/CVE-2025/CVE-2025-242xx/CVE-2025-24297.json index 7211c43a1ff..60cbcbbba83 100644 --- a/CVE-2025/CVE-2025-242xx/CVE-2025-24297.json +++ b/CVE-2025/CVE-2025-242xx/CVE-2025-24297.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24297", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:15.990", - "lastModified": "2025-04-15T22:15:15.990", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal." + }, + { + "lang": "es", + "value": "Debido a la falta de validaci\u00f3n de entrada del lado del servidor, los atacantes pueden inyectar c\u00f3digo JavaScript malicioso en los espacios personales de los usuarios del portal web." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24315.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24315.json index 1eac4c65ceb..0620809711e 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24315.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24315.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24315", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:16.143", - "lastModified": "2025-04-15T22:15:16.143", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users)." + }, + { + "lang": "es", + "value": "Los atacantes no autenticados pueden agregar dispositivos de otros usuarios a sus escenas (o escenas arbitrarias de otros usuarios arbitrarios)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24358.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24358.json index 6e0a9c607fe..6f548c7213e 100644 --- a/CVE-2025/CVE-2025-243xx/CVE-2025-24358.json +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24358.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24358", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T19:16:07.193", - "lastModified": "2025-04-15T19:16:07.193", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the r.URL.Scheme value. However, this value is never populated for \"server\" requests per the Go spec, and so this check does not run in practice. This vulnerability allows an attacker who has gained XSS on a subdomain or top level domain to perform authenticated form submissions against gorilla/csrf protected targets that share the same top level domain. This vulnerability is fixed in 1.7.2." + }, + { + "lang": "es", + "value": "gorilla/csrf proporciona middleware para la prevenci\u00f3n de Cross-Site Request Forgery (CSRF) en aplicaciones y servicios web de Go. Antes de la versi\u00f3n 1.7.2, gorilla/csrf no validaba el encabezado \"Origin\" con una lista de permitidos. Validaba el encabezado \"Referer\" para solicitudes de origen cruzado solo cuando cre\u00eda que la solicitud se atend\u00eda mediante TLS. Esto se determina inspeccionando el valor de r.URL.Scheme. Sin embargo, este valor nunca se rellena para las solicitudes de \"servidor\" seg\u00fan la especificaci\u00f3n de Go, por lo que esta comprobaci\u00f3n no se ejecuta en la pr\u00e1ctica. Esta vulnerabilidad permite a un atacante que ha obtenido XSS en un subdominio o dominio de nivel superior realizar env\u00edos de formularios autenticados contra objetivos protegidos por gorilla/csrf que comparten el mismo dominio de nivel superior. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 1.7.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-244xx/CVE-2025-24487.json b/CVE-2025/CVE-2025-244xx/CVE-2025-24487.json index 34ff730ce2b..d11d24dbf39 100644 --- a/CVE-2025/CVE-2025-244xx/CVE-2025-24487.json +++ b/CVE-2025/CVE-2025-244xx/CVE-2025-24487.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24487", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T21:15:54.717", - "lastModified": "2025-04-15T21:15:54.717", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attacker can infer the existence of usernames in the system by querying an API." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede inferir la existencia de nombres de usuario en el sistema consultando una API." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-248xx/CVE-2025-24839.json b/CVE-2025/CVE-2025-248xx/CVE-2025-24839.json index 021e4bc2152..b2e5b5b5684 100644 --- a/CVE-2025/CVE-2025-248xx/CVE-2025-24839.json +++ b/CVE-2025/CVE-2025-248xx/CVE-2025-24839.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24839", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-04-16T08:15:13.987", - "lastModified": "2025-04-16T08:15:13.987", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activate_ai override property to a post via the Wrangler plugin, provided both the AI and Wrangler plugins are enabled." + }, + { + "lang": "es", + "value": "Las versiones de Mattermost 10.5.x <= 10.5.1, 10.4.x <= 10.4.3 y 9.11.x <= 9.11.9 no impiden que las publicaciones de Wrangler activen respuestas de la IA. Esta vulnerabilidad permite a los usuarios sin acceso al bot de IA activarlo adjuntando la propiedad de anulaci\u00f3n activate_ai a una publicaci\u00f3n mediante el complemento de Wrangler, siempre que ambos complementos est\u00e9n habilitados." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-248xx/CVE-2025-24850.json b/CVE-2025/CVE-2025-248xx/CVE-2025-24850.json index edac8b66d7e..f686fd27486 100644 --- a/CVE-2025/CVE-2025-248xx/CVE-2025-24850.json +++ b/CVE-2025/CVE-2025-248xx/CVE-2025-24850.json @@ -2,13 +2,17 @@ "id": "CVE-2025-24850", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:16.283", - "lastModified": "2025-04-15T22:15:16.283", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker can export other users' plant information." + }, + { + "lang": "es", + "value": "Un atacante puede exportar informaci\u00f3n de la planta de otros usuarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-24xx/CVE-2025-2497.json b/CVE-2025/CVE-2025-24xx/CVE-2025-2497.json index 348e9a9a9a1..c9a4a5f3e55 100644 --- a/CVE-2025/CVE-2025-24xx/CVE-2025-2497.json +++ b/CVE-2025/CVE-2025-24xx/CVE-2025-2497.json @@ -2,13 +2,17 @@ "id": "CVE-2025-2497", "sourceIdentifier": "psirt@autodesk.com", "published": "2025-04-15T21:15:56.630", - "lastModified": "2025-04-15T21:15:56.630", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process." + }, + { + "lang": "es", + "value": "Un archivo DWG manipulado con fines maliciosos, al analizarse mediante Autodesk Revit, puede causar una vulnerabilidad de desbordamiento de b\u00fafer basado en pila. Un agente malicioso puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-252xx/CVE-2025-25276.json b/CVE-2025/CVE-2025-252xx/CVE-2025-25276.json index b3736a1ece8..a6c3b955512 100644 --- a/CVE-2025/CVE-2025-252xx/CVE-2025-25276.json +++ b/CVE-2025/CVE-2025-252xx/CVE-2025-25276.json @@ -2,13 +2,17 @@ "id": "CVE-2025-25276", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:16.430", - "lastModified": "2025-04-15T22:15:16.430", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attacker can hijack other users' devices and potentially control them." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede secuestrar los dispositivos de otros usuarios y potencialmente controlarlos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-254xx/CVE-2025-25453.json b/CVE-2025/CVE-2025-254xx/CVE-2025-25453.json index bc8d143c105..1166e0ed381 100644 --- a/CVE-2025/CVE-2025-254xx/CVE-2025-25453.json +++ b/CVE-2025/CVE-2025-254xx/CVE-2025-25453.json @@ -2,13 +2,17 @@ "id": "CVE-2025-25453", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T23:15:42.647", - "lastModified": "2025-04-15T23:15:42.647", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2." + }, + { + "lang": "es", + "value": "Tenda AC10 V4.0si_V16.03.10.20 es vulnerable al desbordamiento del b\u00fafer en AdvSetMacMtuWan a trav\u00e9s de serviceName2." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-254xx/CVE-2025-25456.json b/CVE-2025/CVE-2025-254xx/CVE-2025-25456.json index f87416b15d0..7ea4c37263f 100644 --- a/CVE-2025/CVE-2025-254xx/CVE-2025-25456.json +++ b/CVE-2025/CVE-2025-254xx/CVE-2025-25456.json @@ -2,13 +2,17 @@ "id": "CVE-2025-25456", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T19:16:07.327", - "lastModified": "2025-04-15T21:15:54.877", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2." + }, + { + "lang": "es", + "value": "Tenda AC10 V4.0si_V16.03.10.20 es vulnerable al desbordamiento del b\u00fafer en AdvSetMacMtuWan a trav\u00e9s de mac2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-254xx/CVE-2025-25458.json b/CVE-2025/CVE-2025-254xx/CVE-2025-25458.json index 2472933f0cc..f0dc20aabcb 100644 --- a/CVE-2025/CVE-2025-254xx/CVE-2025-25458.json +++ b/CVE-2025/CVE-2025-254xx/CVE-2025-25458.json @@ -2,13 +2,17 @@ "id": "CVE-2025-25458", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T23:15:42.747", - "lastModified": "2025-04-15T23:15:42.747", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2." + }, + { + "lang": "es", + "value": "Tenda AC10 V4.0si_V16.03.10.20 es vulnerable a un desbordamiento de b\u00fafer en AdvSetMacMtuWan a trav\u00e9s de serverName2." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-25xx/CVE-2025-2567.json b/CVE-2025/CVE-2025-25xx/CVE-2025-2567.json index 0f364d11bb6..241e34a1cc0 100644 --- a/CVE-2025/CVE-2025-25xx/CVE-2025-2567.json +++ b/CVE-2025/CVE-2025-25xx/CVE-2025-2567.json @@ -2,13 +2,17 @@ "id": "CVE-2025-2567", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T20:15:38.990", - "lastModified": "2025-04-15T20:15:38.990", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker could modify or disable settings, disrupt fuel monitoring \nand supply chain operations, leading to disabling of ATG monitoring. \nThis would result in potential safety hazards in fuel storage and \ntransportation." + }, + { + "lang": "es", + "value": "Un atacante podr\u00eda modificar o deshabilitar la configuraci\u00f3n, interrumpir el monitoreo de combustible y las operaciones de la cadena de suministro, lo que provocar\u00eda la desactivaci\u00f3n del monitoreo de ATG. Esto podr\u00eda generar riesgos de seguridad en el almacenamiento y transporte de combustible." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-267xx/CVE-2025-26730.json b/CVE-2025/CVE-2025-267xx/CVE-2025-26730.json index 92d73af86d3..66cc8c1d405 100644 --- a/CVE-2025/CVE-2025-267xx/CVE-2025-26730.json +++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26730.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26730", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:16.577", - "lastModified": "2025-04-15T22:15:16.577", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial del sistema a una esfera de control no autorizada en NotFound Macro Calculator with Admin Email Optin & Data. Este problema afecta a la Macro Calculadora con suscripci\u00f3n y datos de correo electr\u00f3nico de administrador desde la versi\u00f3n n/d hasta la 1.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-267xx/CVE-2025-26740.json b/CVE-2025/CVE-2025-267xx/CVE-2025-26740.json index 3f025d11e21..6c86eb6dcd6 100644 --- a/CVE-2025/CVE-2025-267xx/CVE-2025-26740.json +++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26740.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26740", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:16.717", - "lastModified": "2025-04-15T22:15:16.717", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burgersoftware SpaBiz allows DOM-Based XSS. This issue affects SpaBiz: from n/a through 1.0.18." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en burgersoftware SpaBiz que permite XSS basado en DOM. Este problema afecta a SpaBiz desde n/d hasta la versi\u00f3n 1.0.18." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-267xx/CVE-2025-26746.json b/CVE-2025/CVE-2025-267xx/CVE-2025-26746.json index 039c6564457..41923456448 100644 --- a/CVE-2025/CVE-2025-267xx/CVE-2025-26746.json +++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26746.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26746", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:16.893", - "lastModified": "2025-04-15T22:15:16.893", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Advanced Custom Fields: Link Picker Field allows Reflected XSS. This issue affects Advanced Custom Fields: Link Picker Field: from n/a through 1.2.8." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NotFound Advanced Custom Fields: Link Picker Field permite XSS reflejado. Este problema afecta a los campos personalizados avanzados: el campo Selector de enlaces, desde n/d hasta la versi\u00f3n 1.2.8." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-267xx/CVE-2025-26748.json b/CVE-2025/CVE-2025-267xx/CVE-2025-26748.json index 157845aec9b..7ac7da9923b 100644 --- a/CVE-2025/CVE-2025-267xx/CVE-2025-26748.json +++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26748.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26748", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:17.053", - "lastModified": "2025-04-15T22:15:17.053", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en LOOS, Inc. Arkhe permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a Arkhe desde la versi\u00f3n n/d hasta la 3.11.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-267xx/CVE-2025-26749.json b/CVE-2025/CVE-2025-267xx/CVE-2025-26749.json index cd4b35cc499..440f93870c6 100644 --- a/CVE-2025/CVE-2025-267xx/CVE-2025-26749.json +++ b/CVE-2025/CVE-2025-267xx/CVE-2025-26749.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26749", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:17.210", - "lastModified": "2025-04-15T22:15:17.210", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through 1.7.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WPFactory Additional Custom Product Tabs for WooCommerce permite XSS almacenado. Este problema afecta a las Pesta\u00f1as de Producto Personalizadas Adicionales de WooCommerce desde n/d hasta la versi\u00f3n 1.7.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26857.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26857.json index d1ccffc8897..f07beb19186 100644 --- a/CVE-2025/CVE-2025-268xx/CVE-2025-26857.json +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26857.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26857", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:17.360", - "lastModified": "2025-04-15T22:15:17.360", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers)." + }, + { + "lang": "es", + "value": "Los atacantes no autenticados pueden cambiar el nombre de dispositivos arbitrarios de usuarios arbitrarios (es decir, cargadores de veh\u00edculos el\u00e9ctricos)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26870.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26870.json index e24147ad7d7..d1b78f41d58 100644 --- a/CVE-2025/CVE-2025-268xx/CVE-2025-26870.json +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26870.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26870", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:17.503", - "lastModified": "2025-04-15T22:15:17.503", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetEngine allows DOM-Based XSS. This issue affects JetEngine: from n/a through 3.6.4.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NotFound JetEngine permite XSS basado en DOM. Este problema afecta a JetEngine desde n/d hasta la versi\u00f3n 3.6.4.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-268xx/CVE-2025-26880.json b/CVE-2025/CVE-2025-268xx/CVE-2025-26880.json index 9ee87f6ab3f..b2d506907c3 100644 --- a/CVE-2025/CVE-2025-268xx/CVE-2025-26880.json +++ b/CVE-2025/CVE-2025-268xx/CVE-2025-26880.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26880", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:17.643", - "lastModified": "2025-04-15T22:15:17.643", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar allows Stored XSS. This issue affects SKT Skill Bar: from n/a through 2.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en sonalsinha21 SKT Skill Bar que permite XSS almacenado. Este problema afecta a la barra de habilidades de SKT desde n/d hasta la versi\u00f3n 2.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26903.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26903.json index 91858f3557b..14c3ab76181 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26903.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26903.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26903", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:17.787", - "lastModified": "2025-04-15T22:15:17.787", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery allows Cross Site Request Forgery. This issue affects InPost Gallery: from n/a through 2.1.4.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en RealMag777 InPost Gallery permite Cross-Site Request Forgery. Este problema afecta a la galer\u00eda InPost desde la versi\u00f3n n/d hasta la 2.1.4.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26906.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26906.json index 4af4ec5e44f..6aa7c35d60d 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26906.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26906.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26906", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:17.920", - "lastModified": "2025-04-15T22:15:17.920", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts allows DOM-Based XSS. This issue affects WP Delete User Accounts: from n/a through 1.2.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Ren Ventura WP Delete User Accounts permite XSS basado en DOM. Este problema afecta a WP Delete User Accounts desde n/d hasta la versi\u00f3n 1.2.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26908.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26908.json index ade707666a3..cf0b5e91efe 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26908.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26908.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26908", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:18.057", - "lastModified": "2025-04-15T22:15:18.057", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegrat\u00f6r allows SQL Injection. This issue affects Kargo Entegrat\u00f6r: from n/a through 1.1.14." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Gurmehub Kargo Entegrat\u00f6r permite la inyecci\u00f3n SQL. Este problema afecta a Kargo Entegrat\u00f6r desde n/d hasta la versi\u00f3n 1.1.14." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26919.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26919.json index 0586cf5426b..6dd6446dbb8 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26919.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26919.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26919", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:18.190", - "lastModified": "2025-04-15T22:15:18.190", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tain\u00e1 allows Stored XSS. This issue affects Tain\u00e1: from n/a through 0.2.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Tainacan Tain\u00e1 permite XSS almacenado. Este problema afecta a Tain\u00e1 desde n/d hasta la versi\u00f3n 0.2.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26927.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26927.json index 480917db08a..03d84b1b74f 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26927.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26927.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26927", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:18.330", - "lastModified": "2025-04-15T22:15:18.330", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server. This issue affects AI Hub: from n/a through 1.3.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en EPC AI Hub permite cargar un shell web a un servidor web. Este problema afecta a AI Hub desde la versi\u00f3n n/d hasta la 1.3.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26930.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26930.json index 0716d370ef5..60b73f728ac 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26930.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26930.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26930", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:18.463", - "lastModified": "2025-04-15T22:15:18.463", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Home Services allows DOM-Based XSS. This issue affects Home Services: from n/a through 1.2.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en alleythemes Home Services permite XSS basado en DOM. Este problema afecta a los Servicios de Inicio desde n/d hasta la versi\u00f3n 1.2.6." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26934.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26934.json index 194d31fbedc..bb7ec1a24b5 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26934.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26934.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26934", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:18.607", - "lastModified": "2025-04-15T22:15:18.607", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in graphthemes Glossy Blog allows Stored XSS. This issue affects Glossy Blog: from n/a through 1.0.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en graphthemes Glossy Blog permite XSS almacenado. Este problema afecta a Glossy Blog desde n/d hasta la versi\u00f3n 1.0.3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26950.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26950.json index da5cfeb6e65..2d471a1ac78 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26950.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26950.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26950", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:18.750", - "lastModified": "2025-04-15T22:15:18.750", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonsPress Nepali Date Converter allows Stored XSS. This issue affects Nepali Date Converter: from n/a through 2.0.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en AddonsPress Nepali Date Converter permite XSS almacenado. Este problema afecta a Nepali Date Converter desde n/d hasta la versi\u00f3n 2.0.8." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26951.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26951.json index ae96210b735..7f8bb15cb35 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26951.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26951.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26951", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:18.890", - "lastModified": "2025-04-15T22:15:18.890", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks allows DOM-Based XSS. This issue affects C9 Blocks: from n/a through 1.7.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en covertnine C9 Blocks permite XSS basado en DOM. Este problema afecta a los bloques C9 desde n/d hasta la versi\u00f3n 1.7.7." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26953.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26953.json index 93b01c3a898..30776597235 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26953.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26953.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26953", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:19.027", - "lastModified": "2025-04-15T22:15:19.027", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in NotFound JetMenu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetMenu: from n/a through 2.4.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en NotFound JetMenu permite acceder a funcionalidades no restringidas correctamente por las ACL. Este problema afecta a JetMenu desde la versi\u00f3n n/d hasta la 2.4.9." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26996.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26996.json index cab60a9ad6d..f7d95953da4 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26996.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26996.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26996", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:19.163", - "lastModified": "2025-04-15T22:15:19.163", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets allows Code Injection. This issue affects Sign-up Sheets: from n/a through 2.3.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de control inadecuado de la generaci\u00f3n de c\u00f3digo ('Inyecci\u00f3n de c\u00f3digo') en Fetch Designs Sign-up Sheets permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a las hojas de registro desde n/d hasta la versi\u00f3n 2.3.0.1." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-269xx/CVE-2025-26998.json b/CVE-2025/CVE-2025-269xx/CVE-2025-26998.json index 27cb991064a..a4968c47e9a 100644 --- a/CVE-2025/CVE-2025-269xx/CVE-2025-26998.json +++ b/CVE-2025/CVE-2025-269xx/CVE-2025-26998.json @@ -2,13 +2,17 @@ "id": "CVE-2025-26998", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:19.307", - "lastModified": "2025-04-15T22:15:19.307", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks \u2013 Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks \u2013 Gutenberg based Page Builder: from n/a through 1.8." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en sonalsinha21 SKT Blocks \u2013 Gutenberg based Page Builder permite XSS almacenado. Este problema afecta a Bloques SKT, Constructor de p\u00e1ginas basado en Gutenberg, desde n/d hasta la versi\u00f3n 1.8." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-270xx/CVE-2025-27008.json b/CVE-2025/CVE-2025-270xx/CVE-2025-27008.json index 75a5143da36..9927d9837b1 100644 --- a/CVE-2025/CVE-2025-270xx/CVE-2025-27008.json +++ b/CVE-2025/CVE-2025-270xx/CVE-2025-27008.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27008", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:19.443", - "lastModified": "2025-04-15T22:15:19.443", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Missing Authorization vulnerability in NotFound Unlimited Timeline allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Unlimited Timeline: from n/a through n/a." + }, + { + "lang": "es", + "value": "La vulnerabilidad de falta de autorizaci\u00f3n en NotFound Unlimited Timeline permite acceder a funcionalidades no restringidas correctamente por las ACL. Este problema afecta a Unlimited Timeline: de n/d a n/d." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-270xx/CVE-2025-27011.json b/CVE-2025/CVE-2025-270xx/CVE-2025-27011.json index eeb8785c653..a2c96efbe47 100644 --- a/CVE-2025/CVE-2025-270xx/CVE-2025-27011.json +++ b/CVE-2025/CVE-2025-270xx/CVE-2025-27011.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27011", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:19.580", - "lastModified": "2025-04-15T22:15:19.580", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager allows PHP Local File Inclusion. This issue affects Booking and Rental Manager: from n/a through 2.2.8." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control inadecuado del nombre de archivo para declaraciones Include/Require en programas PHP ('Inclusi\u00f3n remota de archivos PHP') en magepeopleteam Booking and Rental Manager permite la inclusi\u00f3n local de archivos en PHP. Este problema afecta a Booking and Rental Manager desde n/d hasta la versi\u00f3n 2.2.8." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-274xx/CVE-2025-27410.json b/CVE-2025/CVE-2025-274xx/CVE-2025-27410.json index 3201c3238cc..2f7fd07e8b2 100644 --- a/CVE-2025/CVE-2025-274xx/CVE-2025-27410.json +++ b/CVE-2025/CVE-2025-274xx/CVE-2025-27410.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27410", "sourceIdentifier": "security-advisories@github.com", "published": "2025-02-28T21:15:27.677", - "lastModified": "2025-04-15T20:19:49.100", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2025-04-16T13:04:55.890", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -42,20 +42,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 7.2, - "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", + "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.2, - "impactScore": 5.9 + "impactScore": 5.2 } ] }, diff --git a/CVE-2025/CVE-2025-275xx/CVE-2025-27538.json b/CVE-2025/CVE-2025-275xx/CVE-2025-27538.json index 2485368fb06..3fad5e64589 100644 --- a/CVE-2025/CVE-2025-275xx/CVE-2025-27538.json +++ b/CVE-2025/CVE-2025-275xx/CVE-2025-27538.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27538", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-04-16T08:15:14.217", - "lastModified": "2025-04-16T08:15:14.217", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with edit_other_users permission to activate or deactivate MFA for other users, even if those users have not set up MFA." + }, + { + "lang": "es", + "value": "Las versiones de Mattermost 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 no implementan las comprobaciones de MFA en PUT /api/v4/users/user-id/mfa cuando el usuario solicitante difiere del ID del usuario de destino, lo que permite a los usuarios con permiso edit_other_users activar o desactivar MFA para otros usuarios, incluso si esos usuarios no han configurado MFA." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-275xx/CVE-2025-27561.json b/CVE-2025/CVE-2025-275xx/CVE-2025-27561.json index 572d7e24058..711879c85bf 100644 --- a/CVE-2025/CVE-2025-275xx/CVE-2025-27561.json +++ b/CVE-2025/CVE-2025-275xx/CVE-2025-27561.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27561", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:19.720", - "lastModified": "2025-04-15T22:15:19.720", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unauthenticated attackers can rename \"rooms\" of arbitrary users." + }, + { + "lang": "es", + "value": "Los atacantes no autenticados pueden cambiar el nombre de las \"salas\" de usuarios arbitrarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-275xx/CVE-2025-27565.json b/CVE-2025/CVE-2025-275xx/CVE-2025-27565.json index b41da5b252e..a8b507664cb 100644 --- a/CVE-2025/CVE-2025-275xx/CVE-2025-27565.json +++ b/CVE-2025/CVE-2025-275xx/CVE-2025-27565.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27565", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:19.867", - "lastModified": "2025-04-15T22:15:19.867", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attacker can delete any user's \"rooms\" by knowing the user's and room IDs." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede eliminar las \"salas\" de cualquier usuario al conocer los identificadores del usuario y de la sala." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-275xx/CVE-2025-27568.json b/CVE-2025/CVE-2025-275xx/CVE-2025-27568.json index aa1be0b48a0..e32facdfa9d 100644 --- a/CVE-2025/CVE-2025-275xx/CVE-2025-27568.json +++ b/CVE-2025/CVE-2025-275xx/CVE-2025-27568.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27568", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T21:15:55.060", - "lastModified": "2025-04-15T21:15:55.060", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attacker can get users' emails by knowing usernames. A password reset email will be sent in response to this unsolicited request." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede obtener los correos electr\u00f3nicos de los usuarios conociendo sus nombres de usuario. Se enviar\u00e1 un correo electr\u00f3nico de restablecimiento de contrase\u00f1a en respuesta a esta solicitud no solicitada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-275xx/CVE-2025-27571.json b/CVE-2025/CVE-2025-275xx/CVE-2025-27571.json index 1635b35764c..cf6e83a7cbe 100644 --- a/CVE-2025/CVE-2025-275xx/CVE-2025-27571.json +++ b/CVE-2025/CVE-2025-275xx/CVE-2025-27571.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27571", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-04-16T08:15:14.353", - "lastModified": "2025-04-16T08:15:14.353", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to check the \"Allow Users to View Archived Channels\" configuration when fetching channel metadata of a post from archived channels, which allows authenticated users to access such information when a channel is archived." + }, + { + "lang": "es", + "value": "Las versiones de Mattermost 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 no marcan la configuraci\u00f3n \"Permitir a los usuarios ver canales archivados\" al obtener los metadatos del canal de una publicaci\u00f3n de canales archivados, lo que permite que los usuarios autenticados accedan a dicha informaci\u00f3n cuando un canal est\u00e1 archivado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-275xx/CVE-2025-27575.json b/CVE-2025/CVE-2025-275xx/CVE-2025-27575.json index 99d87d1f5a3..26f82616091 100644 --- a/CVE-2025/CVE-2025-275xx/CVE-2025-27575.json +++ b/CVE-2025/CVE-2025-275xx/CVE-2025-27575.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27575", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:20.013", - "lastModified": "2025-04-15T22:15:20.013", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede obtener la versi\u00f3n del cargador EV y el historial de actualizaci\u00f3n del firmware conociendo el ID del cargador." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27719.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27719.json index 7ea19cb7a5d..c8bebb2c04c 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27719.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27719.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27719", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:25.427", - "lastModified": "2025-04-15T22:15:25.427", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unauthenticated attackers can query an API endpoint and get device details." + }, + { + "lang": "es", + "value": "Los atacantes no autenticados pueden consultar un endpoint de API y obtener detalles del dispositivo." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-277xx/CVE-2025-27791.json b/CVE-2025/CVE-2025-277xx/CVE-2025-27791.json index c431167466f..7c540edb9ae 100644 --- a/CVE-2025/CVE-2025-277xx/CVE-2025-27791.json +++ b/CVE-2025/CVE-2025-277xx/CVE-2025-27791.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27791", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T19:16:07.433", - "lastModified": "2025-04-15T19:16:07.433", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhere the uid running Collabora Online can write, if such a response was supplied by a malicious WOPI server. By combining this flaw with a Time of Check, Time of Use DNS lookup issue with a WOPI server address under attacker control, it is possible to present such a response to be processed by a Collabora Online instance. This issue has been patched in versions 24.04.13.1, 23.05.19, and 22.05.25." + }, + { + "lang": "es", + "value": "Collabora Online es una suite ofim\u00e1tica colaborativa en l\u00ednea basada en la tecnolog\u00eda LibreOffice. En versiones anteriores a la 24.04.12.4, la 23.05.19 y la 22.05.25, exist\u00eda una falla de recorrido de ruta al gestionar el campo CheckFileInfo BaseFileName devuelto por los servidores WOPI. Esto permit\u00eda escribir un archivo en cualquier lugar donde el uid que ejecuta Collabora Online pudiera escribir, si dicha respuesta proven\u00eda de un servidor WOPI malicioso. Al combinar esta falla con un problema de b\u00fasqueda DNS en el tiempo de verificaci\u00f3n y el tiempo de uso con una direcci\u00f3n de servidor WOPI controlada por un atacante, es posible presentar dicha respuesta para que sea procesada por una instancia de Collabora Online. Este problema se ha corregido en las versiones 24.04.13.1, la 23.05.19 y la 22.05.25." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-278xx/CVE-2025-27892.json b/CVE-2025/CVE-2025-278xx/CVE-2025-27892.json index a47c255b573..a61a9d9adf8 100644 --- a/CVE-2025/CVE-2025-278xx/CVE-2025-27892.json +++ b/CVE-2025/CVE-2025-278xx/CVE-2025-27892.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27892", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T22:15:25.577", - "lastModified": "2025-04-15T22:15:25.577", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression." + }, + { + "lang": "es", + "value": "Las versiones anteriores a la 6.5.8.13 de Shopware se ven afectadas por una vulnerabilidad de inyecci\u00f3n SQL en el endpoint /api/search/order. NOTA: Este problema existe debido a una regresi\u00f3n de CVE-2024-22406 y CVE-2024-42357." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-279xx/CVE-2025-27927.json b/CVE-2025/CVE-2025-279xx/CVE-2025-27927.json index ca3bb4a03c0..e64f2101272 100644 --- a/CVE-2025/CVE-2025-279xx/CVE-2025-27927.json +++ b/CVE-2025/CVE-2025-279xx/CVE-2025-27927.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27927", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:25.697", - "lastModified": "2025-04-15T22:15:25.697", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede obtener una lista de dispositivos inteligentes conociendo un nombre de usuario v\u00e1lido a trav\u00e9s de una API desprotegida." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-279xx/CVE-2025-27929.json b/CVE-2025/CVE-2025-279xx/CVE-2025-27929.json index f89d7aa48ee..1ca98df815f 100644 --- a/CVE-2025/CVE-2025-279xx/CVE-2025-27929.json +++ b/CVE-2025/CVE-2025-279xx/CVE-2025-27929.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27929", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:25.850", - "lastModified": "2025-04-15T22:15:25.850", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts." + }, + { + "lang": "es", + "value": "Los atacantes no autenticados pueden recuperar la lista completa de usuarios asociados con cuentas arbitrarias." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-279xx/CVE-2025-27936.json b/CVE-2025/CVE-2025-279xx/CVE-2025-27936.json index 5f8e09f4c37..d7324c8cbce 100644 --- a/CVE-2025/CVE-2025-279xx/CVE-2025-27936.json +++ b/CVE-2025/CVE-2025-279xx/CVE-2025-27936.json @@ -2,8 +2,8 @@ "id": "CVE-2025-27936", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-04-16T10:15:14.797", - "lastModified": "2025-04-16T10:15:14.797", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-279xx/CVE-2025-27938.json b/CVE-2025/CVE-2025-279xx/CVE-2025-27938.json index 05f98155f2f..2ff4e5766dc 100644 --- a/CVE-2025/CVE-2025-279xx/CVE-2025-27938.json +++ b/CVE-2025/CVE-2025-279xx/CVE-2025-27938.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27938", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T21:15:55.273", - "lastModified": "2025-04-15T21:15:55.273", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., \"rooms\")." + }, + { + "lang": "es", + "value": "Los atacantes no autenticados pueden obtener informaci\u00f3n restringida sobre las colecciones de dispositivos inteligentes de un usuario (es decir, \"salas\")." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-279xx/CVE-2025-27939.json b/CVE-2025/CVE-2025-279xx/CVE-2025-27939.json index 319d4ec3021..852ad7f84fd 100644 --- a/CVE-2025/CVE-2025-279xx/CVE-2025-27939.json +++ b/CVE-2025/CVE-2025-279xx/CVE-2025-27939.json @@ -2,13 +2,17 @@ "id": "CVE-2025-27939", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T21:15:55.433", - "lastModified": "2025-04-15T21:15:55.433", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker can change registered email addresses of other users and take over arbitrary accounts." + }, + { + "lang": "es", + "value": "Un atacante puede cambiar las direcciones de correo electr\u00f3nico registradas de otros usuarios y apoderarse de cuentas arbitrarias." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-283xx/CVE-2025-28399.json b/CVE-2025/CVE-2025-283xx/CVE-2025-28399.json index dd09bdc582a..be8385cb70b 100644 --- a/CVE-2025/CVE-2025-283xx/CVE-2025-28399.json +++ b/CVE-2025/CVE-2025-283xx/CVE-2025-28399.json @@ -2,13 +2,17 @@ "id": "CVE-2025-28399", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T19:16:07.567", - "lastModified": "2025-04-15T19:16:07.567", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class." + }, + { + "lang": "es", + "value": "Un problema en Erick xmall v.1.1 y anteriores permite que un atacante remoto escale privilegios a trav\u00e9s del m\u00e9todo updateAddress de la clase Address Controller." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-292xx/CVE-2025-29213.json b/CVE-2025/CVE-2025-292xx/CVE-2025-29213.json index 3fd1ce08bf6..18df330cea1 100644 --- a/CVE-2025/CVE-2025-292xx/CVE-2025-29213.json +++ b/CVE-2025/CVE-2025-292xx/CVE-2025-29213.json @@ -2,13 +2,17 @@ "id": "CVE-2025-29213", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T19:16:07.673", - "lastModified": "2025-04-15T19:16:07.673", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A zip slip vulnerability in the component \\service\\migrate\\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a crafted Zip file." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de deslizamiento zip en el componente \\service\\migrate\\MigrateForm.java de JEEWMS v3.7 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo Zip manipulado." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-294xx/CVE-2025-29471.json b/CVE-2025/CVE-2025-294xx/CVE-2025-29471.json index ef31edde9fd..3f54cce72b2 100644 --- a/CVE-2025/CVE-2025-294xx/CVE-2025-29471.json +++ b/CVE-2025/CVE-2025-294xx/CVE-2025-29471.json @@ -2,13 +2,17 @@ "id": "CVE-2025-29471", "sourceIdentifier": "cve@mitre.org", "published": "2025-04-15T22:15:25.997", - "lastModified": "2025-04-15T22:15:25.997", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Scripting en Nagios Log Server v.2024R1.3.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload en el campo de correo electr\u00f3nico." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-301xx/CVE-2025-30100.json b/CVE-2025/CVE-2025-301xx/CVE-2025-30100.json index 715ca1d4e63..f50e076e1fd 100644 --- a/CVE-2025/CVE-2025-301xx/CVE-2025-30100.json +++ b/CVE-2025/CVE-2025-301xx/CVE-2025-30100.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30100", "sourceIdentifier": "security_alert@emc.com", "published": "2025-04-16T02:15:41.270", - "lastModified": "2025-04-16T02:15:41.270", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell Alienware Command Center 6.x, versions prior to 6.7.37.0 contain an Improper Access Control Vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges." + }, + { + "lang": "es", + "value": "Dell Alienware Command Center 6.x, versiones anteriores a la 6.7.37.0, contiene una vulnerabilidad de control de acceso inadecuado. Un atacante con pocos privilegios y acceso local podr\u00eda explotar esta vulnerabilidad, lo que conllevar\u00eda una elevaci\u00f3n de privilegios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-302xx/CVE-2025-30206.json b/CVE-2025/CVE-2025-302xx/CVE-2025-30206.json index 2a45122a058..30e8410cd81 100644 --- a/CVE-2025/CVE-2025-302xx/CVE-2025-30206.json +++ b/CVE-2025/CVE-2025-302xx/CVE-2025-30206.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30206", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T20:15:39.127", - "lastModified": "2025-04-15T20:15:39.127", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers to analyze the source code, discover the embedded secret, and craft legitimate JWT tokens. By forging these tokens, an attacker can successfully bypass authentication mechanisms, impersonate privileged users, and gain unauthorized administrative access. Consequently, this enables full control over the host machine, potentially leading to severe consequences such as sensitive data exposure, unauthorized command execution, privilege escalation, or further lateral movement within the network environment. This issue is patched in version 1.6.1. A workaround for this vulnerability involves replacing the hardcoded secret with a securely generated value and load it from secure configuration storage." + }, + { + "lang": "es", + "value": "Dpanel es un sistema de panel de visualizaci\u00f3n de Docker que proporciona funciones completas de gesti\u00f3n de Docker. El servicio Dpanel contiene un secreto JWT codificado en su configuraci\u00f3n predeterminada, lo que permite a los atacantes generar tokens JWT v\u00e1lidos y comprometer el equipo host. Esta falla de seguridad permite a los atacantes analizar el c\u00f3digo fuente, descubrir el secreto incrustado y crear tokens JWT leg\u00edtimos. Al falsificar estos tokens, un atacante puede eludir los mecanismos de autenticaci\u00f3n, suplantar a usuarios con privilegios y obtener acceso administrativo no autorizado. En consecuencia, esto permite el control total del equipo host, lo que puede conllevar graves consecuencias, como la exposici\u00f3n de datos confidenciales, la ejecuci\u00f3n no autorizada de comandos, la escalada de privilegios o un mayor movimiento lateral dentro del entorno de red. Este problema est\u00e1 corregido en la versi\u00f3n 1.6.1. Un workaround para esta vulnerabilidad consiste en reemplazar el secreto codificado con un valor generado de forma segura y cargarlo desde un almacenamiento de configuraci\u00f3n seguro." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-302xx/CVE-2025-30215.json b/CVE-2025/CVE-2025-302xx/CVE-2025-30215.json index a4ef9dc431e..619044ae012 100644 --- a/CVE-2025/CVE-2025-302xx/CVE-2025-30215.json +++ b/CVE-2025/CVE-2025-302xx/CVE-2025-30215.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30215", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-16T00:15:19.767", - "lastModified": "2025-04-16T01:15:53.670", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with JS management permissions in any account to perform certain administrative actions on any JS asset in any other account. At least one of the unprotected APIs allows for data destruction. None of the affected APIs allow disclosing stream contents. This vulnerability is fixed in v2.11.1 or v2.10.27." + }, + { + "lang": "es", + "value": "NATS-Server es un servidor de alto rendimiento para NATS.io, el sistema de mensajer\u00eda nativo en la nube y el edge. En versiones a partir de la 2.2.0, pero anteriores a las 2.10.27 y 2.11.1, la gesti\u00f3n de los recursos de JetStream se realiza mediante mensajes en el espacio de nombres de sujeto $JS. de la cuenta del sistema; este espacio est\u00e1 parcialmente expuesto en las cuentas normales para que los titulares de las cuentas puedan gestionar sus recursos. Algunas solicitudes a la API de JS carec\u00edan de controles de acceso, lo que permit\u00eda a cualquier usuario con permisos de gesti\u00f3n de JS en cualquier cuenta realizar ciertas acciones administrativas en cualquier recurso de JS de cualquier otra cuenta. Al menos una de las API sin protecci\u00f3n permite la destrucci\u00f3n de datos. Ninguna de las API afectadas permite divulgar el contenido de los flujos de datos. Esta vulnerabilidad se ha corregido en las versiones 2.11.1 o 2.10.27." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-302xx/CVE-2025-30254.json b/CVE-2025/CVE-2025-302xx/CVE-2025-30254.json index 83ae5c9b125..2dd649d0210 100644 --- a/CVE-2025/CVE-2025-302xx/CVE-2025-30254.json +++ b/CVE-2025/CVE-2025-302xx/CVE-2025-30254.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30254", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T21:15:56.807", - "lastModified": "2025-04-15T21:15:56.807", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede obtener el n\u00famero de serie de uno o m\u00e1s medidores inteligentes utilizando el nombre de usuario de su propietario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-302xx/CVE-2025-30257.json b/CVE-2025/CVE-2025-302xx/CVE-2025-30257.json index 69553cf3a92..3720c1cecde 100644 --- a/CVE-2025/CVE-2025-302xx/CVE-2025-30257.json +++ b/CVE-2025/CVE-2025-302xx/CVE-2025-30257.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30257", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:26.117", - "lastModified": "2025-04-15T22:15:26.117", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account." + }, + { + "lang": "es", + "value": "Los atacantes no autenticados pueden recuperar el n\u00famero de serie de los medidores inteligentes asociados a una cuenta de usuario espec\u00edfica." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-305xx/CVE-2025-30510.json b/CVE-2025/CVE-2025-305xx/CVE-2025-30510.json index 2140530f7d3..3b7b253fbdd 100644 --- a/CVE-2025/CVE-2025-305xx/CVE-2025-30510.json +++ b/CVE-2025/CVE-2025-305xx/CVE-2025-30510.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30510", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:26.260", - "lastModified": "2025-04-15T22:15:26.260", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker can upload an arbitrary file instead of a plant image." + }, + { + "lang": "es", + "value": "Un atacante puede cargar un archivo arbitrario en lugar de una imagen de planta." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-305xx/CVE-2025-30511.json b/CVE-2025/CVE-2025-305xx/CVE-2025-30511.json index 33da4b799a0..5eb888e8aaa 100644 --- a/CVE-2025/CVE-2025-305xx/CVE-2025-30511.json +++ b/CVE-2025/CVE-2025-305xx/CVE-2025-30511.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30511", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T21:15:56.953", - "lastModified": "2025-04-15T21:15:56.953", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant." + }, + { + "lang": "es", + "value": "Un atacante autenticado puede lograr XSS almacenado explotando la depuraci\u00f3n incorrecta del valor del nombre de la planta al agregar o editar una planta." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-305xx/CVE-2025-30512.json b/CVE-2025/CVE-2025-305xx/CVE-2025-30512.json index 45fcd4e7554..ddd55e83085 100644 --- a/CVE-2025/CVE-2025-305xx/CVE-2025-30512.json +++ b/CVE-2025/CVE-2025-305xx/CVE-2025-30512.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30512", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:26.403", - "lastModified": "2025-04-15T22:15:26.403", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off)." + }, + { + "lang": "es", + "value": "Los atacantes no autenticados pueden enviar configuraciones al dispositivo y posiblemente realizar acciones f\u00edsicas de forma remota (por ejemplo, encendido/apagado)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-305xx/CVE-2025-30514.json b/CVE-2025/CVE-2025-305xx/CVE-2025-30514.json index fc8ddedbdaf..751e2b3321b 100644 --- a/CVE-2025/CVE-2025-305xx/CVE-2025-30514.json +++ b/CVE-2025/CVE-2025-305xx/CVE-2025-30514.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30514", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T21:15:57.090", - "lastModified": "2025-04-15T21:15:57.090", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., \"scenes\")." + }, + { + "lang": "es", + "value": "Los atacantes no autenticados pueden obtener informaci\u00f3n restringida sobre las colecciones de dispositivos inteligentes de un usuario (es decir, \"escenas\")." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30681.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30681.json index 14bb839c96e..8e64aa4a51c 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30681.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30681.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30681", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:57.233", - "lastModified": "2025-04-15T21:15:57.233", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Replication). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden permitir que un atacante no autorizado cause una denegaci\u00f3n de servicio parcial (DOS parcial) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 2.7 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30682.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30682.json index 97a7aad5258..6e337757335 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30682.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30682.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30682", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:57.347", - "lastModified": "2025-04-15T21:15:57.347", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 6.5 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30683.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30683.json index 5b43083b0a9..4f6183e1b50 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30683.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30683.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30683", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:57.447", - "lastModified": "2025-04-15T21:15:57.447", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Replication). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30684.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30684.json index 43845d565f4..9bb7eccd2b0 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30684.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30684.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30684", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:57.560", - "lastModified": "2025-04-15T21:15:57.560", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Replication). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30685.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30685.json index 7c68a4d1bed..eaf7b90d771 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30685.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30685.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30685", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:57.670", - "lastModified": "2025-04-15T21:15:57.670", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Replication). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30686.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30686.json index a0d0ebb6409..25c8a4317e7 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30686.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30686.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30686", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:57.787", - "lastModified": "2025-04-15T21:15:57.787", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Supported versions that are affected are 19.1-19.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Hospitality Simphony de Oracle Food and Beverage Applications (componente: EMC). Las versiones compatibles afectadas son la 19.1-19.7. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Hospitality Simphony. Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de Oracle Hospitality Simphony, as\u00ed como en actualizaciones, inserciones o eliminaciones no autorizadas de algunos de los datos accesibles de Oracle Hospitality Simphony y la posibilidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Hospitality Simphony. Puntuaci\u00f3n base de CVSS 3.1: 7.6 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30687.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30687.json index 75846363f4d..885da836743 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30687.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30687.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30687", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:57.903", - "lastModified": "2025-04-15T21:15:57.903", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 6.5 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30688.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30688.json index 834ff2b6c67..33fd8bf12f8 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30688.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30688.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30688", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:58.013", - "lastModified": "2025-04-15T21:15:58.013", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 6.5 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30689.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30689.json index 204757ff32f..0790d73c17f 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30689.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30689.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30689", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:58.130", - "lastModified": "2025-04-15T21:15:58.130", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30690.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30690.json index 004d37cff3e..39fdd354d9a 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30690.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30690.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30690", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:58.247", - "lastModified": "2025-04-15T21:15:58.247", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Solaris de Oracle Systems (componente: Sistema de archivos). La versi\u00f3n compatible afectada es la 11. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante con privilegios elevados, con acceso a la infraestructura donde se ejecuta Oracle Solaris, comprometa Oracle Solaris. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante y, si bien la vulnerabilidad se encuentra en Oracle Solaris, pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Oracle Solaris. Puntuaci\u00f3n base de CVSS 3.1: 7.2 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30691.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30691.json index e4e688237d5..b0790d12b5c 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30691.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30691.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30691", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:58.360", - "lastModified": "2025-04-15T21:15:58.360", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and 24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Java SE (componente: Compilador). Las versiones compatibles afectadas son Oracle Java SE: 21.0.6, 24; Oracle GraalVM para JDK: 21.0.6 y 24. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer Oracle Java SE. Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de Oracle Java SE, as\u00ed como en accesos de lectura no autorizados a un subconjunto de dichos datos. Nota: Esta vulnerabilidad puede explotarse mediante el uso de las API del componente especificado, por ejemplo, a trav\u00e9s de un servicio web que suministra datos a las API. Esta vulnerabilidad tambi\u00e9n afecta a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java en entornos aislados, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo proveniente de internet) y dependen del entorno aislado de Java para su seguridad. Puntuaci\u00f3n base de CVSS 3.1: 4.8 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30692.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30692.json index 134b4bf9dc6..4a48cd09f14 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30692.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30692.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30692", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:58.470", - "lastModified": "2025-04-15T21:15:58.470", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.2.7-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupplier Portal accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle iSupplier Portal de Oracle E-Business Suite (componente: Adjuntos). Las versiones compatibles afectadas son 12.2.7-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle iSupplier Portal. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en el acceso no autorizado a datos cr\u00edticos o en el acceso completo a todos los datos accesibles de Oracle iSupplier Portal. Puntuaci\u00f3n base de CVSS 3.1: 6.5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30693.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30693.json index 303ebeb3793..d22e69696dc 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30693.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30693.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30693", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:58.580", - "lastModified": "2025-04-15T21:15:58.580", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques con \u00e9xito pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server, as\u00ed como actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 5.5 (Afecta a la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30694.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30694.json index 75d16352682..a2b582e6466 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30694.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30694.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30694", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:58.697", - "lastModified": "2025-04-15T21:15:58.697", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in XML Database, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of XML Database accessible data as well as unauthorized read access to a subset of XML Database accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el componente XML Database de Oracle Database Server. Las versiones compatibles afectadas son 19.3-19.26, 21.3-21.17 y 23.4-23.7. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios bajos, con privilegios de cuenta de usuario y acceso a la red a trav\u00e9s de HTTP, comprometer XML Database. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante y, si bien la vulnerabilidad se encuentra en XML Database, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de XML Database, as\u00ed como en accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 5.4 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30695.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30695.json index 0f89bd1f7bb..91d4f9b8501 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30695.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30695.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30695", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:58.810", - "lastModified": "2025-04-15T21:15:58.810", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques con \u00e9xito pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server, as\u00ed como actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 5.5 (Afecta a la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30696.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30696.json index 36b7ea2c8f7..900a3edb980 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30696.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30696.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30696", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:58.917", - "lastModified": "2025-04-15T21:15:58.917", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: PS). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30697.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30697.json index 98a47986156..7e471dea35f 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30697.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30697.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30697", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:59.030", - "lastModified": "2025-04-15T21:15:59.030", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft (componente: Panel Processor). Las versiones compatibles afectadas son las 8.60, 8.61 y 8.62. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer PeopleSoft Enterprise PeopleTools. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante y, si bien la vulnerabilidad afecta a PeopleSoft Enterprise PeopleTools, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de PeopleSoft Enterprise PeopleTools, as\u00ed como en accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 5.4 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30698.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30698.json index 93a65556bb3..c231de571fc 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30698.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30698.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30698", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:59.137", - "lastModified": "2025-04-15T21:15:59.137", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition: 20.3.17 and 21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition (componente 2D). Las versiones compatibles afectadas son Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6 y 24; Oracle GraalVM para JDK: 17.0.14, 21.0.6 y 24; Oracle GraalVM Enterprise Edition: 20.3.17 y 21.3.13. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM para JDK y Oracle GraalVM Enterprise Edition. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos datos accesibles de Oracle Java SE, Oracle GraalVM for JDK y Oracle GraalVM Enterprise Edition, as\u00ed como acceso no autorizado a lecturas de subconjuntos de datos accesibles de Oracle Java SE, Oracle GraalVM for JDK y Oracle GraalVM Enterprise Edition, y la capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM for JDK y Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start o subprogramas Java en un entorno aislado, que cargan y ejecutan c\u00f3digo no confiable (p. ej., c\u00f3digo proveniente de internet) y dependen del entorno aislado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, generalmente en servidores, que cargan y ejecutan solo c\u00f3digo confiable (p. ej., c\u00f3digo instalado por un administrador). Puntuaci\u00f3n base CVSS 3.1: 5.6 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-306xx/CVE-2025-30699.json b/CVE-2025/CVE-2025-306xx/CVE-2025-30699.json index ae922e3ea15..324af1babc7 100644 --- a/CVE-2025/CVE-2025-306xx/CVE-2025-30699.json +++ b/CVE-2025/CVE-2025-306xx/CVE-2025-30699.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30699", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:59.247", - "lastModified": "2025-04-15T21:15:59.247", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Procedimiento Almacenado). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30700.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30700.json index 76ee324f5b6..1eb6f3f4a4d 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30700.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30700.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30700", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:59.357", - "lastModified": "2025-04-15T21:15:59.357", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: M\u00f3dulo de autenticaci\u00f3n conectable). La versi\u00f3n compatible afectada es la 11. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Solaris. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Solaris. Puntuaci\u00f3n base de CVSS 3.1: 3.5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30701.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30701.json index 442fcd669ae..427f5d9af6a 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30701.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30701.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30701", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:59.470", - "lastModified": "2025-04-15T21:15:59.470", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the RAS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via Oracle Net to compromise RAS Security. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all RAS Security accessible data as well as unauthorized access to critical data or complete access to all RAS Security accessible data. CVSS 3.1 Base Score 7.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el componente de seguridad RAS de Oracle Database Server. Las versiones compatibles afectadas son 19.3-19.26, 21.3-21.17 y 23.4-23.7. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios bajos, con privilegios de cuenta de usuario y acceso a la red a trav\u00e9s de Oracle Net, comprometer la seguridad RAS. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos cr\u00edticos o de todos los datos accesibles de seguridad RAS, as\u00ed como en el acceso no autorizado a datos cr\u00edticos o al acceso completo a todos los datos accesibles de seguridad RAS. Puntuaci\u00f3n base CVSS 3.1: 7.3 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30702.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30702.json index 18a558e8028..bc7a043018d 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30702.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30702.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30702", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:59.580", - "lastModified": "2025-04-15T21:15:59.580", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Fleet Patching and amp; Provisioning accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el componente Fleet Patching and Provisioning de Oracle Database Server. Las versiones compatibles afectadas son la 19.3-19.26. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante no autenticado con acceso a la red v\u00eda HTTP comprometer Fleet Patching and Provisioning. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Fleet Patching and Provisioning. Puntuaci\u00f3n base de CVSS 3.1: 5.3 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30703.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30703.json index 57615ac15d5..4c73bd08012 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30703.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30703.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30703", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:59.697", - "lastModified": "2025-04-15T21:15:59.697", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques con \u00e9xito pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 2.7 (Afecta a la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30704.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30704.json index cdf8e00af21..16390351578 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30704.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30704.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30704", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:59.810", - "lastModified": "2025-04-15T21:15:59.810", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Components Services). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.4 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30705.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30705.json index ab6fb57bd1f..11b15eef796 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30705.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30705.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30705", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:15:59.927", - "lastModified": "2025-04-15T21:15:59.927", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: PS). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30706.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30706.json index 80cd2c9d4f9..6003722bf53 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30706.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30706.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30706", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:00.043", - "lastModified": "2025-04-15T21:16:00.043", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Connectors de Oracle MySQL (componente: Connector/J). Las versiones compatibles afectadas son 9.0.0-9.2.0. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Connectors. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de MySQL Connectors. Puntuaci\u00f3n base de CVSS 3.1: 7,5 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30707.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30707.json index 8822ae4bd04..3ccb3392a11 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30707.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30707.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30707", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:00.163", - "lastModified": "2025-04-15T21:16:00.163", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle iStore de Oracle E-Business Suite (componente: Gesti\u00f3n de Usuarios). Las versiones compatibles afectadas son 12.2.3-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante no autenticado con acceso a la red v\u00eda HTTP comprometer Oracle iStore. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de Oracle iStore. Puntuaci\u00f3n base de CVSS 3.1: 7.5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30708.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30708.json index 6a60dbe064c..3424e4a8b53 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30708.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30708.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30708", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:00.290", - "lastModified": "2025-04-15T21:16:00.290", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search and Register Users). Supported versions that are affected are 12.2.4-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle User Management de Oracle E-Business Suite (componente: Buscar y Registrar Usuarios). Las versiones compatibles afectadas son 12.2.4-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite que un atacante no autenticado con acceso a la red v\u00eda HTTP comprometa Oracle User Management. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en el acceso no autorizado a datos cr\u00edticos o en el acceso completo a todos los datos accesibles de Oracle User Management. Puntuaci\u00f3n base de CVSS 3.1: 7.5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30709.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30709.json index 9cd2b070667..bb598992c5a 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30709.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30709.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30709", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:00.420", - "lastModified": "2025-04-15T21:16:00.420", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto JD Edwards EnterpriseOne Tools de Oracle JD Edwards (componente: Web Runtime SEC). Las versiones compatibles afectadas son 9.2.0.0-9.2.9.2. Esta vulnerabilidad, f\u00e1cilmente explotable, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa JD Edwards EnterpriseOne Tools. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante y, si bien la vulnerabilidad se encuentra en JD Edwards EnterpriseOne Tools, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de JD Edwards EnterpriseOne Tools, as\u00ed como en accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 6.1 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30710.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30710.json index bd6fabb2f65..24336984923 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30710.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30710.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30710", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:00.527", - "lastModified": "2025-04-15T21:16:00.527", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Cluster de Oracle MySQL (componente: Cluster: NDBCluster Plugin). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Cluster. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Cluster. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30711.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30711.json index 12b022f2978..69b14ec1c89 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30711.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30711.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30711", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:00.637", - "lastModified": "2025-04-15T21:16:00.637", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Applications Framework de Oracle E-Business Suite (componente: Adjuntos, Carga de archivos). Las versiones compatibles afectadas son 12.2.3-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Applications Framework. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante y, si bien la vulnerabilidad se encuentra en Oracle Applications Framework, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de Oracle Applications Framework, as\u00ed como en accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 5.4 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30712.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30712.json index 2a73e15b46e..13a32062959 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30712.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30712.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30712", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:00.750", - "lastModified": "2025-04-15T21:16:00.750", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). La versi\u00f3n compatible afectada es la 7.1.6. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados, con acceso a la infraestructura donde se ejecuta Oracle VM VirtualBox, comprometer Oracle VM VirtualBox. Si bien la vulnerabilidad se encuentra en Oracle VM VirtualBox, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos cr\u00edticos o de todos los datos accesibles de Oracle VM VirtualBox, as\u00ed como en el acceso no autorizado a datos cr\u00edticos o a todos los datos accesibles de Oracle VM VirtualBox, y en la posibilidad no autorizada de provocar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle VM VirtualBox. Puntuaci\u00f3n base de CVSS 3.1: 8.1 (Afecta a la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30713.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30713.json index 4aa7038d509..cd2ba479766 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30713.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30713.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30713", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:00.860", - "lastModified": "2025-04-15T21:16:00.860", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager product of Oracle PeopleSoft (component: Job Opening). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Talent Acquisition Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Talent Acquisition Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Talent Acquisition Manager accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Talent Acquisition Manager accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en PeopleSoft Enterprise HCM Talent Acquisition Manager de Oracle PeopleSoft (componente: Oferta de empleo). La versi\u00f3n compatible afectada es la 9.2. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer PeopleSoft Enterprise HCM Talent Acquisition Manager. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante y, si bien la vulnerabilidad se encuentra en PeopleSoft Enterprise HCM Talent Acquisition Manager, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de PeopleSoft Enterprise HCM Talent Acquisition Manager, as\u00ed como en accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 5,4 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30714.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30714.json index 51d934e5956..dac042f582a 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30714.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30714.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30714", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:00.970", - "lastModified": "2025-04-15T21:16:00.970", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Connectors de Oracle MySQL (componente: Connector/Python). Las versiones compatibles afectadas son 9.0.0-9.2.0. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Connectors. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en el acceso no autorizado a datos cr\u00edticos o el acceso completo a todos los datos accesibles de MySQL Connectors. Puntuaci\u00f3n base de CVSS 3.1: 4.8 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30715.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30715.json index ff44058281a..229e8854659 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30715.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30715.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30715", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:01.080", - "lastModified": "2025-04-15T21:16:01.080", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Components Services). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.9 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30716.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30716.json index 932ed38bb91..4a0d33686ac 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30716.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30716.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30716", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:01.193", - "lastModified": "2025-04-15T21:16:01.193", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Common Applications de Oracle E-Business Suite (componente: CRM User Management Framework). Las versiones compatibles afectadas son la 12.2.3-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante no autenticado con acceso a la red v\u00eda HTTP comprometer Oracle Common Applications. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en el acceso no autorizado a datos cr\u00edticos o en el acceso completo a todos los datos accesibles de Oracle Common Applications. Puntuaci\u00f3n base de CVSS 3.1: 7.5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30717.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30717.json index e53e169d12f..f7dfe39235e 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30717.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30717.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30717", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:01.317", - "lastModified": "2025-04-15T21:16:01.317", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Teleservice product of Oracle E-Business Suite (component: Service Diagnostics Scripts). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Teleservice. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Teleservice accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Teleservice de Oracle E-Business Suite (componente: Scripts de Diagn\u00f3stico de Servicio). Las versiones compatibles afectadas son 12.2.3-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Teleservice. Los ataques exitosos de esta vulnerabilidad pueden resultar en el acceso no autorizado a datos cr\u00edticos o en el acceso completo a todos los datos accesibles de Oracle Teleservice. Puntuaci\u00f3n base de CVSS 3.1: 6.5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30718.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30718.json index 91dbb328384..856637f21c8 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30718.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30718.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30718", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:01.417", - "lastModified": "2025-04-15T21:16:01.417", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Applications Framework de Oracle E-Business Suite (componente: Adjuntos, Carga de archivos). Las versiones compatibles afectadas son 12.2.3-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Applications Framework. Los ataques con \u00e9xito pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de Oracle Applications Framework, as\u00ed como en accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 5.4 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30719.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30719.json index e9f955f88a8..8554c09b2cd 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30719.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30719.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30719", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:01.530", - "lastModified": "2025-04-15T21:16:01.530", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). La versi\u00f3n compatible afectada es la 7.1.6. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios, con acceso a la infraestructura donde se ejecuta Oracle VM VirtualBox, comprometer Oracle VM VirtualBox. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de Oracle VM VirtualBox, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle VM VirtualBox. Puntuaci\u00f3n base de CVSS 3.1: 6.1 (Afecta a la confidencialidad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30720.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30720.json index 714e83c8d93..c9fcc6dd838 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30720.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30720.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30720", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:01.647", - "lastModified": "2025-04-15T21:16:01.647", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Configurator accessible data as well as unauthorized read access to a subset of Oracle Configurator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Configurator de Oracle E-Business Suite (componente: Pedidos). Las versiones compatibles afectadas son 12.2.3-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Configurator. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante y, si bien la vulnerabilidad se encuentra en Oracle Configurator, pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de Oracle Configurator, as\u00ed como en accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 6.1 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30721.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30721.json index 60f069a7c17..53b3969c5ce 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30721.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30721.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30721", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:01.760", - "lastModified": "2025-04-15T21:16:01.760", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: UDF). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con privilegios elevados, con acceso a la infraestructura donde se ejecuta MySQL Server, comprometerlo. Los ataques exitosos requieren la intervenci\u00f3n de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de MySQL Server. Puntuaci\u00f3n base de CVSS 3.1: 4.0 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30722.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30722.json index c24dc4f4d28..5c97aefef04 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30722.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30722.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30722", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:01.870", - "lastModified": "2025-04-15T21:16:01.870", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Cliente MySQL de Oracle MySQL (componente: Cliente: mysqldump). Las versiones compatibles afectadas son 8.0.0-8.0.41, 8.4.0-8.4.4 y 9.0.0-9.2.0. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer el Cliente MySQL. Los ataques con \u00e9xito pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles del Cliente MySQL, as\u00ed como acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos datos accesibles del Cliente MySQL. Puntuaci\u00f3n base de CVSS 3.1: 5.9 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30723.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30723.json index d631ba48591..85398304fab 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30723.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30723.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30723", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:01.990", - "lastModified": "2025-04-15T21:16:01.990", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle BI Publisher de Oracle Analytics (componente: Servicios XML). Las versiones compatibles afectadas son 7.6.0.0.0 y 12.2.1.4.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometer Oracle BI Publisher. Los ataques con \u00e9xito pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de Oracle BI Publisher, as\u00ed como en la posibilidad de provocar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle BI Publisher. Puntuaci\u00f3n base de CVSS 3.1: 5.4 (Afecta a la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30724.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30724.json index 19c9bd08d64..ac0a7c97dac 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30724.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30724.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30724", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:02.103", - "lastModified": "2025-04-15T21:16:02.103", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle BI Publisher de Oracle Analytics (componente: Servicios XML). Las versiones compatibles afectadas son 7.6.0.0.0 y 12.2.1.4.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante no autenticado con acceso a la red v\u00eda HTTP comprometer Oracle BI Publisher. Los ataques con \u00e9xito pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de Oracle BI Publisher. Puntuaci\u00f3n base de CVSS 3.1: 7.5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30725.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30725.json index 3ecab2a2bd3..3eba53ed49d 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30725.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30725.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30725", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:02.217", - "lastModified": "2025-04-15T21:16:02.217", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). La versi\u00f3n compatible afectada es la 7.1.6. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con privilegios elevados iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle VM VirtualBox comprometer Oracle VM VirtualBox. Si bien la vulnerabilidad se encuentra en Oracle VM VirtualBox, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo de Oracle VM VirtualBox, as\u00ed como actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de Oracle VM VirtualBox y accesos de lectura no autorizados a un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 6.7 (Afecta a la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30726.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30726.json index e2c1ad06366..b51dbebd306 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30726.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30726.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30726", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:02.327", - "lastModified": "2025-04-15T21:16:02.327", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Application Object Library de Oracle E-Business Suite (componente: Core). Las versiones compatibles afectadas son 12.2.3-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante no autenticado con acceso a la red v\u00eda HTTP comprometer Oracle Application Object Library. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Application Object Library. Puntuaci\u00f3n base de CVSS 3.1: 5.3 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30727.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30727.json index bb3b9fd5938..0f9513aea95 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30727.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30727.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30727", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:02.457", - "lastModified": "2025-04-15T21:16:02.457", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in takeover of Oracle Scripting. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Scripting de Oracle E-Business Suite (componente: M\u00f3dulo iSurvey). Las versiones compatibles afectadas son 12.2.3-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante no autenticado con acceso a la red v\u00eda HTTP comprometer Oracle Scripting. Los ataques con \u00e9xito a esta vulnerabilidad pueden resultar en la toma de control de Oracle Scripting. Puntuaci\u00f3n base de CVSS 3.1: 9.8 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30728.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30728.json index 0113edbae77..ef06635478e 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30728.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30728.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30728", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:02.563", - "lastModified": "2025-04-15T21:16:02.563", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Configurator de Oracle E-Business Suite (componente: Core). Las versiones compatibles afectadas son 12.2.3-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante no autenticado con acceso a la red v\u00eda HTTP comprometer Oracle Configurator. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de Oracle Configurator. Puntuaci\u00f3n base de CVSS 3.1: 7.5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30729.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30729.json index 1f4a99a934c..ae3040dc2f7 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30729.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30729.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30729", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:02.677", - "lastModified": "2025-04-15T21:16:02.677", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Order and Service Management. CVSS 3.1 Base Score 5.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Communications Order and Service Management de Oracle Communications Applications (componente: Seguridad). Las versiones compatibles afectadas son 7.4.0, 7.4.1 y 7.5.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Communications Order and Service Management. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de Oracle Communications Order and Service Management, as\u00ed como en accesos de lectura no autorizados a un subconjunto de datos accesibles de Oracle Communications Order and Service Management y en la posibilidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Communications Order and Service Management. Puntuaci\u00f3n base CVSS 3.1: 5.5 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30730.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30730.json index 988317489d5..dbed255c400 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30730.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30730.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30730", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:02.793", - "lastModified": "2025-04-15T21:16:02.793", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Application Object Library de Oracle E-Business Suite (componente: Core). Las versiones compatibles afectadas son 12.2.5-12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante no autenticado con acceso a la red v\u00eda HTTP comprometer la Biblioteca de Objetos de Aplicaci\u00f3n Oracle. Los ataques exitosos a esta vulnerabilidad pueden provocar un bloqueo o un fallo repetitivo (DOS completo) de la Biblioteca de Objetos de Aplicaci\u00f3n Oracle. Puntuaci\u00f3n base de CVSS 3.1: 7.5 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30731.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30731.json index 0c9d5d9085d..d17be3e801c 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30731.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30731.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30731", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:02.907", - "lastModified": "2025-04-15T21:16:02.907", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Applications Technology Stack product of Oracle E-Business Suite (component: Configuration). Supported versions that are affected are 12.2.3-12.2.14. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Applications Technology Stack executes to compromise Oracle Applications Technology Stack. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology Stack accessible data as well as unauthorized read access to a subset of Oracle Applications Technology Stack accessible data. CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto Oracle Applications Technology Stack de Oracle E-Business Suite (componente: Configuraci\u00f3n). Las versiones compatibles afectadas son 12.2.3-12.2.14. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante no autenticado con acceso a la infraestructura donde se ejecuta Oracle Applications Technology Stack lo comprometa. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado para actualizaciones, inserciones o eliminaciones de algunos datos accesibles de Oracle Applications Technology Stack, as\u00ed como acceso no autorizado para lecturas a un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 3.6 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30732.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30732.json index 35119efec2c..0616df3fba8 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30732.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30732.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30732", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:03.013", - "lastModified": "2025-04-15T21:16:03.013", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Object Library, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Application Object Library de Oracle E-Business Suite (componente principal). Las versiones compatibles afectadas son la 12.2.3 a la 12.2.14. Esta vulnerabilidad, f\u00e1cilmente explotable, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Application Object Library. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante y, si bien la vulnerabilidad se encuentra en Oracle Application Object Library, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos datos accesibles de Oracle Application Object Library, as\u00ed como acceso no autorizado a lecturas de un subconjunto de dichos datos. Puntuaci\u00f3n base de CVSS 3.1: 6.1 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30733.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30733.json index 27a0ec4fd5f..5bf61174868 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30733.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30733.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30733", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:03.133", - "lastModified": "2025-04-15T21:16:03.133", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the RDBMS Listener component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise RDBMS Listener. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Listener accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el componente RDBMS Listener de Oracle Database Server. Las versiones compatibles afectadas son 19.3-19.26, 21.3-21.17 y 23.4-23.7. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante no autenticado con acceso a la red a trav\u00e9s de Oracle Net comprometer el componente RDBMS Listener. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en el acceso no autorizado a datos cr\u00edticos o en el acceso completo a todos los datos accesibles del componente RDBMS Listener. Puntuaci\u00f3n base de CVSS 3.1: 6.5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30735.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30735.json index 9bdd809c05f..3e5b0e6fd87 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30735.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30735.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30735", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:03.247", - "lastModified": "2025-04-15T21:16:03.247", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Page and Field Configuration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CC Common Application Objects accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto PeopleSoft Enterprise CC Common Application Objects de Oracle PeopleSoft (componente: Configuraci\u00f3n de P\u00e1ginas y Campos). La versi\u00f3n compatible afectada es la 9.2. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios reducidos y acceso a la red v\u00eda HTTP comprometer los PeopleSoft Enterprise CC Common Application Objects. Los ataques con \u00e9xito pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos cr\u00edticos o de todos los datos accesibles de PeopleSoft Enterprise CC Common Application Objects, as\u00ed como en el acceso no autorizado a datos cr\u00edticos o a todos los datos accesibles de PeopleSoft Enterprise CC Common Application Objects. Puntuaci\u00f3n base de CVSS 3.1: 8.1 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30736.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30736.json index 3e772624e02..78a760ff57b 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30736.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30736.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30736", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:03.360", - "lastModified": "2025-04-15T21:16:03.360", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el componente Java VM de Oracle Database Server. Las versiones compatibles afectadas son 19.3-19.26, 21.3-21.17 y 23.4-23.7. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer Java VM. Los ataques con \u00e9xito pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos cr\u00edticos o de todos los datos accesibles de Java VM, as\u00ed como en el acceso no autorizado a datos cr\u00edticos o a todos los datos accesibles de Java VM. Puntuaci\u00f3n base de CVSS 3.1: 7.4 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30737.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30737.json index 869d6e2f2c3..c2ada50bc21 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30737.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30737.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30737", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:03.473", - "lastModified": "2025-04-15T21:16:03.473", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart View). The supported version that is affected is 24.200. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Smart View for Office. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Smart View for Office accessible data as well as unauthorized access to critical data or complete access to all Oracle Smart View for Office accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en Oracle Smart View for Office de Oracle Hyperion (componente: Core Smart View). La versi\u00f3n compatible afectada es la 24.200. Esta vulnerabilidad, dif\u00edcil de explotar, permite a un atacante con privilegios elevados y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Smart View for Office. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos cr\u00edticos o de todos los datos accesibles de Oracle Smart View for Office, as\u00ed como en el acceso no autorizado a datos cr\u00edticos o a todos los datos accesibles de Oracle Smart View for Office. Puntuaci\u00f3n base de CVSS 3.1: 5.7 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-307xx/CVE-2025-30740.json b/CVE-2025/CVE-2025-307xx/CVE-2025-30740.json index 8687366455e..9edf932c8cb 100644 --- a/CVE-2025/CVE-2025-307xx/CVE-2025-30740.json +++ b/CVE-2025/CVE-2025-307xx/CVE-2025-30740.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30740", "sourceIdentifier": "secalert_us@oracle.com", "published": "2025-04-15T21:16:03.597", - "lastModified": "2025-04-15T21:16:03.597", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto JD Edwards EnterpriseOne Tools de Oracle JD Edwards (componente: Web Runtime SEC). Las versiones compatibles afectadas son 9.2.0.0-9.2.9.2. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometer JD Edwards EnterpriseOne Tools. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en el acceso no autorizado a datos cr\u00edticos o en el acceso completo a todos los datos accesibles de JD Edwards EnterpriseOne Tools. Puntuaci\u00f3n base de CVSS 3.1: 6.5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30960.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30960.json index 19cf7396a14..45e326cbf7e 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30960.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30960.json @@ -2,8 +2,8 @@ "id": "CVE-2025-30960", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-16T11:15:43.090", - "lastModified": "2025-04-16T11:15:43.090", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30966.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30966.json index 09b3bf58165..76aa9611d59 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30966.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30966.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30966", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:26.553", - "lastModified": "2025-04-15T22:15:26.553", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Path Traversal en NotFound WPJobBoard permite el Path Traversal. Este problema afecta a WPJobBoard: de n/d a n/d." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30967.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30967.json index c8978ce715b..d52b987cab7 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30967.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30967.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30967", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:26.683", - "lastModified": "2025-04-15T22:15:26.683", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en NotFound WPJobBoard permite subir un shell web a un servidor web. Este problema afecta a WPJobBoard: de n/d a n/d." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30970.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30970.json index 4c663265da3..29200054e91 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30970.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30970.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30970", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:26.827", - "lastModified": "2025-04-15T22:15:26.827", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Contact allows Reflected XSS. This issue affects Easy Contact: from n/a through 0.1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NotFound Easy Contact permite XSS reflejado. Este problema afecta a Easy Contact desde n/d hasta la versi\u00f3n 0.1.2." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30982.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30982.json index 9ff9c04fbf6..be4ce7dd36f 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30982.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30982.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30982", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:26.957", - "lastModified": "2025-04-15T22:15:26.957", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookProgress by Stormhill Media allows Stored XSS. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en zookatron MyBookProgress de Stormhill Media permite XSS almacenado. Este problema afecta a MyBookProgress de Stormhill Media desde n/d hasta la versi\u00f3n 1.0.8." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-309xx/CVE-2025-30984.json b/CVE-2025/CVE-2025-309xx/CVE-2025-30984.json index 5cd676ba794..8274a86eb94 100644 --- a/CVE-2025/CVE-2025-309xx/CVE-2025-30984.json +++ b/CVE-2025/CVE-2025-309xx/CVE-2025-30984.json @@ -2,13 +2,17 @@ "id": "CVE-2025-30984", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:27.137", - "lastModified": "2025-04-15T22:15:27.137", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound SEO Tools allows Reflected XSS. This issue affects SEO Tools: from n/a through 4.0.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NotFound SEO Tools permite XSS reflejado. Este problema afecta a SEO Tools desde n/d hasta la versi\u00f3n 4.0.7." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-30xx/CVE-2025-3077.json b/CVE-2025/CVE-2025-30xx/CVE-2025-3077.json index 31c481fccd4..9c783ff90b8 100644 --- a/CVE-2025/CVE-2025-30xx/CVE-2025-3077.json +++ b/CVE-2025/CVE-2025-30xx/CVE-2025-3077.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3077", "sourceIdentifier": "security@wordfence.com", "published": "2025-04-16T08:15:14.500", - "lastModified": "2025-04-16T08:15:14.500", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El tema Betheme para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del shortcode del bot\u00f3n y el campo CSS personalizado del complemento en todas las versiones hasta la 28.0.3 incluida, debido a una depuraci\u00f3n de entrada y al escape de salida insuficiente en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados, con acceso de colaborador o superior, inyectar scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-311xx/CVE-2025-31147.json b/CVE-2025/CVE-2025-311xx/CVE-2025-31147.json index 52d8292045f..9f863540964 100644 --- a/CVE-2025/CVE-2025-311xx/CVE-2025-31147.json +++ b/CVE-2025/CVE-2025-311xx/CVE-2025-31147.json @@ -2,13 +2,17 @@ "id": "CVE-2025-31147", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:27.283", - "lastModified": "2025-04-15T22:15:27.283", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users." + }, + { + "lang": "es", + "value": "Los atacantes no autenticados pueden consultar informaci\u00f3n sobre la energ\u00eda total consumida por los cargadores de veh\u00edculos el\u00e9ctricos de usuarios arbitrarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-313xx/CVE-2025-31357.json b/CVE-2025/CVE-2025-313xx/CVE-2025-31357.json index f0d499de60c..1c2d5b9e129 100644 --- a/CVE-2025/CVE-2025-313xx/CVE-2025-31357.json +++ b/CVE-2025/CVE-2025-313xx/CVE-2025-31357.json @@ -2,13 +2,17 @@ "id": "CVE-2025-31357", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T21:16:03.737", - "lastModified": "2025-04-15T21:16:03.737", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attacker can obtain a user's plant list by knowing the username." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede obtener la lista de plantas de un usuario conociendo el nombre de usuario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-313xx/CVE-2025-31360.json b/CVE-2025/CVE-2025-313xx/CVE-2025-31360.json index 002f825de4b..060c1085381 100644 --- a/CVE-2025/CVE-2025-313xx/CVE-2025-31360.json +++ b/CVE-2025/CVE-2025-313xx/CVE-2025-31360.json @@ -2,13 +2,17 @@ "id": "CVE-2025-31360", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:27.430", - "lastModified": "2025-04-15T22:15:27.430", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unauthenticated attackers can trigger device actions associated with specific \"scenes\" of arbitrary users." + }, + { + "lang": "es", + "value": "Los atacantes no autenticados pueden activar acciones del dispositivo asociadas con \"escenas\" espec\u00edficas de usuarios arbitrarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-313xx/CVE-2025-31363.json b/CVE-2025/CVE-2025-313xx/CVE-2025-31363.json index 4cb77e417cd..2c2007e3bde 100644 --- a/CVE-2025/CVE-2025-313xx/CVE-2025-31363.json +++ b/CVE-2025/CVE-2025-313xx/CVE-2025-31363.json @@ -2,8 +2,8 @@ "id": "CVE-2025-31363", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2025-04-16T10:15:15.170", - "lastModified": "2025-04-16T10:15:15.170", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-314xx/CVE-2025-31497.json b/CVE-2025/CVE-2025-314xx/CVE-2025-31497.json index 4ce5ef4b82d..37fcbeaa9d5 100644 --- a/CVE-2025/CVE-2025-314xx/CVE-2025-31497.json +++ b/CVE-2025/CVE-2025-314xx/CVE-2025-31497.json @@ -2,13 +2,17 @@ "id": "CVE-2025-31497", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T20:15:39.270", - "lastModified": "2025-04-15T20:15:39.270", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. The Document Conversion Service contains a critical XML External Entity (XXE) Injection vulnerability in its document conversion functionality. The service processes XML files during the conversion process but fails to disable external entity processing, allowing an attacker to read arbitrary files from the server's filesystem. This vulnerability could allow attackers to read sensitive files from the server's filesystem, potentially exposing configuration files, credentials, or other confidential information. Additionally, depending on the server configuration, this could potentially be used to perform server-side request forgery (SSRF) attacks by making the server connect to internal services. This issue is patched in version 1.2.4. A workaround for this vulnerability includes disabling external entity processing in the XML parser by setting the appropriate security features (e.g., XMLConstants.FEATURE_SECURE_PROCESSING)." + }, + { + "lang": "es", + "value": "TEIGarage es un servicio web y RESTful para transformar, convertir y validar diversos formatos, centr\u00e1ndose en el formato TEI. El Servicio de Conversi\u00f3n de Documentos contiene una vulnerabilidad cr\u00edtica de inyecci\u00f3n de entidades externas XML (XXE) en su funcionalidad de conversi\u00f3n. El servicio procesa archivos XML durante el proceso de conversi\u00f3n, pero no deshabilita el procesamiento de entidades externas, lo que permite a un atacante leer archivos arbitrarios del sistema de archivos del servidor. Esta vulnerabilidad podr\u00eda permitir a los atacantes leer archivos confidenciales del sistema de archivos del servidor, exponiendo potencialmente archivos de configuraci\u00f3n, credenciales u otra informaci\u00f3n confidencial. Adem\u00e1s, dependiendo de la configuraci\u00f3n del servidor, esto podr\u00eda utilizarse para realizar ataques de server-side request forgery (SSRF) al hacer que el servidor se conecte a servicios internos. Este problema est\u00e1 corregido en la versi\u00f3n 1.2.4. Un workaround para esta vulnerabilidad consiste en deshabilitar el procesamiento de entidades externas en el analizador XML mediante la configuraci\u00f3n de las funciones de seguridad adecuadas (p. ej., XMLConstants.FEATURE_SECURE_PROCESSING)." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-314xx/CVE-2025-31499.json b/CVE-2025/CVE-2025-314xx/CVE-2025-31499.json index ea870ec852e..5361c3fe3d5 100644 --- a/CVE-2025/CVE-2025-314xx/CVE-2025-31499.json +++ b/CVE-2025/CVE-2025-314xx/CVE-2025-31499.json @@ -2,13 +2,17 @@ "id": "CVE-2025-31499", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T21:16:03.937", - "lastModified": "2025-04-15T21:16:03.937", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Jellyfin is an open source self hosted media server. Versions before 10.10.7 are vulnerable to argument injection in FFmpeg. This can be leveraged to possibly achieve remote code execution by anyone with credentials to a low-privileged user. This vulnerability was previously reported in CVE-2023-49096 and patched in version 10.8.13, but the patch can be bypassed. The original fix sanitizes some parameters to make injection impossible, but certain unsanitized parameters can still be used for argument injection. The same unauthenticated endpoints are vulnerable: /Videos//stream and /Videos//stream., likely alongside similar endpoints in AudioController. This argument injection can be exploited to achieve arbitrary file write, leading to possible remote code execution through the plugin system. While the unauthenticated endpoints are vulnerable, a valid itemId is required for exploitation and any authenticated attacker could easily retrieve a valid itemId to make the exploit work. This vulnerability is patched in version 10.10.7." + }, + { + "lang": "es", + "value": "Jellyfin es un servidor multimedia autoalojado de c\u00f3digo abierto. Las versiones anteriores a la 10.10.7 son vulnerables a la inyecci\u00f3n de argumentos en FFmpeg. Esto puede aprovecharse para lograr la ejecuci\u00f3n remota de c\u00f3digo por parte de cualquier persona con credenciales de un usuario con pocos privilegios. Esta vulnerabilidad se report\u00f3 previamente en CVE-2023-49096 y se corrigi\u00f3 en la versi\u00f3n 10.8.13, pero el parche puede ser evadido. La correcci\u00f3n original sanea algunos par\u00e1metros para imposibilitar la inyecci\u00f3n, pero ciertos par\u00e1metros no saneados a\u00fan pueden usarse para la inyecci\u00f3n de argumentos. Los mismos endpoints no autenticados son vulnerables: /Videos//stream y /Videos//stream., probablemente junto con endpoints similares en AudioController. Esta inyecci\u00f3n de argumentos puede explotarse para lograr la escritura arbitraria de archivos, lo que puede llevar a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s del sistema de complementos. Si bien los endpoints no autenticados son vulnerables, se requiere un itemId v\u00e1lido para su explotaci\u00f3n, y cualquier atacante autenticado podr\u00eda obtener f\u00e1cilmente un itemId v\u00e1lido para que la explotaci\u00f3n funcione. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 10.10.7." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-316xx/CVE-2025-31654.json b/CVE-2025/CVE-2025-316xx/CVE-2025-31654.json index b812f1ceb6d..47647aefd16 100644 --- a/CVE-2025/CVE-2025-316xx/CVE-2025-31654.json +++ b/CVE-2025/CVE-2025-316xx/CVE-2025-31654.json @@ -2,13 +2,17 @@ "id": "CVE-2025-31654", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:27.577", - "lastModified": "2025-04-15T22:15:27.577", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., \"rooms\")." + }, + { + "lang": "es", + "value": "Un atacante puede obtener informaci\u00f3n sobre los grupos de dispositivos dom\u00e9sticos inteligentes de usuarios arbitrarios (es decir, \"habitaciones\")." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-319xx/CVE-2025-31933.json b/CVE-2025/CVE-2025-319xx/CVE-2025-31933.json index a5f53b3040a..1702ac25d2c 100644 --- a/CVE-2025/CVE-2025-319xx/CVE-2025-31933.json +++ b/CVE-2025/CVE-2025-319xx/CVE-2025-31933.json @@ -2,13 +2,17 @@ "id": "CVE-2025-31933", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T21:16:04.063", - "lastModified": "2025-04-15T21:16:04.063", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attacker can check the existence of usernames in the system by querying an API." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede comprobar la existencia de nombres de usuario en el sistema consultando una API." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-319xx/CVE-2025-31941.json b/CVE-2025/CVE-2025-319xx/CVE-2025-31941.json index 0b305195b1e..73cd7d9a3f9 100644 --- a/CVE-2025/CVE-2025-319xx/CVE-2025-31941.json +++ b/CVE-2025/CVE-2025-319xx/CVE-2025-31941.json @@ -2,13 +2,17 @@ "id": "CVE-2025-31941", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T21:16:04.200", - "lastModified": "2025-04-15T21:16:04.200", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attacker can obtain a list of smart devices by knowing a valid username." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede obtener una lista de dispositivos inteligentes conociendo un nombre de usuario v\u00e1lido." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-319xx/CVE-2025-31945.json b/CVE-2025/CVE-2025-319xx/CVE-2025-31945.json index cb300a3f951..53a90d66736 100644 --- a/CVE-2025/CVE-2025-319xx/CVE-2025-31945.json +++ b/CVE-2025/CVE-2025-319xx/CVE-2025-31945.json @@ -2,13 +2,17 @@ "id": "CVE-2025-31945", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:27.730", - "lastModified": "2025-04-15T22:15:27.730", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attacker can obtain other users' charger information." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede obtener informaci\u00f3n del cargador de otros usuarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-319xx/CVE-2025-31949.json b/CVE-2025/CVE-2025-319xx/CVE-2025-31949.json index 704d683152b..3402467b239 100644 --- a/CVE-2025/CVE-2025-319xx/CVE-2025-31949.json +++ b/CVE-2025/CVE-2025-319xx/CVE-2025-31949.json @@ -2,13 +2,17 @@ "id": "CVE-2025-31949", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T21:16:04.337", - "lastModified": "2025-04-15T21:16:04.337", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An authenticated attacker can obtain any plant name by knowing the plant ID." + }, + { + "lang": "es", + "value": "Un atacante autenticado puede obtener cualquier nombre de planta conociendo el ID de la planta." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-319xx/CVE-2025-31950.json b/CVE-2025/CVE-2025-319xx/CVE-2025-31950.json index 77763dffa16..7041254a683 100644 --- a/CVE-2025/CVE-2025-319xx/CVE-2025-31950.json +++ b/CVE-2025/CVE-2025-319xx/CVE-2025-31950.json @@ -2,13 +2,17 @@ "id": "CVE-2025-31950", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2025-04-15T22:15:27.867", - "lastModified": "2025-04-15T22:15:27.867", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attacker can obtain EV charger energy consumption information of other users." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede obtener informaci\u00f3n sobre el consumo de energ\u00eda del cargador de veh\u00edculos el\u00e9ctricos de otros usuarios." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-31xx/CVE-2025-3104.json b/CVE-2025/CVE-2025-31xx/CVE-2025-3104.json index f9608c24802..8b23f709ec6 100644 --- a/CVE-2025/CVE-2025-31xx/CVE-2025-3104.json +++ b/CVE-2025/CVE-2025-31xx/CVE-2025-3104.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3104", "sourceIdentifier": "security@wordfence.com", "published": "2025-04-16T09:15:28.030", - "lastModified": "2025-04-16T09:15:28.030", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-320xx/CVE-2025-32012.json b/CVE-2025/CVE-2025-320xx/CVE-2025-32012.json index ae2ab61cbca..b20761ac364 100644 --- a/CVE-2025/CVE-2025-320xx/CVE-2025-32012.json +++ b/CVE-2025/CVE-2025-320xx/CVE-2025-32012.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32012", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T20:15:39.400", - "lastModified": "2025-04-15T20:15:39.400", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same local network as the Jellyfin server. Due to the method Jellyfin uses to determine the source IP of a request, an unauthenticated attacker is able to spoof their IP to appear as a LAN IP, allowing them to restart the Jellyfin server process without authentication. This means that an unauthenticated attacker could mount a denial-of-service attack on any default-configured Jellyfin server by simply sending the same spoofed request every few seconds to restart the server over and over. This method of IP spoofing also bypasses some security mechanisms, cause a denial-of-service attack, and possible bypass the admin restart requirement if combined with remote code execution. This issue is patched in version 10.10.7." + }, + { + "lang": "es", + "value": "Jellyfin es un servidor multimedia autoalojado de c\u00f3digo abierto. En las versiones 10.9.0 y anteriores a la 10.10.7, el endpoint /System/Restart permite a los administradores reiniciar su servidor Jellyfin. Este endpoint est\u00e1 dise\u00f1ado para uso exclusivo de administradores, pero tambi\u00e9n autoriza solicitudes desde cualquier dispositivo en la misma red local que el servidor Jellyfin. Gracias al m\u00e9todo que Jellyfin utiliza para determinar la IP de origen de una solicitud, un atacante no autenticado puede falsificar su IP para que parezca una IP de LAN, lo que le permite reiniciar el proceso del servidor Jellyfin sin autenticaci\u00f3n. Esto significa que un atacante no autenticado podr\u00eda lanzar un ataque de denegaci\u00f3n de servicio contra cualquier servidor Jellyfin con configuraci\u00f3n predeterminada simplemente enviando la misma solicitud falsificada cada pocos segundos para reiniciar el servidor una y otra vez. Este m\u00e9todo de suplantaci\u00f3n de IP tambi\u00e9n elude algunos mecanismos de seguridad, provoca un ataque de denegaci\u00f3n de servicio y, posiblemente, elude el requisito de reinicio del administrador si se combina con la ejecuci\u00f3n remota de c\u00f3digo. Este problema se solucion\u00f3 en la versi\u00f3n 10.10.7." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-320xx/CVE-2025-32021.json b/CVE-2025/CVE-2025-320xx/CVE-2025-32021.json index 0c5b2dda59f..ec5afcdfeb9 100644 --- a/CVE-2025/CVE-2025-320xx/CVE-2025-32021.json +++ b/CVE-2025/CVE-2025-320xx/CVE-2025-32021.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32021", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T21:16:04.523", - "lastModified": "2025-04-15T21:16:04.523", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code repository URL contains GitHub credentials, the confidential PAT and username are shown in plaintext and get saved into browser history. Moreover, if the request URL is logged, the credentials are written to logs in plaintext. If using Weblate official Docker image, nginx logs the URL and the token in plaintext. This issue is patched in version 5.11." + }, + { + "lang": "es", + "value": "Weblate es una herramienta de localizaci\u00f3n web. Antes de la versi\u00f3n 5.11, al crear un nuevo componente a partir de uno existente con la URL del repositorio de c\u00f3digo fuente especificada en la configuraci\u00f3n, esta URL se inclu\u00eda en los par\u00e1metros de URL del cliente durante el proceso de creaci\u00f3n. Si, por ejemplo, la URL del repositorio de c\u00f3digo fuente contiene credenciales de GitHub, el PAT confidencial y el nombre de usuario se muestran en texto plano y se guardan en el historial del navegador. Adem\u00e1s, si se registra la URL de la solicitud, las credenciales se escriben en los registros en texto plano. Si se utiliza la imagen oficial de Docker de Weblate, nginx registra la URL y el token en texto plano. Este problema se solucion\u00f3 en la versi\u00f3n 5.11." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-323xx/CVE-2025-32385.json b/CVE-2025/CVE-2025-323xx/CVE-2025-32385.json index a654c9cfe92..dd1780ae7cb 100644 --- a/CVE-2025/CVE-2025-323xx/CVE-2025-32385.json +++ b/CVE-2025/CVE-2025-323xx/CVE-2025-32385.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32385", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-16T00:15:19.907", - "lastModified": "2025-04-16T00:15:19.907", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and creating a phishing risk. The iframe URL is user-defined, so an attacker would need to trick the user into specifying a malicious URL. The missing sandbox attribute also allows the remote page to send messages to the parent frame. However, EspoCRM does not make use of these messages. This vulnerability is fixed in 9.0.5." + }, + { + "lang": "es", + "value": "EspoCRM es un software de c\u00f3digo abierto para la gesti\u00f3n de relaciones con clientes. Antes de la versi\u00f3n 9.0.5, el dashlet de iframe permit\u00eda al usuario mostrar iframes con URL arbitrarias. Como el atributo de la sandbox no est\u00e1 incluido en el iframe, la p\u00e1gina remota puede abrir ventanas emergentes fuera de \u00e9l, lo que podr\u00eda enga\u00f1ar a los usuarios y crear un riesgo de phishing. La URL del iframe est\u00e1 definida por el usuario, por lo que un atacante tendr\u00eda que enga\u00f1arlo para que especifique una URL maliciosa. La ausencia del atributo de la sandbox tambi\u00e9n permite que la p\u00e1gina remota env\u00ede mensajes al marco principal. Sin embargo, EspoCRM no utiliza estos mensajes. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 9.0.5." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-323xx/CVE-2025-32388.json b/CVE-2025/CVE-2025-323xx/CVE-2025-32388.json index 9a7fb915d35..8c93cddbcfd 100644 --- a/CVE-2025/CVE-2025-323xx/CVE-2025-32388.json +++ b/CVE-2025/CVE-2025-323xx/CVE-2025-32388.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32388", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T23:15:42.843", - "lastModified": "2025-04-15T23:15:42.843", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can exploit it by crafting a malicious URL and getting a user to click a link with said URL. This vulnerability is fixed in 2.20.6." + }, + { + "lang": "es", + "value": "SvelteKit es un framework para desarrollar r\u00e1pidamente aplicaciones web robustas y de alto rendimiento con Svelte. Antes de la versi\u00f3n 2.20.6, los nombres de par\u00e1metros de b\u00fasqueda sin sanear causaban una vulnerabilidad XSS. Se ve afectado si se itera sobre todas las entradas de event.url.searchParams dentro de una funci\u00f3n de carga del servidor. Los atacantes pueden explotar esta vulnerabilidad manipulando una URL maliciosa y haciendo que el usuario haga clic en un enlace con dicha URL. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 2.20.6." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32435.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32435.json index 7e5cb4db9ed..508ef8ee6fc 100644 --- a/CVE-2025/CVE-2025-324xx/CVE-2025-32435.json +++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32435.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32435", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T23:15:42.983", - "lastModified": "2025-04-15T23:15:42.983", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users respectively." + }, + { + "lang": "es", + "value": "Hydra es un servicio de integraci\u00f3n continua para proyectos basados en Nix. La evaluaci\u00f3n de c\u00f3digo Nix no confiable y sin flake podr\u00eda acceder a secretos accesibles para el usuario o grupo de Hydra. Esto no deber\u00eda afectar las claves de firma, propiedad de los usuarios hydra-queue-runner e hydra-www, respectivamente." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32438.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32438.json index cde5c0bf74a..c1ed748a5b2 100644 --- a/CVE-2025/CVE-2025-324xx/CVE-2025-32438.json +++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32438.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32438", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T20:15:39.533", - "lastModified": "2025-04-15T20:15:39.533", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 and 25.05 / unstable. As a workaround, set systemd.shutdownRamfs.enable = false;." + }, + { + "lang": "es", + "value": "make-initrd-ng es una herramienta para copiar binarios y sus dependencias. La escalada de privilegios locales afecta a todos los usuarios de NixOS. Con systemd.shutdownRamfs.enable habilitado (predeterminado), un usuario local puede crear un programa que ser\u00e1 ejecutado por root durante el apagado. Existen parches para NixOS 24.11 y 25.05 (inestable). Como workaround, configure systemd.shutdownRamfs.enable = false;." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32439.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32439.json index 986660aaac7..5cf4f7a1504 100644 --- a/CVE-2025/CVE-2025-324xx/CVE-2025-32439.json +++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32439.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32439", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T20:15:39.677", - "lastModified": "2025-04-15T20:15:39.677", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even during normal usage, every track change and playback event would leave behind zombie processes. This leads to inevitable resource exhaustion over time as the system's process table fills up, eventually preventing new processes from being created. The issue is exacerbated if events occur rapidly, whether through normal use (e.g., skipping through a playlist) or potential manipulation of the Deezer Connect protocol traffic. This issue has been fixed in version 0.16.0." + }, + { + "lang": "es", + "value": "Pleezer es un reproductor de Deezer Connect sin interfaz gr\u00e1fica. Los scripts de enlace de Pleezer pueden activarse por diversos eventos, como cambios de pista y cambios en el estado de reproducci\u00f3n. En versiones anteriores a la 0.16.0, estos scripts se generaban sin una depuraci\u00f3n de procesos adecuada, lo que dejaba procesos inactivos en la tabla de procesos del sistema. Incluso con un uso normal, cada cambio de pista y evento de reproducci\u00f3n dejaba procesos inactivos. Esto provoca un inevitable agotamiento de recursos con el tiempo, ya que la tabla de procesos del sistema se llena, lo que finalmente impide la creaci\u00f3n de nuevos procesos. El problema se agrava si los eventos ocurren r\u00e1pidamente, ya sea por el uso normal (por ejemplo, al saltarse una lista de reproducci\u00f3n) o por una posible manipulaci\u00f3n del tr\u00e1fico del protocolo Deezer Connect. Este problema se ha solucionado en la versi\u00f3n 0.16.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-324xx/CVE-2025-32445.json b/CVE-2025/CVE-2025-324xx/CVE-2025-32445.json index 0848111117d..d650f283e0f 100644 --- a/CVE-2025/CVE-2025-324xx/CVE-2025-32445.json +++ b/CVE-2025/CVE-2025-324xx/CVE-2025-32445.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32445", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T20:15:39.807", - "lastModified": "2025-04-15T20:15:39.807", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:59.640", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor CRs allow the corresponding orchestrated pod to be customized with spec.template and spec.template.container (with type k8s.io/api/core/v1.Container), thus, any specification under container such as command, args, securityContext , volumeMount can be specified, and applied to the EventSource or Sensor pod. With these, a user would be able to gain privileged access to the cluster host, if he/she specified the EventSource/Sensor CR with some particular properties under template. This vulnerability is fixed in v1.9.6." + }, + { + "lang": "es", + "value": "Argo Events es un framework de automatizaci\u00f3n de flujos de trabajo basados en eventos para Kubernetes. Un usuario con permiso para crear o modificar recursos personalizados de EventSource y Sensor puede obtener acceso privilegiado al sistema host y al cl\u00faster, incluso sin tener privilegios administrativos directos. Los CR de EventSource y Sensor permiten personalizar el pod orquestado correspondiente con spec.template y spec.template.container (de tipo k8s.io/api/core/v1.Container). Por lo tanto, cualquier especificaci\u00f3n en el contenedor, como command, args, securityContext o volumeMount, puede especificarse y aplicarse al pod de EventSource o Sensor. Con estos, un usuario podr\u00eda obtener acceso privilegiado al host del cl\u00faster si especifica el CR de EventSource/Sensor con ciertas propiedades espec\u00edficas en la plantilla. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 1.9.6." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-327xx/CVE-2025-32778.json b/CVE-2025/CVE-2025-327xx/CVE-2025-32778.json index 3434d1d38da..4f21718b66a 100644 --- a/CVE-2025/CVE-2025-327xx/CVE-2025-32778.json +++ b/CVE-2025/CVE-2025-327xx/CVE-2025-32778.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32778", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T21:16:04.710", - "lastModified": "2025-04-15T21:16:04.710", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project (Lissy93/web-check). The issue stems from user-controlled input (url) being passed unsanitized into a shell command using exec(), allowing attackers to execute arbitrary system commands on the underlying host. This could be exploited by sending crafted url parameters to extract files or even establish remote access. The vulnerability has been patched by replacing exec() with execFile(), which avoids using a shell and properly isolates arguments." + }, + { + "lang": "es", + "value": "Web-Check es una herramienta OSINT integral para analizar cualquier sitio web. Existe una vulnerabilidad de inyecci\u00f3n de comandos en la API de captura de pantalla del proyecto Web Check (Lissy93/web-check). El problema se debe a que la entrada controlada por el usuario (URL) se pasa sin sanear a un comando de shell mediante exec(), lo que permite a los atacantes ejecutar comandos arbitrarios del sistema en el host subyacente. Esto podr\u00eda explotarse enviando par\u00e1metros de URL manipulados para extraer archivos o incluso establecer acceso remoto. La vulnerabilidad se ha corregido reemplazando exec() por execFile(), que evita el uso de un shell y a\u00edsla correctamente los argumentos." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-327xx/CVE-2025-32782.json b/CVE-2025/CVE-2025-327xx/CVE-2025-32782.json index e93350ef445..4a18dc0cc43 100644 --- a/CVE-2025/CVE-2025-327xx/CVE-2025-32782.json +++ b/CVE-2025/CVE-2025-327xx/CVE-2025-32782.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32782", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T22:15:28.027", - "lastModified": "2025-04-15T22:15:28.027", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools (e.g., Outlook, virus scanners, and email previewers) may automatically follow these links, unintentionally confirming the account. This allows an attacker to register an account using another user\u2019s email and potentially have it auto-confirmed by the victim\u2019s email client. This does not allow attackers to take over or access existing accounts or private data. It is limited to account confirmation of new accounts only. This vulnerability is fixed in 4.7.0." + }, + { + "lang": "es", + "value": "La autenticaci\u00f3n de Ash proporciona autenticaci\u00f3n para el framework Ash. El flujo de confirmaci\u00f3n para la creaci\u00f3n de cuentas utiliza actualmente una solicitud GET que se activa al hacer clic en un enlace enviado por correo electr\u00f3nico. Algunos clientes de correo electr\u00f3nico y herramientas de seguridad (por ejemplo, Outlook, antivirus y previsualizadores de correo electr\u00f3nico) pueden seguir autom\u00e1ticamente estos enlaces, confirmando la cuenta sin querer. Esto permite a un atacante registrar una cuenta con el correo electr\u00f3nico de otro usuario y, potencialmente, que el cliente de correo electr\u00f3nico de la v\u00edctima la confirme autom\u00e1ticamente. Esto no permite a los atacantes tomar el control ni acceder a cuentas existentes ni a datos privados. Se limita \u00fanicamente a la confirmaci\u00f3n de cuentas nuevas. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 4.7.0." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-327xx/CVE-2025-32784.json b/CVE-2025/CVE-2025-327xx/CVE-2025-32784.json index b6914beb70b..a34c7538b69 100644 --- a/CVE-2025/CVE-2025-327xx/CVE-2025-32784.json +++ b/CVE-2025/CVE-2025-327xx/CVE-2025-32784.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32784", "sourceIdentifier": "security-advisories@github.com", "published": "2025-04-15T22:15:28.157", - "lastModified": "2025-04-15T22:15:28.157", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized as a Time-of-Check to Time-of-Use (TOCTOU) issue, can be exploited to introduce unauthorized modifications to build artifacts stored in the cf-staging Anaconda channel. Exploitation may result in the unauthorized publication of malicious artifacts to the production conda-forge channel. The core vulnerability results from the absence of atomicity between the hash validation and the artifact copy operation. This gap allows an attacker, with access to the cf-staging token, to overwrite the validated artifact with a malicious version immediately after hash verification, but before the copy action is executed. As the cf-staging channel permits artifact overwrites, such an operation can be carried out using the anaconda upload --force command. This vulnerability is fixed in 2025.4.10." + }, + { + "lang": "es", + "value": "conda-forge-webservices es la aplicaci\u00f3n web implementada para ejecutar los comandos de administraci\u00f3n y el linting de conda-forge. En versiones anteriores a la 2025.4.10, se identific\u00f3 una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en el componente conda-forge-webservices, utilizado en la infraestructura de compilaci\u00f3n compartida. Esta vulnerabilidad, categorizada como un problema de tiempo de verificaci\u00f3n a tiempo de uso (TOCTOU), puede explotarse para introducir modificaciones no autorizadas en los artefactos de compilaci\u00f3n almacenados en el canal de Anaconda cf-staging. Su explotaci\u00f3n puede resultar en la publicaci\u00f3n no autorizada de artefactos maliciosos en el canal de producci\u00f3n de conda-forge. La vulnerabilidad principal se debe a la ausencia de atomicidad entre la validaci\u00f3n del hash y la operaci\u00f3n de copia del artefacto. Esta brecha permite a un atacante, con acceso al token de cf-staging, sobrescribir el artefacto validado con una versi\u00f3n maliciosa inmediatamente despu\u00e9s de la verificaci\u00f3n del hash, pero antes de que se ejecute la copia. Dado que el canal de cf-staging permite la sobrescritura de artefactos, dicha operaci\u00f3n puede llevarse a cabo mediante el comando anaconda upload --force. Esta vulnerabilidad se corrigi\u00f3 en 2025.4.10." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-329xx/CVE-2025-32923.json b/CVE-2025/CVE-2025-329xx/CVE-2025-32923.json index ed3d0a0680b..8139e5b2ba2 100644 --- a/CVE-2025/CVE-2025-329xx/CVE-2025-32923.json +++ b/CVE-2025/CVE-2025-329xx/CVE-2025-32923.json @@ -2,13 +2,17 @@ "id": "CVE-2025-32923", "sourceIdentifier": "audit@patchstack.com", "published": "2025-04-15T22:15:28.290", - "lastModified": "2025-04-15T22:15:28.290", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tourmaster allows Reflected XSS. This issue affects Tourmaster: from n/a through n/a." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en NotFound Tourmaster permite XSS reflejado. Este problema afecta a Tourmaster: desde n/d hasta n/d." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-32xx/CVE-2025-3247.json b/CVE-2025/CVE-2025-32xx/CVE-2025-3247.json index 0c41ccf5185..4cd4b77cbc5 100644 --- a/CVE-2025/CVE-2025-32xx/CVE-2025-3247.json +++ b/CVE-2025/CVE-2025-32xx/CVE-2025-3247.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3247", "sourceIdentifier": "security@wordfence.com", "published": "2025-04-16T06:15:42.933", - "lastModified": "2025-04-16T06:15:42.933", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Contact Form 7 plugin for WordPress is vulnerable to Order Replay in all versions up to, and including, 6.0.5 via the 'wpcf7_stripe_skip_spam_check' function due to insufficient validation on a user controlled key. This makes it possible for unauthenticated attackers to reuse a single Stripe PaymentIntent for multiple transactions. Only the first transaction is processed via Stripe, but the plugin sends a successful email message for each transaction, which may trick an administrator into fulfilling each order." + }, + { + "lang": "es", + "value": "El complemento Contact Form 7 para WordPress es vulnerable a la repetici\u00f3n de pedidos en todas las versiones hasta la 6.0.5 incluida, a trav\u00e9s de la funci\u00f3n 'wpcf7_stripe_skip_spam_check', debido a una validaci\u00f3n insuficiente en una clave controlada por el usuario. Esto permite que atacantes no autenticados reutilicen un \u00fanico PaymentIntent de Stripe para m\u00faltiples transacciones. Solo la primera transacci\u00f3n se procesa a trav\u00e9s de Stripe, pero el plugin env\u00eda un correo electr\u00f3nico con cada transacci\u00f3n realizada correctamente, lo que puede enga\u00f1ar al administrador para que complete cada pedido." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-34xx/CVE-2025-3495.json b/CVE-2025/CVE-2025-34xx/CVE-2025-3495.json index ba8b75e652e..7f9ddb52fea 100644 --- a/CVE-2025/CVE-2025-34xx/CVE-2025-3495.json +++ b/CVE-2025/CVE-2025-34xx/CVE-2025-3495.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3495", "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b", "published": "2025-04-16T03:15:17.530", - "lastModified": "2025-04-16T03:15:17.530", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Delta Electronics COMMGR v1 and v2\u00a0uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code." + }, + { + "lang": "es", + "value": "Delta Electronics COMMGR v1 y v2 utiliza valores insuficientemente aleatorios para generar identificadores de sesi\u00f3n (CWE-338). Un atacante podr\u00eda f\u00e1cilmente forzar un identificador de sesi\u00f3n y cargar y ejecutar c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3555.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3555.json index 02959ee5ef5..361d4db8b9f 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3555.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3555.json @@ -2,13 +2,13 @@ "id": "CVE-2025-3555", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-14T07:15:15.090", - "lastModified": "2025-04-15T18:39:27.967", + "lastModified": "2025-04-16T12:15:16.760", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "es", @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", @@ -111,7 +111,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -125,6 +125,10 @@ } ], "references": [ + { + "url": "https://github.com/Maloyroyorko/E-commerce-3.0-user-bruter", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?ctiid.304596", "source": "cna@vuldb.com" diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3556.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3556.json index a580b73f782..e58dbd41b95 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3556.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3556.json @@ -2,13 +2,13 @@ "id": "CVE-2025-3556", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-14T08:15:14.123", - "lastModified": "2025-04-15T18:39:27.967", + "lastModified": "2025-04-16T12:15:16.893", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "es", @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", @@ -111,7 +111,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3663.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3663.json index 519bf6d91c8..6c3a643b5e9 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3663.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3663.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3663", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T03:15:17.680", - "lastModified": "2025-04-16T03:15:17.680", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component Password Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en TOTOLINK A3700R 9.1.2u.5822_B20200513. Este problema afecta a la funci\u00f3n setWiFiEasyCfg/setWiFiEasyGuestCfg del archivo /cgi-bin/cstecgi.cgi del componente Password Handler. La manipulaci\u00f3n genera controles de acceso inadecuados. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3664.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3664.json index 2c529a0f013..a2bb69ffef5 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3664.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3664.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3664", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T03:15:17.883", - "lastModified": "2025-04-16T03:15:17.883", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en TOTOLINK A3700R 9.1.2u.5822_B20200513. La funci\u00f3n setWiFiEasyGuestCfg del archivo /cgi-bin/cstecgi.cgi se ve afectada. La manipulaci\u00f3n genera controles de acceso inadecuados. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3665.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3665.json index 8710e471fa5..163aa420ee4 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3665.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3665.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3665", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T03:15:18.057", - "lastModified": "2025-04-16T03:15:18.057", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad en TOTOLINK A3700R 9.1.2u.5822_B20200513, clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n setSmartQosCfg del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n genera controles de acceso inadecuados. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3666.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3666.json index 2feb916daf7..e88f7ebc9d7 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3666.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3666.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3666", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T04:15:23.040", - "lastModified": "2025-04-16T04:15:23.040", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3700R 9.1.2u.5822_B20200513, clasificada como cr\u00edtica. Este problema afecta a la funci\u00f3n setDdnsCfg del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n genera controles de acceso inadecuados. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3667.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3667.json index 9720f4f7fb3..4ef802b8b33 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3667.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3667.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3667", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T05:15:32.660", - "lastModified": "2025-04-16T05:15:32.660", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3700R 9.1.2u.5822_B20200513. Se ha clasificado como cr\u00edtica. Afecta a la funci\u00f3n setUPnPCfg del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n genera controles de acceso inadecuados. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3668.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3668.json index 6e817beccd1..f010950ef07 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3668.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3668.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3668", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T05:15:33.003", - "lastModified": "2025-04-16T05:15:33.003", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. This vulnerability affects the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3700R 9.1.2u.5822_B20200513. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n setScheduleCfg del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n genera controles de acceso inadecuados. El ataque puede iniciarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3674.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3674.json index df1720ffeb6..26b19ab136f 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3674.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3674.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3674", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T07:15:42.300", - "lastModified": "2025-04-16T07:15:42.300", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3700R 9.1.2u.5822_B20200513. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n setUrlFilterRules del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n genera controles de acceso inadecuados. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3675.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3675.json index 34b4d24d818..737b068c95c 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3675.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3675.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3675", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T07:15:43.947", - "lastModified": "2025-04-16T07:15:43.947", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been rated as critical. Affected by this issue is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en TOTOLINK A3700R 9.1.2u.5822_B20200513. Se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n setL2tpServerCfg del archivo /cgi-bin/cstecgi.cgi. La manipulaci\u00f3n genera controles de acceso inadecuados. El ataque puede ejecutarse remotamente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3676.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3676.json index 25588478332..42487599d33 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3676.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3676.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3676", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T08:15:14.707", - "lastModified": "2025-04-16T08:15:14.707", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad cr\u00edtica en xxyopen Novel-Plus 3.5.0. Esta afecta a una parte desconocida del archivo /api/front/search/books. La manipulaci\u00f3n del argumento sort provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3677.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3677.json index a4cf46ddf0d..244c76b385f 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3677.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3677.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3677", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T09:15:28.273", - "lastModified": "2025-04-16T09:15:28.273", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3678.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3678.json index 3f926f3f03b..ce743723f0e 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3678.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3678.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3678", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T09:15:28.820", - "lastModified": "2025-04-16T09:15:28.820", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3679.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3679.json index bb708aee8f5..3917b1e80c8 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3679.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3679.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3679", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T10:15:15.290", - "lastModified": "2025-04-16T10:15:15.290", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3680.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3680.json index f4bfce876ff..06ec79c65ce 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3680.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3680.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3680", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T10:15:15.483", - "lastModified": "2025-04-16T10:15:15.483", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3681.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3681.json index 20347378bc4..ace29059a8a 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3681.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3681.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3681", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T10:15:15.647", - "lastModified": "2025-04-16T10:15:15.647", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3682.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3682.json index 3ae3aa22f8f..6abebe4e697 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3682.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3682.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3682", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T11:15:43.237", - "lastModified": "2025-04-16T11:15:43.237", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3683.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3683.json index d4ac5b08ffc..667110b3aba 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3683.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3683.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3683", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T11:15:43.393", - "lastModified": "2025-04-16T11:15:43.393", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3684.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3684.json index 3b5982e8155..81d9855ba4a 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3684.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3684.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3684", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T11:15:43.557", - "lastModified": "2025-04-16T11:15:43.557", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3685.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3685.json index f0e6db6d230..9f7a26c62c6 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3685.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3685.json @@ -2,8 +2,8 @@ "id": "CVE-2025-3685", "sourceIdentifier": "cna@vuldb.com", "published": "2025-04-16T11:15:43.740", - "lastModified": "2025-04-16T11:15:43.740", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3686.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3686.json new file mode 100644 index 00000000000..1432f4e164b --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3686.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-3686", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-16T12:15:17.093", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in misstt123 oasys 1.0. Affected by this vulnerability is the function image of the file /show. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/misstt123/oasys/issues/10", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.304975", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.304975", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.553372", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3687.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3687.json new file mode 100644 index 00000000000..a7296fffc6d --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3687.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3687", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-16T12:15:17.267", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in misstt123 oasys 1.0. Affected by this issue is some unknown functionality of the component Sticky Notes Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/misstt123/oasys/issues/11", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.304976", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.304976", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.553429", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3688.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3688.json new file mode 100644 index 00000000000..9c7606f6f71 --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3688.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3688", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-16T12:15:17.430", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in mirweiye Seven Bears Library CMS 2023. This affects an unknown part of the component Background Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/KKDT12138/CVE/blob/main/cve.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.304977", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.304977", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.553486", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3689.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3689.json new file mode 100644 index 00000000000..11810818e79 --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3689.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3689", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-16T13:15:53.050", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Xiaoyao-i03i/CVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.304978", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.304978", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.553500", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3690.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3690.json new file mode 100644 index 00000000000..706802c9196 --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3690.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3690", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-16T13:15:53.217", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Xiaoyao-i03i/CVE/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.304979", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.304979", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.553501", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3691.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3691.json new file mode 100644 index 00000000000..49d83008382 --- /dev/null +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3691.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-3691", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-16T13:15:53.380", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in mirweiye Seven Bears Library CMS 2023. It has been classified as problematic. Affected is an unknown function of the component Add Link Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 2.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/KKDT12138/CVE/blob/main/cve2.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.304980", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.304980", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.553507", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-36xx/CVE-2025-3698.json b/CVE-2025/CVE-2025-36xx/CVE-2025-3698.json index 4ad767e2d5a..37791227178 100644 --- a/CVE-2025/CVE-2025-36xx/CVE-2025-3698.json +++ b/CVE-2025/CVE-2025-36xx/CVE-2025-3698.json @@ -2,13 +2,17 @@ "id": "CVE-2025-3698", "sourceIdentifier": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "published": "2025-04-16T03:15:18.223", - "lastModified": "2025-04-16T03:15:18.223", - "vulnStatus": "Received", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk." + }, + { + "lang": "es", + "value": "La vulnerabilidad de exposici\u00f3n de la interfaz en la aplicaci\u00f3n m\u00f3vil (com.transsion.carlcare) puede generar riesgo de fuga de informaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39512.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39512.json new file mode 100644 index 00000000000..f4b31b4619e --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39512.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39512", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:44.603", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Yuya Hoshino Bulk Term Editor allows Cross Site Request Forgery. This issue affects Bulk Term Editor: from n/a through 1.1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/bulk-term-editor/vulnerability/wordpress-bulk-term-editor-1-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39513.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39513.json new file mode 100644 index 00000000000..d7dfb6fe618 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39513.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39513", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:44.737", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in ActiveDEMAND Online Agency Marketing Automation ActiveDEMAND allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects ActiveDEMAND: from n/a through 0.2.46." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/activedemand/vulnerability/wordpress-activedemand-0-2-46-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39514.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39514.json new file mode 100644 index 00000000000..af789dc7ae0 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39514.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39514", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:44.860", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asgaros Asgaros Forum allows Stored XSS. This issue affects Asgaros Forum: from n/a through 3.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/asgaros-forum/vulnerability/wordpress-asgaros-forum-3-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39515.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39515.json new file mode 100644 index 00000000000..8c5851ff73d --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39515.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39515", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:44.983", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tnomi Attendance Manager allows Stored XSS. This issue affects Attendance Manager: from n/a through 0.6.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/attendance-manager/vulnerability/wordpress-attendance-manager-0-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39516.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39516.json new file mode 100644 index 00000000000..1d4f4b67e5e --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39516.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39516", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:45.117", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alan Petersen Author WIP Progress Bar allows DOM-Based XSS. This issue affects Author WIP Progress Bar: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/author-work-in-progress-bar/vulnerability/wordpress-author-wip-progress-bar-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39517.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39517.json new file mode 100644 index 00000000000..6ddfb79e015 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39517.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39517", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:45.247", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Basic Interactive World Map allows Cross Site Request Forgery. This issue affects Basic Interactive World Map: from n/a through 2.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/basic-interactive-world-map/vulnerability/wordpress-basic-interactive-world-map-plugin-2-7-cross-site-request-forgery-csrf-to-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39518.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39518.json new file mode 100644 index 00000000000..84ce7708180 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39518.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39518", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:45.377", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedefiningTheWeb BMA Lite allows SQL Injection. This issue affects BMA Lite: from n/a through 1.4.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/bma-lite-appointment-booking-and-scheduling/vulnerability/wordpress-bma-lite-1-4-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39520.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39520.json new file mode 100644 index 00000000000..4f96fec5892 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39520.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39520", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:45.503", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham Checkout Files Upload for WooCommerce allows Stored XSS. This issue affects Checkout Files Upload for WooCommerce: from n/a through 2.2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/checkout-files-upload-woocommerce/vulnerability/wordpress-checkout-files-upload-for-woocommerce-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39522.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39522.json new file mode 100644 index 00000000000..1a42a8d782f --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39522.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39522", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:45.633", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Sebastian Lee Dynamic Post allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Dynamic Post: from n/a through 4.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dynamic-post/vulnerability/wordpress-dynamic-post-4-10-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39524.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39524.json new file mode 100644 index 00000000000..6475ac346a2 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39524.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39524", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:45.763", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in bPlugins Html5 Audio Player allows Stored XSS. This issue affects Html5 Audio Player: from n/a through 2.2.28." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/html5-audio-player/vulnerability/wordpress-html5-audio-player-2-2-28-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39525.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39525.json new file mode 100644 index 00000000000..2dd0e80ebe7 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39525.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39525", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:45.893", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Logo Carousel Slider allows Stored XSS. This issue affects Logo Carousel Slider: from n/a through 2.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/logo-carousel-slider/vulnerability/wordpress-logo-carousel-slider-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39528.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39528.json new file mode 100644 index 00000000000..9c08b286c1d --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39528.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39528", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:46.027", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS. This issue affects Rescue Shortcodes: from n/a through 3.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/rescue-shortcodes/vulnerability/wordpress-rescue-shortcodes-plugin-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39529.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39529.json new file mode 100644 index 00000000000..b383ada0134 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39529.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39529", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:46.160", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robin Cornett Scriptless Social Sharing allows Stored XSS. This issue affects Scriptless Social Sharing: from n/a through 3.2.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/scriptless-social-sharing/vulnerability/wordpress-scriptless-social-sharing-3-2-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39530.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39530.json new file mode 100644 index 00000000000..4287e1b4a60 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39530.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39530", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:46.290", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 allows Stored XSS. This issue affects Site Search 360: from n/a through 2.1.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/site-search-360/vulnerability/wordpress-site-search-360-plugin-2-1-7-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39531.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39531.json new file mode 100644 index 00000000000..1104cac4780 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39531.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39531", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:46.483", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in slazzercom Slazzer Background Changer allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Slazzer Background Changer: from n/a through 3.14." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/slazzer-background-changer/vulnerability/wordpress-slazzer-background-changer-3-14-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39538.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39538.json new file mode 100644 index 00000000000..d1937756ca2 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39538.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39538", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:46.790", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Mathieu Chartier WP-Advanced-Search allows Upload a Web Shell to a Web Server. This issue affects WP-Advanced-Search: from n/a through 3.3.9.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-advanced-search/vulnerability/wordpress-wp-advanced-search-3-3-9-3-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39540.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39540.json new file mode 100644 index 00000000000..37a9594e703 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39540.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39540", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:46.937", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rhys Wynne WP Flipclock allows DOM-Based XSS. This issue affects WP Flipclock: from n/a through 1.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-flipclock/vulnerability/wordpress-wp-flipclock-plugin-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39543.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39543.json new file mode 100644 index 00000000000..50bff296749 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39543.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39543", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:47.067", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a through 1.3.977." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/royal-elementor-addons/vulnerability/wordpress-royal-elementor-addons-plugin-1-3-977-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39544.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39544.json new file mode 100644 index 00000000000..dae4f8b445e --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39544.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39544", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:47.197", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Path Traversal. This issue affects WP Tools: from n/a through 5.18." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wptools/vulnerability/wordpress-wp-tools-plugin-5-18-csrf-to-arbitrary-file-deletion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39545.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39545.json new file mode 100644 index 00000000000..b78bb236418 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39545.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39545", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:47.323", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-rest-api-authentication/vulnerability/wordpress-wordpress-rest-api-authentication-3-6-3-settings-change-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39546.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39546.json new file mode 100644 index 00000000000..5b6c0ac05ee --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39546.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39546", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:47.457", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in quomodosoft ElementsReady Addons for Elementor allows Cross Site Request Forgery. This issue affects ElementsReady Addons for Elementor: from n/a through 6.6.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/element-ready-lite/vulnerability/wordpress-elementsready-addons-for-elementor-6-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39547.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39547.json new file mode 100644 index 00000000000..ad23747e730 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39547.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39547", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:47.583", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Internal Link Optimiser allows Stored XSS. This issue affects Internal Link Optimiser: from n/a through 5.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/internal-link-finder/vulnerability/wordpress-internal-link-optimiser-plugin-5-1-3-csrf-to-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39548.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39548.json new file mode 100644 index 00000000000..38ee71607f8 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39548.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39548", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:47.713", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Right Click Disable OR Ban allows Stored XSS. This issue affects Right Click Disable OR Ban: from n/a through 1.1.17." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/right-click-disable-or-ban/vulnerability/wordpress-right-click-disable-or-ban-plugin-1-1-17-csrf-to-stored-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39549.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39549.json new file mode 100644 index 00000000000..f4af6552961 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39549.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39549", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:47.847", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in whiletrue Most And Least Read Posts Widget allows Stored XSS. This issue affects Most And Least Read Posts Widget: from n/a through 2.5.20." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/most-and-least-read-posts-widget/vulnerability/wordpress-most-and-least-read-posts-widget-2-5-20-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39552.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39552.json new file mode 100644 index 00000000000..94258e94e9b --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39552.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39552", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:47.980", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.200." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/zephyr-project-manager/vulnerability/wordpress-zephyr-project-manager-3-3-200-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39555.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39555.json new file mode 100644 index 00000000000..61c95b50227 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39555.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39555", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:48.153", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andy_moyle Church Admin allows Stored XSS. This issue affects Church Admin: from n/a through 5.0.23." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/church-admin/vulnerability/wordpress-church-admin-plugin-5-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39556.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39556.json new file mode 100644 index 00000000000..dab23e43548 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39556.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39556", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:48.560", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel allows Retrieve Embedded Sensitive Data. This issue affects Mediavine Control Panel: from n/a through 2.10.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-497" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/mediavine-control-panel/vulnerability/wordpress-mediavine-control-panel-plugin-2-10-6-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39557.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39557.json new file mode 100644 index 00000000000..d1f4056005d --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39557.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39557", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:48.697", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Upload a Web Shell to a Web Server. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.14." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.1, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/kadence-woocommerce-email-designer/vulnerability/wordpress-kadence-woocommerce-email-designer-plugin-1-5-14-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39560.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39560.json new file mode 100644 index 00000000000..0b491909e47 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39560.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39560", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:48.837", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in Shahjada Live Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Live Forms: from n/a through 4.8.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/liveforms/vulnerability/wordpress-live-forms-plugin-4-8-4-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39563.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39563.json new file mode 100644 index 00000000000..f91a957b067 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39563.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39563", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:48.967", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Payments for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Payments for WooCommerce: from n/a through 3.3.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/conditional-payments-for-woocommerce/vulnerability/wordpress-conditional-payments-for-woocommerce-3-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39564.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39564.json new file mode 100644 index 00000000000..010e213a1eb --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39564.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39564", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:49.117", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Trio Conditional Shipping for WooCommerce allows Cross Site Request Forgery. This issue affects Conditional Shipping for WooCommerce: from n/a through 3.4.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/conditional-shipping-for-woocommerce/vulnerability/wordpress-conditional-shipping-for-woocommerce-3-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39565.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39565.json new file mode 100644 index 00000000000..6917f914cd9 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39565.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39565", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:49.250", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security allows Object Injection. This issue affects MelaPress Login Security: from n/a through 2.1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/melapress-login-security/vulnerability/wordpress-melapress-login-security-2-1-0-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39566.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39566.json new file mode 100644 index 00000000000..2f530fdd0ad --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39566.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39566", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:49.387", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bob Hostel allows Blind SQL Injection. This issue affects Hostel: from n/a through 1.1.5.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/hostel/vulnerability/wordpress-hostel-1-1-5-6-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39570.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39570.json new file mode 100644 index 00000000000..0847c4e7ae7 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39570.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39570", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:49.523", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Lomu WPCOM Member allows PHP Local File Inclusion. This issue affects WPCOM Member: from n/a through 1.7.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpcom-member/vulnerability/wordpress-wpcom-member-1-7-7-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39571.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39571.json new file mode 100644 index 00000000000..a45a7e5b287 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39571.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39571", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:49.667", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WPXPO WowStore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowStore: from n/a through 4.2.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/product-blocks/vulnerability/wordpress-wowstore-4-2-4-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39572.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39572.json new file mode 100644 index 00000000000..d050e5cc5da --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39572.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39572", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:49.793", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Checkout for PayPal allows Stored XSS. This issue affects Checkout for PayPal: from n/a through 1.0.38." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/checkout-for-paypal/vulnerability/wordpress-checkout-for-paypal-1-0-38-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39573.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39573.json new file mode 100644 index 00000000000..70e9907151e --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39573.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39573", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:49.923", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel allows Stored XSS. This issue affects WP Posts Carousel: from n/a through 1.3.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-posts-carousel/vulnerability/wordpress-wp-posts-carousel-1-3-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39574.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39574.json new file mode 100644 index 00000000000..8f0e3c428c3 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39574.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39574", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:50.050", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Shortcodes allows Stored XSS. This issue affects Uix Shortcodes: from n/a through 2.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/uix-shortcodes/vulnerability/wordpress-uix-shortcodes-2-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39575.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39575.json new file mode 100644 index 00000000000..b57a28827a1 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39575.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39575", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:50.183", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSight WPCasa allows Stored XSS. This issue affects WPCasa: from n/a through 1.3.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpcasa/vulnerability/wordpress-wpcasa-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39576.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39576.json new file mode 100644 index 00000000000..4b487e9303b --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39576.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39576", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:50.313", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows Stored XSS. This issue affects WPAdverts: from n/a through 2.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wpadverts/vulnerability/wordpress-wpadverts-2-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39577.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39577.json new file mode 100644 index 00000000000..d9f38f8fdc2 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39577.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39577", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:50.443", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Property Hive PropertyHive allows Stored XSS. This issue affects PropertyHive: from n/a through 2.1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/propertyhive/vulnerability/wordpress-propertyhive-2-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39578.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39578.json new file mode 100644 index 00000000000..8196a284a48 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39578.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39578", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:50.570", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/responsive-block-editor-addons/vulnerability/wordpress-responsive-blocks-2-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39579.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39579.json new file mode 100644 index 00000000000..a8362d701c3 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39579.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39579", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:50.700", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Membership For WooCommerce allows DOM-Based XSS. This issue affects Membership For WooCommerce: from n/a through 2.8.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/membership-for-woocommerce/vulnerability/wordpress-membership-for-woocommerce-2-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39581.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39581.json new file mode 100644 index 00000000000..4165152d8ae --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39581.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39581", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:50.830", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Shortcodes allows Stored XSS. This issue affects Themify Shortcodes: from n/a through 2.1.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/themify-shortcodes/vulnerability/wordpress-themify-shortcodes-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39582.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39582.json new file mode 100644 index 00000000000..5170e22335b --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39582.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39582", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:51.133", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Passionate Programmer Peter WP Data Access allows DOM-Based XSS. This issue affects WP Data Access: from n/a through 5.5.36." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-data-access/vulnerability/wordpress-wp-data-access-5-5-36-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39584.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39584.json new file mode 100644 index 00000000000..80d3ede2cd6 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39584.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39584", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:51.270", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-event-solution/vulnerability/wordpress-eventin-4-0-25-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39585.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39585.json new file mode 100644 index 00000000000..9e0aa2ad808 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39585.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39585", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:51.410", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Travelfic Toolkit allows Stored XSS. This issue affects Travelfic Toolkit: from n/a through 1.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/travelfic-toolkit/vulnerability/wordpress-travelfic-toolkit-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39589.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39589.json new file mode 100644 index 00000000000..cf49fe53a59 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39589.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39589", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:51.540", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPDeveloper Essential Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Essential Addons for Elementor: from n/a through 6.1.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-497" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/essential-addons-for-elementor-lite/vulnerability/wordpress-essential-addons-for-elementor-6-1-9-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39590.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39590.json new file mode 100644 index 00000000000..3fb3bee9d1d --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39590.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39590", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:51.673", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS. This issue affects Essential Addons for Elementor: from n/a through 6.1.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/essential-addons-for-elementor-lite/vulnerability/wordpress-essential-addons-for-elementor-6-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39591.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39591.json new file mode 100644 index 00000000000..3cc273f5300 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39591.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39591", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:51.820", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WP Shuffle WP Subscription Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Subscription Forms: from n/a through 1.2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-subscription-forms/vulnerability/wordpress-wp-subscription-forms-1-2-3-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39592.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39592.json new file mode 100644 index 00000000000..0d0cf7132a2 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39592.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39592", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:51.950", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Unlock Lite allows PHP Local File Inclusion. This issue affects Subscribe to Unlock Lite: from n/a through 1.3.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/subscribe-to-unlock-lite/vulnerability/wordpress-subscribe-to-unlock-lite-1-3-0-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39593.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39593.json new file mode 100644 index 00000000000..c93b46753a3 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39593.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39593", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:52.083", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting allows Cross Site Request Forgery. This issue affects Ever Accounting: from n/a through 2.1.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-ever-accounting/vulnerability/wordpress-ever-accounting-2-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39597.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39597.json new file mode 100644 index 00000000000..000ddc95d71 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39597.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39597", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:52.217", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Arthur Yarwood Fast eBay Listings allows Phishing. This issue affects Fast eBay Listings: from n/a through 2.12.15." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/fast-ebay-listings/vulnerability/wordpress-fast-ebay-listings-2-12-15-open-redirection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39598.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39598.json new file mode 100644 index 00000000000..1bf64cef739 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39598.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39598", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:52.373", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal vulnerability in Qu\u00fd L\u00ea 91 Administrator Z allows Path Traversal. This issue affects Administrator Z: from n/a through 2025.03.28." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/administrator-z/vulnerability/wordpress-administrator-z-2025-03-28-directory-traversal-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-395xx/CVE-2025-39599.json b/CVE-2025/CVE-2025-395xx/CVE-2025-39599.json new file mode 100644 index 00000000000..fff831596a4 --- /dev/null +++ b/CVE-2025/CVE-2025-395xx/CVE-2025-39599.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39599", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:52.520", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Webilia Inc. Listdom allows Phishing. This issue affects Listdom: from n/a through 4.0.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/listdom/vulnerability/wordpress-listdom-4-0-0-open-redirection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-396xx/CVE-2025-39600.json b/CVE-2025/CVE-2025-396xx/CVE-2025-39600.json new file mode 100644 index 00000000000..d338e5c0ddf --- /dev/null +++ b/CVE-2025/CVE-2025-396xx/CVE-2025-39600.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39600", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:52.653", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for WooCommerce and QuickBooks allows Cross Site Request Forgery. This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.3.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wp-woocommerce-quickbooks/vulnerability/wordpress-integration-for-woocommerce-and-quickbooks-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-396xx/CVE-2025-39601.json b/CVE-2025/CVE-2025-396xx/CVE-2025-39601.json new file mode 100644 index 00000000000..a62c6f9d6b7 --- /dev/null +++ b/CVE-2025/CVE-2025-396xx/CVE-2025-39601.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39601", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:52.790", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP allows Remote Code Inclusion. This issue affects Custom CSS, JS & PHP: from n/a through 2.4.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/custom-css/vulnerability/wordpress-custom-css-js-php-plugin-2-4-1-csrf-to-rce-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-396xx/CVE-2025-39602.json b/CVE-2025/CVE-2025-396xx/CVE-2025-39602.json new file mode 100644 index 00000000000..553e99ba775 --- /dev/null +++ b/CVE-2025/CVE-2025-396xx/CVE-2025-39602.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-39602", + "sourceIdentifier": "audit@patchstack.com", + "published": "2025-04-16T13:15:52.920", + "lastModified": "2025-04-16T13:25:37.340", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing Authorization vulnerability in WC Product Table WooCommerce Product Table Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce Product Table Lite: from n/a through 3.9.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/wc-product-table-lite/vulnerability/wordpress-woocommerce-product-table-lite-plugin-3-9-5-broken-access-control-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 84f2fa537cb..c2324ba7f28 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-16T12:00:24.262053+00:00 +2025-04-16T14:00:21.028393+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-16T11:15:43.740000+00:00 +2025-04-16T13:59:08.477000+00:00 ``` ### Last Data Feed Release @@ -33,36 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -290138 +290207 ``` ### CVEs added in the last Commit -Recently added CVEs: `16` +Recently added CVEs: `69` -- [CVE-2024-58092](CVE-2024/CVE-2024-580xx/CVE-2024-58092.json) (`2025-04-16T11:15:42.427`) -- [CVE-2025-22019](CVE-2025/CVE-2025-220xx/CVE-2025-22019.json) (`2025-04-16T11:15:42.537`) -- [CVE-2025-22020](CVE-2025/CVE-2025-220xx/CVE-2025-22020.json) (`2025-04-16T11:15:42.640`) -- [CVE-2025-22021](CVE-2025/CVE-2025-220xx/CVE-2025-22021.json) (`2025-04-16T11:15:42.773`) -- [CVE-2025-22022](CVE-2025/CVE-2025-220xx/CVE-2025-22022.json) (`2025-04-16T11:15:42.883`) -- [CVE-2025-22023](CVE-2025/CVE-2025-220xx/CVE-2025-22023.json) (`2025-04-16T11:15:42.987`) -- [CVE-2025-27936](CVE-2025/CVE-2025-279xx/CVE-2025-27936.json) (`2025-04-16T10:15:14.797`) -- [CVE-2025-30960](CVE-2025/CVE-2025-309xx/CVE-2025-30960.json) (`2025-04-16T11:15:43.090`) -- [CVE-2025-31363](CVE-2025/CVE-2025-313xx/CVE-2025-31363.json) (`2025-04-16T10:15:15.170`) -- [CVE-2025-3679](CVE-2025/CVE-2025-36xx/CVE-2025-3679.json) (`2025-04-16T10:15:15.290`) -- [CVE-2025-3680](CVE-2025/CVE-2025-36xx/CVE-2025-3680.json) (`2025-04-16T10:15:15.483`) -- [CVE-2025-3681](CVE-2025/CVE-2025-36xx/CVE-2025-3681.json) (`2025-04-16T10:15:15.647`) -- [CVE-2025-3682](CVE-2025/CVE-2025-36xx/CVE-2025-3682.json) (`2025-04-16T11:15:43.237`) -- [CVE-2025-3683](CVE-2025/CVE-2025-36xx/CVE-2025-3683.json) (`2025-04-16T11:15:43.393`) -- [CVE-2025-3684](CVE-2025/CVE-2025-36xx/CVE-2025-3684.json) (`2025-04-16T11:15:43.557`) -- [CVE-2025-3685](CVE-2025/CVE-2025-36xx/CVE-2025-3685.json) (`2025-04-16T11:15:43.740`) +- [CVE-2025-39570](CVE-2025/CVE-2025-395xx/CVE-2025-39570.json) (`2025-04-16T13:15:49.523`) +- [CVE-2025-39571](CVE-2025/CVE-2025-395xx/CVE-2025-39571.json) (`2025-04-16T13:15:49.667`) +- [CVE-2025-39572](CVE-2025/CVE-2025-395xx/CVE-2025-39572.json) (`2025-04-16T13:15:49.793`) +- [CVE-2025-39573](CVE-2025/CVE-2025-395xx/CVE-2025-39573.json) (`2025-04-16T13:15:49.923`) +- [CVE-2025-39574](CVE-2025/CVE-2025-395xx/CVE-2025-39574.json) (`2025-04-16T13:15:50.050`) +- [CVE-2025-39575](CVE-2025/CVE-2025-395xx/CVE-2025-39575.json) (`2025-04-16T13:15:50.183`) +- [CVE-2025-39576](CVE-2025/CVE-2025-395xx/CVE-2025-39576.json) (`2025-04-16T13:15:50.313`) +- [CVE-2025-39577](CVE-2025/CVE-2025-395xx/CVE-2025-39577.json) (`2025-04-16T13:15:50.443`) +- [CVE-2025-39578](CVE-2025/CVE-2025-395xx/CVE-2025-39578.json) (`2025-04-16T13:15:50.570`) +- [CVE-2025-39579](CVE-2025/CVE-2025-395xx/CVE-2025-39579.json) (`2025-04-16T13:15:50.700`) +- [CVE-2025-39581](CVE-2025/CVE-2025-395xx/CVE-2025-39581.json) (`2025-04-16T13:15:50.830`) +- [CVE-2025-39582](CVE-2025/CVE-2025-395xx/CVE-2025-39582.json) (`2025-04-16T13:15:51.133`) +- [CVE-2025-39584](CVE-2025/CVE-2025-395xx/CVE-2025-39584.json) (`2025-04-16T13:15:51.270`) +- [CVE-2025-39585](CVE-2025/CVE-2025-395xx/CVE-2025-39585.json) (`2025-04-16T13:15:51.410`) +- [CVE-2025-39589](CVE-2025/CVE-2025-395xx/CVE-2025-39589.json) (`2025-04-16T13:15:51.540`) +- [CVE-2025-39590](CVE-2025/CVE-2025-395xx/CVE-2025-39590.json) (`2025-04-16T13:15:51.673`) +- [CVE-2025-39591](CVE-2025/CVE-2025-395xx/CVE-2025-39591.json) (`2025-04-16T13:15:51.820`) +- [CVE-2025-39592](CVE-2025/CVE-2025-395xx/CVE-2025-39592.json) (`2025-04-16T13:15:51.950`) +- [CVE-2025-39593](CVE-2025/CVE-2025-395xx/CVE-2025-39593.json) (`2025-04-16T13:15:52.083`) +- [CVE-2025-39597](CVE-2025/CVE-2025-395xx/CVE-2025-39597.json) (`2025-04-16T13:15:52.217`) +- [CVE-2025-39598](CVE-2025/CVE-2025-395xx/CVE-2025-39598.json) (`2025-04-16T13:15:52.373`) +- [CVE-2025-39599](CVE-2025/CVE-2025-395xx/CVE-2025-39599.json) (`2025-04-16T13:15:52.520`) +- [CVE-2025-39600](CVE-2025/CVE-2025-396xx/CVE-2025-39600.json) (`2025-04-16T13:15:52.653`) +- [CVE-2025-39601](CVE-2025/CVE-2025-396xx/CVE-2025-39601.json) (`2025-04-16T13:15:52.790`) +- [CVE-2025-39602](CVE-2025/CVE-2025-396xx/CVE-2025-39602.json) (`2025-04-16T13:15:52.920`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `224` -- [CVE-2024-11859](CVE-2024/CVE-2024-118xx/CVE-2024-11859.json) (`2025-04-16T11:15:41.373`) +- [CVE-2025-32782](CVE-2025/CVE-2025-327xx/CVE-2025-32782.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-32784](CVE-2025/CVE-2025-327xx/CVE-2025-32784.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-32923](CVE-2025/CVE-2025-329xx/CVE-2025-32923.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3495](CVE-2025/CVE-2025-34xx/CVE-2025-3495.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3555](CVE-2025/CVE-2025-35xx/CVE-2025-3555.json) (`2025-04-16T12:15:16.760`) +- [CVE-2025-3556](CVE-2025/CVE-2025-35xx/CVE-2025-3556.json) (`2025-04-16T12:15:16.893`) +- [CVE-2025-3663](CVE-2025/CVE-2025-36xx/CVE-2025-3663.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3664](CVE-2025/CVE-2025-36xx/CVE-2025-3664.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3665](CVE-2025/CVE-2025-36xx/CVE-2025-3665.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3666](CVE-2025/CVE-2025-36xx/CVE-2025-3666.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3667](CVE-2025/CVE-2025-36xx/CVE-2025-3667.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3668](CVE-2025/CVE-2025-36xx/CVE-2025-3668.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3674](CVE-2025/CVE-2025-36xx/CVE-2025-3674.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3675](CVE-2025/CVE-2025-36xx/CVE-2025-3675.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3676](CVE-2025/CVE-2025-36xx/CVE-2025-3676.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3677](CVE-2025/CVE-2025-36xx/CVE-2025-3677.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3678](CVE-2025/CVE-2025-36xx/CVE-2025-3678.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3679](CVE-2025/CVE-2025-36xx/CVE-2025-3679.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3680](CVE-2025/CVE-2025-36xx/CVE-2025-3680.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3681](CVE-2025/CVE-2025-36xx/CVE-2025-3681.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3682](CVE-2025/CVE-2025-36xx/CVE-2025-3682.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3683](CVE-2025/CVE-2025-36xx/CVE-2025-3683.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3684](CVE-2025/CVE-2025-36xx/CVE-2025-3684.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3685](CVE-2025/CVE-2025-36xx/CVE-2025-3685.json) (`2025-04-16T13:25:37.340`) +- [CVE-2025-3698](CVE-2025/CVE-2025-36xx/CVE-2025-3698.json) (`2025-04-16T13:25:37.340`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 30c73bbc6af..dbd71c936be 100644 --- a/_state.csv +++ b/_state.csv @@ -225855,7 +225855,7 @@ CVE-2023-32192,0,0,9ddad804b5e1f24517e731cf63fc7724b58e01e76819ef245be1681605b11 CVE-2023-32193,0,0,3fc0deec46f1f84bb86bb18144fefd8401960da10ffc30dbcb4b73bcaa487fa6,2024-10-16T16:38:14.557000 CVE-2023-32194,0,0,b026e294b9ee7e0ac795c3c964def03f8175fac7911f8283e7b5b212d9d71d5b,2024-10-16T16:38:14.557000 CVE-2023-32196,0,0,79159a2f6efc5cfee63b1c771d3ff38df7bebfb52936a9e17291c69b0f073c87,2024-10-16T16:38:14.557000 -CVE-2023-32197,0,0,d1ef574f58c6716a52ff3cc274d224318459499b9184ff85a766d3034914bf01,2025-04-16T09:15:24.103000 +CVE-2023-32197,0,1,f588b05d56636242058db1ad6dfa7a3c3adbd7be2441df634eab0df95e65d330,2025-04-16T13:25:37.340000 CVE-2023-3220,0,0,091b3568d542ce7f8e9639994e311d2dd153be652f295bce2cf3036b33345197,2025-03-11T15:15:39.357000 CVE-2023-32200,0,0,bd3b707fd4f345c8c3028816f1e6552e40039230142d8b9e762e26d6d0380966,2024-11-21T08:02:53.243000 CVE-2023-32201,0,0,931662d2bb3c46b3ef8495876fa9a03301878dcf7cc2306d578f2b4f434d18a1,2024-12-23T22:15:06.950000 @@ -242050,7 +242050,7 @@ CVE-2023-5612,0,0,07d0fd9a01002c02d5049608faf1e176194fafe91daa7d393bb2813eaacb89 CVE-2023-5613,0,0,5c296e92ec08c076f024fb1be87a24997c51c32836e3ceadabd7db4f93d8403e,2024-11-21T08:42:07.397000 CVE-2023-5614,0,0,df3c7aef14595e231847df4cbf9f65fbb272aa8124fbcb08193c413d34988a90,2024-11-21T08:42:07.520000 CVE-2023-5615,0,0,56f89aa31fa6edba415dfec96afddd04047544455cab84c6571e893daa26c567,2024-11-21T08:42:07.633000 -CVE-2023-5616,0,0,834b7eb8635762528cd8c0e474b3e731f62b9945e9779a312408e3a6f758fc71,2025-04-15T21:15:46.583000 +CVE-2023-5616,0,1,fd9bddab721ea44028dd55838a77bea57b46b6b951f5429f0442dd0be0b72b1e,2025-04-16T13:25:59.640000 CVE-2023-5617,0,0,730cedd938375b817937d4e4574096bafbca4b272c62ac316091c801825e7a02,2025-02-14T15:31:44.250000 CVE-2023-5618,0,0,111e22e7e80976f8f05c5cdfd526ea0caa1da19bd88e1d9d6d161392d3bb7b6a,2024-11-21T08:42:07.863000 CVE-2023-5619,0,0,a19fb0d9c1ec2158ccf365d70c7c69e74f9a9e11e8a35b996d155c23740d5bc4,2024-01-04T20:15:25.230000 @@ -245169,7 +245169,7 @@ CVE-2024-10676,0,0,6887bcf7e7ad4dff7b3acb5ccb4703ef99e151f3c3b6329edf86e56346e5b CVE-2024-10678,0,0,2d4c7c0dbf73a0febb64fcb95cf96aa0969f22be17ad5704c54158d8b7b8b392,2024-12-16T19:15:05.907000 CVE-2024-10679,0,0,6031e8f0ed489a1fd714c3ee41c8f59bb6f216bd86d1989d37ded7c87ab84db5,2025-03-27T16:45:46.410000 CVE-2024-1068,0,0,19fff8aed0f63e6149ffcd4b412aacdd7ffcb6468d1d60a7391f61d942a540cd,2024-11-21T08:49:43.460000 -CVE-2024-10680,0,0,d8db6973754105a98eca4bb3b8eb778cd5a40da91f9bac516c7b64f7c6331f96,2025-04-16T06:15:42.367000 +CVE-2024-10680,0,1,b56faefd6793ee1e7f9fbec8568a156818205b7850724e427888ec65ce6f5392,2025-04-16T13:25:37.340000 CVE-2024-10681,0,0,b8f17934b6825994f779df09ece3578475b75ad6fb261f72f1afc8dc3363b0f0,2024-12-06T10:15:04.533000 CVE-2024-10682,0,0,a7e8df655c8e75ce2215a7ec3bf41218b640524758c0db7f945bc19c5ad286f0,2024-11-21T13:57:24.187000 CVE-2024-10683,0,0,4d3a70daf30fbf2f2ba33971b3daca0cfdf2ea629fdbab703b0dff039ae72ac0,2024-11-12T13:56:24.513000 @@ -246367,7 +246367,7 @@ CVE-2024-11854,0,0,999afde0352966c3848f9613a3046f97c5bfc972302cd671fa92812a3b6ba CVE-2024-11855,0,0,b8bfb341060496fd32ee788a9ac0c446229bec4b5e208f7ac30bcfa919ff4d7a,2024-12-14T05:15:07.960000 CVE-2024-11856,0,0,d5dc91ea132c91646f44dabd18a1a6c06e1b122275ee7e71ea02b3d69779ae26,2024-12-02T03:15:13.713000 CVE-2024-11858,0,0,73fd067f9f80a3fe9add2844a0fc8b12fbc4555aad7446ed909f2e6252e70dfe,2024-12-15T14:15:22.320000 -CVE-2024-11859,0,1,e0c37a256811d6c3ed803647df0b4f38245519a802f001a8c0b0c679e61a20a1,2025-04-16T11:15:41.373000 +CVE-2024-11859,0,0,e0c37a256811d6c3ed803647df0b4f38245519a802f001a8c0b0c679e61a20a1,2025-04-16T11:15:41.373000 CVE-2024-1186,0,0,2e273a7149091b295fd44850226681809150a1697d95b70cddb9945c7f5d2c46,2024-11-21T08:49:59.387000 CVE-2024-11860,0,0,b4d86970e53cc06e2bb8bbb6ca541cbcee674b01ab736af3ad4a9b157ea7fdee,2024-12-04T21:08:39.133000 CVE-2024-11862,0,0,f2607ef95f43bacf07d967cbeba7a58170571a09b34a70089d64cd1d0d5addef,2024-11-27T15:15:25.393000 @@ -247934,7 +247934,7 @@ CVE-2024-13448,0,0,99bef776585fb11dba8e8ef9f028b4f3c7371956a91f9b56a4977bbe471e6 CVE-2024-13449,0,0,52b88677fd423c43b44e149505ef75bf01f315f780529f08af2d104c0e8e8913,2025-02-04T18:12:53.713000 CVE-2024-1345,0,0,b705c881b64934a656687f4bb2d7ed2b74763da5751afa84b0b2fd5eae033431,2025-03-24T17:12:18.113000 CVE-2024-13450,0,0,43fcdfa95c84c4f9958bcf0ed96f0c3b1c10185c108adb08c789dbe5f2feb02b,2025-02-04T20:48:58 -CVE-2024-13452,0,0,2079e104d1bed0137893188a6db0bbcc1e1ab71aca174566063b19936f12faf5,2025-04-16T03:15:17.067000 +CVE-2024-13452,0,1,d34dc6261a25765dcd9b4a870b6e0b9f5cf10581b9911f2a574e3c38c272d73c,2025-04-16T13:25:37.340000 CVE-2024-13453,0,0,e64fc58d83e3540bb01a99edb8cd9df274ae0c7a0249b0fd357ec05d1fc54281,2025-02-18T19:15:13.770000 CVE-2024-13454,0,0,14313d18c59abf0795f9e65c924b2232675b3f5fcf8c69fe1d32af5f5cac5a65,2025-01-21T20:15:30.793000 CVE-2024-13455,0,0,8457fc75e884c82a6bed373b6665661978e54463bf4d1b7eab90cc8af418d768,2025-02-25T03:29:41.680000 @@ -250802,7 +250802,7 @@ CVE-2024-22030,0,0,e02699b846d34a18e8b7b6cf5888c535b133634cfe2a017ed58e28205a0d0 CVE-2024-22032,0,0,42ed11c6328f1061db1d5637872d55aa471b403640bc814ec0cd799e1f69f34b,2024-10-16T16:38:14.557000 CVE-2024-22033,0,0,42b55564084fb621beb0686f05fea4be7155bba503879b4cca652be2bfa35c09,2024-10-16T16:38:14.557000 CVE-2024-22034,0,0,fdb317819d71ff9b837affcfad34eef81e09d01bdfaff630f7528b487dfefd78,2024-10-16T16:38:14.557000 -CVE-2024-22036,0,0,1af93b05b0da79ffb1f8f7166c78c561537dfa981d1d70da222e16fd5f6afe82,2025-04-16T09:15:27.300000 +CVE-2024-22036,0,1,6839d98a4d08b21a036e119d0ba6b1afdd41bc9630e64ce779d4c7e9c0082b17,2025-04-16T13:25:37.340000 CVE-2024-22037,0,0,9b513ef8f09e8d2f45c49b5879bd9425224f280989f3de9371aaf821f42b8e4a,2024-11-28T10:15:06.973000 CVE-2024-22038,0,0,e89a256f9e37dfd2bd3664d38412ba134616ff9d015b62a63683c7b2aade2365,2024-11-28T10:15:07.567000 CVE-2024-22039,0,0,ce396fab1e3ad0290927c5b46e298fa5c4ce735b27af9f7f5496f9dc290e2d75,2024-11-21T08:55:26.327000 @@ -266212,7 +266212,7 @@ CVE-2024-42187,0,0,1a7e90ec8fd6111568607e7fe4efa4740b10d0987e11092bcc048a6df4194 CVE-2024-42188,0,0,a8278cfe50e3ca68bde755bed653483d11589c1acd3e94c1e7362476b4ce136e,2024-11-15T13:58:08.913000 CVE-2024-42189,0,0,06b5629c8ee24a8ad937342d1441c2754103e3815347b457fd3fd5457eb2cef1,2025-04-15T18:39:27.967000 CVE-2024-4219,0,0,cd28361343cc861bde40c0bbbee1aabb101ed013946c5589d3ba0dabbead402f,2024-11-21T09:42:24.783000 -CVE-2024-42193,0,0,0e15a6923949a82a61e83f8581ce998d3348a488a008a8775e2069381e4bb7c0,2025-04-15T19:16:06.800000 +CVE-2024-42193,0,1,d496336e10e290c03b4d9d1ca9b765852bf46abc8e173adc595ed636cba288c3,2025-04-16T13:25:59.640000 CVE-2024-42194,0,0,af3a202d05f65dc11d1d1e7b62226f11c65e5914cb08b7ffa3083b3f3386e580,2024-12-17T18:15:23.590000 CVE-2024-42195,0,0,c65de58c728753f86038d98c371fbbe3457add02821d0b6bcc2d79ecc064624f,2024-12-05T05:15:06.923000 CVE-2024-42196,0,0,86572e299010ed9c933dd6e15fc8f817087307b7b1acb778fb2306342762ea6d,2025-04-14T17:16:43.817000 @@ -268217,7 +268217,7 @@ CVE-2024-44837,0,0,d99be13bd28102fab04d2436e2423a9abe7e5510be44a84cf457d3b46476b CVE-2024-44838,0,0,8d376af95f42d0d8bf980ba63f53616a78fab858760e0c31e2a6fb218ae7c30a,2024-09-09T14:35:06.773000 CVE-2024-44839,0,0,1b98dbfbdec4a61210e539bb2abdbaf3319f35d3dda44d650971ff8cb9b58707,2024-09-09T15:35:10.797000 CVE-2024-4484,0,0,e9d9ab7a181084a2609fc26ec989da9dcf4a22d48b5c7405b3d8209db6a264e7,2025-01-29T18:26:19.747000 -CVE-2024-44843,0,0,da4bb7e73322abac267cea80c5a56cdc4c85f14eece587450e7b4b35b91d760e,2025-04-15T21:15:46.730000 +CVE-2024-44843,0,1,3e7db27c1db9a15a2eeeb19516866a434438f39c3bbdd082997c4e994084dc81,2025-04-16T13:25:59.640000 CVE-2024-44844,0,0,543b67798b80c9f433394b5371f67242f69c06e81a35f5031e65aa2bc37f2c80,2024-09-11T16:24:51.660000 CVE-2024-44845,0,0,be723405d776fcd23ce5801cd5dc6a06dd41574f2f123999283d6be69263ae54,2024-09-11T16:24:23.970000 CVE-2024-44849,0,0,556a0bd4002e0d7931d67df8540866973c154d8cb1d32b49d0c67e3b0c20db93,2024-09-09T20:35:18.097000 @@ -269670,6 +269670,7 @@ CVE-2024-46909,0,0,23c76f6e1a6ff88eaca1f23c162ae0295380b6a8eaa129068dfbfc189f6b8 CVE-2024-46910,0,0,b74f3887e7f31d62c757fcdf3dfbdb112077fe3d46b36d62f95a49db2ae8ba4b,2025-02-13T21:15:14.590000 CVE-2024-46911,0,0,3d0ee5b10efd83bd968feb73195ce7d2aa3abe80ac847507929e8b55f2484d57,2024-11-21T09:39:07.520000 CVE-2024-46914,0,0,8183f2e81bda981099173d1b49f2e9d3c952a93e63b81e2bd23ce00d12f134f9,2024-10-22T22:15:05.810000 +CVE-2024-46915,1,1,b057dec4a1663f698336b997c64c083c547da2c2500c22734a87cb040c648028,2025-04-16T13:15:43.983000 CVE-2024-46918,0,0,2e7fe43adfa1575bec89c605179d8bbf17914f960f85a28aa62f3e2f13477c59,2025-03-13T15:15:48.737000 CVE-2024-46919,0,0,caee3ec5db2611d5674f255e6e4093f56001d0cd40bf7d98b7791ae4b55380a9,2025-01-13T20:15:28.450000 CVE-2024-4692,0,0,f05887f354d4b5a1374a63331763ec3fab53a73a54d461bd27a99fbb622b007d,2024-10-21T16:10:14.873000 @@ -271299,7 +271300,7 @@ CVE-2024-49193,0,0,f107d286fb452265d3af6ba99ec3a3307a498cc5d0a571f0a12f8237ec4bf CVE-2024-49194,0,0,0ec8be045d0245140372caea286e91f3e3f2b648af9aa51f5731f3d907f06384,2024-12-18T17:15:13.593000 CVE-2024-49195,0,0,f09eab8729e42b8f90de1ca9d2dd22f865dd713c9e6432237b0fc072c91310d7,2024-10-17T18:35:13.253000 CVE-2024-4920,0,0,d49e16d07834a59a0b4d30c9bdb162daddb64f8b0b51b20d212f1f7c929468c6,2025-02-10T13:20:10.720000 -CVE-2024-49200,0,0,4dee1a681965d305512bc761fbbfc5c3ada00e3a408513a44abaf278d6ba2d56,2025-04-15T22:15:15.467000 +CVE-2024-49200,0,1,ff183f4deec1f98f830abb7c9a434cd27f2863839b3c272b60dfaa444ffc218d,2025-04-16T13:25:37.340000 CVE-2024-49201,0,0,f1f1cb98a0aac9265c70b98ee9e2458c0a72a188affe8a16068d4f679ccae7e2,2024-12-21T00:15:27.887000 CVE-2024-49202,0,0,dd6d2289be67b77fcac21858ac749dc1834785d3abfe754ac83242d097e946b2,2024-12-21T00:15:28.090000 CVE-2024-49203,0,0,be27ef0783bba9da31a96a5001ada95e347452b30d269789b7a1f6757f08eb81,2025-02-21T17:15:13.070000 @@ -273650,7 +273651,7 @@ CVE-2024-52277,0,0,459201818b8cfa8cff88830dc20363802cff332ef0062533d559448a16467 CVE-2024-52278,0,0,f6727d2bf49859f0724c1a39e0d775cbd477e6bb49e30b91be3cb4bcf4a7b7c5,2024-12-04T12:15:19.763000 CVE-2024-5228,0,0,e8458dad36641e2f49e283982ba062ff04983c91d94764c17964f8325e9d26d2,2024-11-21T09:47:13.693000 CVE-2024-52280,0,0,dce6a7feea67c223afc6a59a51f15b242686dec75ebc18efd5749fe70b23ebe2,2025-04-11T15:39:52.920000 -CVE-2024-52281,0,0,b2f339bc7eff1b3fcb19072c997ffe07750a128d59ed93f1a4c3b07db7ab70a1,2025-04-16T09:15:27.620000 +CVE-2024-52281,0,1,d3a24e75f784f76528bda6a29d9ab3ff148bb6968baa8202aaed41d298685e46,2025-04-16T13:25:37.340000 CVE-2024-52282,0,0,156874cae5b02dee54f08844c36f967d54274372a093e4fec0bf016d6ded0625,2025-04-11T15:39:52.920000 CVE-2024-52283,0,0,3766c385ef525dc9f708fd0304ec8c93e9eca4cea1f5c1432eedd3e4fefe5e8c,2024-11-28T10:15:08.543000 CVE-2024-52285,0,0,547298f6d27148202c512a2201f7f3b46a69b6caec716a19dffae1d97db6a93d,2025-03-11T10:15:15.083000 @@ -276835,7 +276836,7 @@ CVE-2024-57212,0,0,961b99a9be67411b861d43f66d5d2801acd6e36e4a35cb327adf192979620 CVE-2024-57213,0,0,bd9b151425e58e3a9a84a45b41713e6e61bf2bab6d14657a26e71965b17473fd,2025-04-03T15:48:02.287000 CVE-2024-57214,0,0,fd5aabb2729ced5e54eb3a91e24e1e86eefe14e0956ed5a7d998ec2b675065fd,2025-04-03T15:47:53.033000 CVE-2024-5722,0,0,fb2626652051e86b0980edf17cc31d2c7d3932c3a2dc5ba698d58a7b1606523e,2024-11-22T20:15:10.787000 -CVE-2024-57222,0,0,6c9ff9ac1c071c7537cfe8e7731f8b445bd04d0328980fd45732215f43127f52,2025-01-14T17:15:19.537000 +CVE-2024-57222,0,1,779c116786ef503639c1b2627a90eb57bb1e664440de195dfc7d4104a500a6b3,2025-04-16T13:59:08.477000 CVE-2024-57223,0,0,2f5c70a62e59e4b0b6f2c01a8a9727435737b94b479bc49253cf797f189d2eb8,2025-01-13T21:15:13.637000 CVE-2024-57224,0,0,975cf43dd81ef80055ddcee1afaf95fbe473648b4a3f6a90f5ea3622071cb1df,2025-01-13T21:15:13.773000 CVE-2024-57225,0,0,0f626873e99e00c755c8c3df1293eb7b3cb77d6777a17558eb107c8ba1ebe685,2025-01-13T21:15:13.910000 @@ -277377,7 +277378,7 @@ CVE-2024-58089,0,0,c539e21863bf6d808e8f03e17c4063f4cf474cdca947eadd829ab37d0ca02 CVE-2024-5809,0,0,d3a3cb96d02b3d9c2efd17f0531d777c80fde692d386c7f6a56c47f2ca5601d8,2024-11-21T09:48:22.387000 CVE-2024-58090,0,0,5d5a772ef85a7d7cf1764ffd3f4d817a84bbc6475cefed9abaaa898b75cace7a,2025-03-27T16:45:12.210000 CVE-2024-58091,0,0,bdb73265ec2113004990c5b046492ea3ca27cffddbcbc776a99f7489adfd4d1b,2025-03-27T16:45:12.210000 -CVE-2024-58092,1,1,298bd0c0d1565b8cfd580ef2d652ef04b474ca753fcedeafceaaab5890d00fd2,2025-04-16T11:15:42.427000 +CVE-2024-58092,0,1,f184bba65cf1c4cf991663ff36866519c6b70b9b117d6402b124feb557a452c9,2025-04-16T13:25:37.340000 CVE-2024-5810,0,0,1cfa1d347c98633461d8a7b5c70e7a88c8da42418f63ef991acf03eb3681102e,2024-11-21T09:48:22.557000 CVE-2024-58102,0,0,dd42630c366d4fe40426e956fe445b75d82fa202b00380f941f341e0dcc8270f,2025-03-11T08:15:10.917000 CVE-2024-58103,0,0,10a7b3d9d518bc786063856000a89f8cacb058ea7d9597066e2f5581bacc0a09,2025-03-16T04:15:12.313000 @@ -280448,7 +280449,7 @@ CVE-2024-9098,0,0,91c5c8a82607fd38b3d750686c69cfc39c4a552c23195d9f6c4eabf40873f2 CVE-2024-9099,0,0,b72188ec0506bd0b6301a402479169a6973547834ede56458172af5840900b98,2025-04-10T15:42:18.443000 CVE-2024-9100,0,0,e58afa1cb97571d6bb26bb26cbb4a088cc8bda6f2bd9320274e7188c14487c93,2024-10-04T13:50:43.727000 CVE-2024-9101,0,0,ceb7067a31f0e7649714c920459eb78399bc5d56a598b02fde32228787440350,2024-12-19T14:15:06.147000 -CVE-2024-9102,0,0,9614ab94795c3157589792796c76fdfdf9be19288c9683304b665309644a158d,2024-12-19T14:15:06.327000 +CVE-2024-9102,0,1,5294b6f59698d3d81faf8851577a0c3de45f923bec08fe5d8d52622396b39fe1,2025-04-16T12:15:15.727000 CVE-2024-9103,0,0,c623a0739a8ea31a30963d7f6d0f226b7425a1c564b3a38ee198605381836d60,2025-03-27T16:44:44.143000 CVE-2024-9104,0,0,d05aac963e970d19d86f09737afdb0f530aa8ac604a9cdf74eaaa2ae5408c2c5,2024-10-16T16:38:14.557000 CVE-2024-9105,0,0,d08b07c8a29b964e96e936aa239ff144cd55c86ead27669c25ad1b91b570e809,2024-10-16T16:38:14.557000 @@ -281277,7 +281278,7 @@ CVE-2025-0068,0,0,335ecdc06a29db245188288060d2d78b12fd2ca685b50ec8e17c976ac125be CVE-2025-0069,0,0,d7ac8ba36cfcab8a8836c1588e52e8bbaed2d415e393c11bf82b7bb82617b09a,2025-01-14T01:15:17.257000 CVE-2025-0070,0,0,dbf9edc467887c587ee503735d983d3eb618b4cd55fb133fb8e2178f124d6f6b,2025-01-14T01:15:17.427000 CVE-2025-0071,0,0,a9f17b8587d9681508885fa05b5cb6e1fb480f5738675f612162a9b567f90271,2025-03-11T01:15:33.917000 -CVE-2025-0101,0,0,1451a27a16624728e941b520fe6b9b46e34d03bd97c5686a4fe026e477bd34af,2025-04-16T08:15:13.423000 +CVE-2025-0101,0,1,391653291dbc9e356bdd9f7cf48cb4ee16c22960b84cfac559c323183419fbd8,2025-04-16T13:25:37.340000 CVE-2025-0103,0,0,06fd8d922bac50d8ab7e8102b5457a5978f502265c9b1059554ccaf6e0c9679c,2025-01-11T03:15:22.020000 CVE-2025-0104,0,0,dc4c81878786bc602ee20c50b1dae485c1da904352cbab72ccb96b2a9dcd9e75,2025-01-11T03:15:22.183000 CVE-2025-0105,0,0,06eb71f16599e7ae8629718f901478ad68364254538fe5e092751226e1b94cb6,2025-01-11T03:15:22.317000 @@ -281737,7 +281738,7 @@ CVE-2025-0717,0,0,bc274572efa2e268fdf1866571686b9b143ff8084d434e7b8cfe68d6fa9737 CVE-2025-0718,0,0,dd6e58b1ef7acc78edd1d991f3540a9f746f8f8480eeedc91c0d010299914a52,2025-04-02T14:09:59.780000 CVE-2025-0719,0,0,44927ec8b6afaf34270843fd13dbd3ba0f3f99ce1ef23ab7a0954a7b4854cf52,2025-02-26T14:15:11.587000 CVE-2025-0720,0,0,bf163c74b4e9e0ae1d92684788b595f2199f607068d51d6135d379966c283462,2025-01-26T23:15:21.547000 -CVE-2025-0721,0,0,a17c1b763dfbd45aa4203f0e8b4c3b1bd0f0a61d080bea2c50ad8ff161e60eaa,2025-02-25T20:28:55.787000 +CVE-2025-0721,0,1,db22e1630c351fba355df37357f5feb45f1852c9040ea8b8aa2b54d6a6fee9d4,2025-04-16T12:15:16.413000 CVE-2025-0722,0,0,c9c24be950ff93b5151cdab68af4eb0f25cca0b4d685aeadd762fbc951dbdf6d,2025-02-25T20:12:27.810000 CVE-2025-0723,0,0,fc347c0264458ce32ef778e91bbf5b267b6a011b8adff9a119fdfa39ff2d2f1a,2025-03-27T00:47:32.027000 CVE-2025-0724,0,0,f2bb8a19f6ffdf91751bf1b82d06f67d543d99788cfccbc66204d45f84c783f6,2025-03-27T00:43:04.040000 @@ -282021,7 +282022,7 @@ CVE-2025-1117,0,0,689febb6066d1fec82c60e215bad724ad5df8fa85c4636fc9e776b8da79fe4 CVE-2025-1118,0,0,1d46e95b87fe7edb9839b43fa6447bac85df34e285b438ecef13347991dc098d,2025-02-19T18:15:24.280000 CVE-2025-1119,0,0,ed2f2afd1626a47beb4c308f115314a6b5ebef6317483cf0ebb458fbd885cde2,2025-03-13T07:15:36.517000 CVE-2025-1121,0,0,8d7e51789a8f4e6f72fe04d25da7f8a750f4217ccc4197e0d9fc4face52a96bf,2025-03-07T20:15:37.407000 -CVE-2025-1122,0,0,f3e0ce55b1063ef25374adbf21a81c79dd0a770c87594147ae61d99dd002e6d5,2025-04-15T20:15:38.317000 +CVE-2025-1122,0,1,67b9c6f121bb4e0dfebb56d6602a7043427c101e0dca03f53773b3d1133f8824,2025-04-16T13:25:59.640000 CVE-2025-1125,0,0,2f04992a8811506ffd86df04ce8fd4c4eaf818b2350c9b37d99c1e9008bb7d98,2025-03-05T21:15:19.707000 CVE-2025-1126,0,0,75a0af68b2de42873e4ee33ccd68bb162ec9dabf122dea8ebb0bf11a24b953a1,2025-02-11T17:15:23.537000 CVE-2025-1127,0,0,5cab03037829677b3ff4c77d268b6ebc0b526a062cfabc702392a7f88c64ffc1,2025-02-13T19:15:14.153000 @@ -282135,17 +282136,17 @@ CVE-2025-1268,0,0,f3575a32c76699685cbba5c7bf003a9bc75e184925f6768d4d4c92dd8992c2 CVE-2025-1269,0,0,3d8990f3f321bb84afc5ce31cc37206b4dfeae7b9639d4320eceb6f39d26cfbc,2025-02-18T14:15:28.513000 CVE-2025-1270,0,0,a0fba4bca59afda304bf8335640266a3acf6a1624640bee675db51d94e9fc436,2025-02-13T13:15:09.273000 CVE-2025-1271,0,0,0359319eae8a142a0720b34e58c3d3808902c47ddd06a524c0e8a18f2f2f366a,2025-02-13T13:15:09.433000 -CVE-2025-1273,0,0,c2bca940f1bdeef6600611cd0a99c7d3017e0bb45ed6e0c14d0e204d38f6af00,2025-04-15T21:15:46.960000 -CVE-2025-1274,0,0,d5c2d135120b1dcd87153413d542d166559e45e8a9c39760d0547205b0a5f685,2025-04-15T21:15:47.083000 -CVE-2025-1275,0,0,950e93f0a617d35bb4695c3a50f89235254d837b41e1c061ae2672969dec0b2d,2025-04-15T21:15:47.197000 -CVE-2025-1276,0,0,3c7c46d371822ca32d835a6a77d602aa42d6d5ec142717eafdb8908365b3f96b,2025-04-15T21:15:47.320000 -CVE-2025-1277,0,0,27ad5edb8b5d58ed0b79582b9ca062a189d335ec696b140edb8e7272273209ac,2025-04-15T21:15:47.443000 +CVE-2025-1273,0,1,26fa4cb5eb4a230e2007fcacb0576736fc41fe063bec9450e5386b8eff38bb93,2025-04-16T13:25:59.640000 +CVE-2025-1274,0,1,d7e0db70fb367d8716fbc6fd23d43de21051ef5293bcfb1616b6ac06564f7310,2025-04-16T13:25:59.640000 +CVE-2025-1275,0,1,fae362febf8b291962103c668b7c1ff4e45d5fa47d9f175e22a361aa4b61d288,2025-04-16T13:25:59.640000 +CVE-2025-1276,0,1,38664ae90286d93b5ef639cbc11376387475e666a0c25f921255b750618f1fe6,2025-04-16T13:25:59.640000 +CVE-2025-1277,0,1,325555c44f70ad7d37b35ed1f80959423e8aa05f5fde06078e356d66af39bae5,2025-04-16T13:25:59.640000 CVE-2025-1282,0,0,09bbe8fbf6ad958ee527dda55af05e43520fd8fabad49e275c5ad8ac54adbc57,2025-03-11T16:08:00.790000 CVE-2025-1283,0,0,a4d93a77d81ec07731b68bab3e1d00afd05dc0ae7fee050881be213abacce036,2025-04-10T18:55:23.537000 CVE-2025-1285,0,0,3182990c1bc942ab8f686c8030ea96842badd7c599b496272a03f16c99f15c97,2025-03-14T05:15:41.977000 CVE-2025-1287,0,0,c1d2e5c86643fd051f72a870384be2d364cc20de377757abb01837028348772f,2025-03-24T18:19:22.993000 CVE-2025-1291,0,0,8a62a97f45d265e09336f40212a9e842d191a55f47481ae3892da3a9dec0674e,2025-03-01T09:15:09.710000 -CVE-2025-1292,0,0,22d03f0e785d5cad8379c9d04d9986dc417bc86d80895142eee402731f934d2f,2025-04-15T20:15:38.410000 +CVE-2025-1292,0,1,b9f7d536241f3baa1c04be5bc5ac1488aaf6190b9ad93d706ec8157e4e9b52da,2025-04-16T13:25:59.640000 CVE-2025-1293,0,0,60a11b51b89461cf0f7c120de5ab3c93294ee5f6a5e19d6ba8d0bb06e8828d44,2025-02-20T01:15:09.950000 CVE-2025-1295,0,0,2a4bc8a9e306b7d7cae49d0fff6161acb070f2799f35d70bd6c6546c6dbde442,2025-02-27T06:15:21.990000 CVE-2025-1296,0,0,d95bfd9a7f0753e22aec4081e35e5f3d5b17ed2789c524a1845821d0907a79ad,2025-03-10T18:15:30.237000 @@ -282391,7 +282392,7 @@ CVE-2025-1650,0,0,4218c32cbb82256e1ff0a9ceabf09dcbbee0c890d930e1b88a57eb073009cf CVE-2025-1651,0,0,dc02b23df4eb433cfaae6381155dd744e0ca82e8901f8e7d30555b36cffdf17c,2025-03-13T17:15:36.153000 CVE-2025-1652,0,0,40ae07eb9aa50c5b6645abc9188293b11d3a3751f84fa68087927a34dfc8a3ac,2025-03-13T17:15:36.297000 CVE-2025-1653,0,0,81399ad7d0a3dd190eaf3e76c57ec1bd3ec75f06763142e168c62e4df94036c7,2025-03-28T13:17:33.270000 -CVE-2025-1656,0,0,42feb064272a740ae1fc341309f6c2004754f0986c5c214cd995429f1ea6c8f8,2025-04-15T21:15:47.560000 +CVE-2025-1656,0,1,10f7cfcc44510ca5db74e8f67fa9786804af7948912dc4d5e3f9f10247cca328,2025-04-16T13:25:59.640000 CVE-2025-1657,0,0,00b8c4fa900fcbf8fcc8352570319a690900e4acdb978bf02695203588721ccc,2025-03-28T12:59:00.413000 CVE-2025-1658,0,0,a9a4970b4e8c9be89051e7ea1fd9ce1ab750dde675e3d54e4993b32c8643df73,2025-04-01T20:26:11.547000 CVE-2025-1659,0,0,c9722d059164770d3875a51a7e0c94b2e0ed8137da6dc91dea4eade92194196b,2025-04-01T20:26:11.547000 @@ -282632,6 +282633,10 @@ CVE-2025-1972,0,0,a01efd1287cb717f29347c6da0fd2b595ac4ebff31753720bc750584857d6b CVE-2025-1973,0,0,4fd9223b4c9ec022f5e61bbb2021d12ec059eacb6f9b6adbf31ff8f09b0271d1,2025-03-22T12:15:26.653000 CVE-2025-1974,0,0,4ae7818bf0e5063c4b0765b8cf6efa42d57f35daf1614dde7eb8ae4adb29d290,2025-03-27T16:45:46.410000 CVE-2025-1979,0,0,5cf047efa61126850f2bff74f6db8ba74d6d633b7373b143cc2f515f22996b33,2025-03-06T16:15:54.187000 +CVE-2025-1980,1,1,2d6759548c0a94924799d0c272986135571ccf6543cf12685196e0a2b6bb8872,2025-04-16T13:25:37.340000 +CVE-2025-1981,1,1,c05826e1cf26817d7af8e479d573c633548a17098501f080f0213ac9dfe24ac3,2025-04-16T13:25:37.340000 +CVE-2025-1982,1,1,199de5c7e7025ca609b3c63c793be7d9f4cbb0c49aa137dc74eff42bad7c4a71,2025-04-16T13:25:37.340000 +CVE-2025-1983,1,1,7b1911a8ac3434812c703c6dfaf0d29efa08b9ac8b746191e2f08afbf97f7e85,2025-04-16T13:25:37.340000 CVE-2025-1984,0,0,9c3841609345cdbc038774b45498dc390a4f9eba4042b93fef2b069dfe449491,2025-03-14T18:15:31.507000 CVE-2025-1986,0,0,5f28ac8dabb696f579f028bc6c921df319afb14f50bb950b8197d2628a16f698,2025-04-01T20:26:11.547000 CVE-2025-1997,0,0,2320e8fae7a90840d951f0ca1bf029eb0495106dea7a57ba1224c981543ab87d,2025-03-27T16:45:12.210000 @@ -283349,22 +283354,22 @@ CVE-2025-21569,0,0,5df0154e36384276f1807ec7f051b457b9528fd8420a266b3a9f61e681a5e CVE-2025-2157,0,0,5c6192ea5b2e45321f17a6fe2ad70d5b25d9e993a209c52e11c52f0c6d50997f,2025-03-15T07:15:34.930000 CVE-2025-21570,0,0,ace167949078eb846cc68a40950678bfa282af3d76d61bcddefc7d830cafe3ca,2025-02-04T17:15:21.550000 CVE-2025-21571,0,0,bdb8c4caf4103cfe30d360ecbf83480841b6726b170ed756d9f8b563b72e6029,2025-02-04T19:15:33.230000 -CVE-2025-21573,0,0,1fc25c2a16ca59b6be0933309a5f9155689322cfbb52c42f25d5fe0112456166,2025-04-15T21:15:47.670000 -CVE-2025-21574,0,0,8524ae92537141b7e08233b9b726e6e517893b5518e1d4f38640c58ca1e36d31,2025-04-15T21:15:47.793000 -CVE-2025-21575,0,0,e284c925b9a3010d9a68f676969c0b04f0d66a8e6095049521fd20bc5146afde,2025-04-15T21:15:47.897000 -CVE-2025-21576,0,0,9e29677a4143d089114639a33de458f78127fc8974db390f91cc19911a5fbf60,2025-04-15T21:15:48.007000 -CVE-2025-21577,0,0,b89daf277017b6aa306178cba102aaed1e695f85f57bfc94c4ece6a03376c26c,2025-04-15T21:15:48.120000 -CVE-2025-21578,0,0,66ad0834e8683ff94dbcf091e36a56237fd049f7254bf7f02e6d0fc0391377c2,2025-04-15T21:15:48.240000 -CVE-2025-21579,0,0,da9489b0afeef94c4e4e2819fda901022f1fb3a925edfad87af0352d60177451,2025-04-15T21:15:53.233000 -CVE-2025-21580,0,0,9c2f3e46c16182b12aaee747abc4b91c84cc15c38d0ab8b67bbbd0793b15b4b2,2025-04-15T21:15:53.393000 -CVE-2025-21581,0,0,c800b6b2a11a2386ede6faf0ec715d9e585499dc1ef91b8680e69cde2e925955,2025-04-15T21:15:53.557000 -CVE-2025-21582,0,0,55a0a7baa47bde698ab2ed192f2d9629f8bbe47cc1334b97d9baad2475e8ab81,2025-04-15T21:15:53.687000 -CVE-2025-21583,0,0,e561a7dc5ed41ff099c2865e1e84c06117bf06e5fbcfc0fc7c50629d72543562,2025-04-15T21:15:53.797000 -CVE-2025-21584,0,0,508825aa45a8c22c438c069e562ca0cc061064a013f0f305ec1566e47e87b901,2025-04-15T21:15:53.910000 -CVE-2025-21585,0,0,501bcf9444fb37a2c97437c7b4ed6512d7a4c448f4605b8203009e766e093c9b,2025-04-15T21:15:54.037000 -CVE-2025-21586,0,0,3f5db663639349b3ed0c107bf087842dc6ce62de31cc3e6856a0fb0117fb7f96,2025-04-15T21:15:54.160000 -CVE-2025-21587,0,0,0e2c7cf22795e4fa97252530383ee695a89b362ba9a026eea7f61cf84a4f6743,2025-04-15T21:15:54.293000 -CVE-2025-21588,0,0,1ed41e2e6f83355069f7c6d996ceea7556ae4d56896e418533edc24374f7e2e3,2025-04-15T21:15:54.427000 +CVE-2025-21573,0,1,e0d4016439217ebc56691875be2ae157a0f99beba9d1d872829adc20e184a811,2025-04-16T13:25:59.640000 +CVE-2025-21574,0,1,336e618606e687e975c9b5b44fbe0a1fded31fead819b2195db3fc6fe3c42d5e,2025-04-16T13:25:59.640000 +CVE-2025-21575,0,1,e9e2229109d667ce30658b2935ce501b3b698be4f2017caf094c3a36a5a8e9ae,2025-04-16T13:25:59.640000 +CVE-2025-21576,0,1,d04ba515368bf8aaa270d3ace0af2739abd22904e6e12f9c4965f7437abfd99f,2025-04-16T13:25:59.640000 +CVE-2025-21577,0,1,ac319de051f573736846f7f197f0ef2ea67bde6e2c6655be627525be9c52d900,2025-04-16T13:25:59.640000 +CVE-2025-21578,0,1,b463b210ac37ff5cc27bd828f639f81882fd204431f7122ec0859f5b1427e2ac,2025-04-16T13:25:59.640000 +CVE-2025-21579,0,1,8f95e2b959f9f50de94eec503b7b04aed4a862d538a0b8bdd73e0782d78f2ec4,2025-04-16T13:25:59.640000 +CVE-2025-21580,0,1,90be1773a08f34ee76e5f2d5bf11a4575a1d7d4ad5233164b7b803b83fe7ed06,2025-04-16T13:25:59.640000 +CVE-2025-21581,0,1,7fb46f560bf673976e1b12e3a51f974e3488610d174d12cf061b584683574b3b,2025-04-16T13:25:59.640000 +CVE-2025-21582,0,1,4504849f04ce0ee11e0117060655cbb0dc5fd2ee90839251343001657f16063a,2025-04-16T13:25:59.640000 +CVE-2025-21583,0,1,fc5e501e698193a967bccf982877e2bf49fdd82bf5233cb505b16543178cca76,2025-04-16T13:25:59.640000 +CVE-2025-21584,0,1,40d2022b53d9e65efb81276bfa364c041445ab18fc00761be4737e521636b6f7,2025-04-16T13:25:59.640000 +CVE-2025-21585,0,1,82442482adb8a41518446d19842161ac2230668d08ebafb907b403ec34597446,2025-04-16T13:25:59.640000 +CVE-2025-21586,0,1,f21d7722dd7fb83c886581d2e255953ee9e2a1b664552f2741697bc5a2b48747,2025-04-16T13:25:59.640000 +CVE-2025-21587,0,1,1f70914e035bbe834ac847f9def3fb5a6b061f173726f7fbc0af47889cb86f17,2025-04-16T13:25:59.640000 +CVE-2025-21588,0,1,73f0b9f9c7bf079aa2a7b586bd79c241db48cbab09ca30f8a1132e7ea02facd5,2025-04-16T13:25:59.640000 CVE-2025-2159,0,0,c35f74dfe08a5e5a8f4d124ff145211eb32cd2a8c33fc42587e5543591991341,2025-04-07T14:18:15.560000 CVE-2025-21590,0,0,b36ae92dc904bf55dc4028b2cedf584a24120b0d6e0ef4bd06450d9ddd9f9379,2025-03-14T20:35:13.207000 CVE-2025-21591,0,0,f32e5a3ff3f5737738865f7947fa4ff9466736186fcb9ebeaa4bded6546f54c4,2025-04-11T15:40:10.277000 @@ -283817,13 +283822,13 @@ CVE-2025-22014,0,0,d0677bce9b40bf2440f1e3f05d26248d0f1a8e04e3af5766ae8663607da1e CVE-2025-22015,0,0,76ef40b09e4f1cb899d4a2ab31f22c4f6d8c6e60d75140b0b3e5777f401c7fbf,2025-04-08T18:13:53.347000 CVE-2025-22016,0,0,147b90da5e7863ebd9aa554a0d14ec0b4cb2770bdef3a66630422d63719c334c,2025-04-08T18:13:53.347000 CVE-2025-22017,0,0,47242ca22d32729ade7b3f671002250e206d140a0d8f74e89394f4529c76da51,2025-04-08T18:13:53.347000 -CVE-2025-22018,0,0,d327e10a541b12bcbf37dc757188fd2a7ab983d5f4cbe506b5820b89f5f4061c,2025-04-16T05:15:31.297000 -CVE-2025-22019,1,1,20999797ee968f0b99e34242e5d41aedc844594b1d0e4126e1634543e763ba6d,2025-04-16T11:15:42.537000 +CVE-2025-22018,0,1,435d9771a387ed65c33155b4dda814d5c76211ec5aac21ec7d9daf9d0a6fda4b,2025-04-16T13:25:37.340000 +CVE-2025-22019,0,1,05be84cfddfbab0d9cfe186d075b5feca6bcd04d244ddf2c7cd6b6c8c113fd79,2025-04-16T13:25:37.340000 CVE-2025-2202,0,0,cf0ba4cc9b924e183defbee63ce1af96a184cec0b7613a3c88b1e156bd38ec40,2025-03-17T11:15:37.970000 -CVE-2025-22020,1,1,e78cecb38eaa28557a964d1ad23c370031fd095b1ad0aac4f35f3330e746a16e,2025-04-16T11:15:42.640000 -CVE-2025-22021,1,1,74d27c712da78896db60b810e3eb2c2692de17bbf8a9fc8cda3713c81ec37ae8,2025-04-16T11:15:42.773000 -CVE-2025-22022,1,1,28b7f98fb180a5bf3be6cca552758b4771013691c090c076db935458dff64119,2025-04-16T11:15:42.883000 -CVE-2025-22023,1,1,0e4b28ede19c33d03178d11d1d23101719ebdb3d1d25982a2e43a699dc985456,2025-04-16T11:15:42.987000 +CVE-2025-22020,0,1,e871b8b616c2396383dcea54d6a1037e94037f4183f090e0aa26b6a84631d6c3,2025-04-16T13:25:37.340000 +CVE-2025-22021,0,1,78bad822a05a32cb31790e9d9cdeae8731cca183d93c7c73eda24850cef7da3c,2025-04-16T13:25:37.340000 +CVE-2025-22022,0,1,eea3a066d0dd06f603fb1382a4dc9c0bd0c2271ce5d52de8510ba29cd7644bc1,2025-04-16T13:25:37.340000 +CVE-2025-22023,0,1,78a125b86997e244d50a8b6faf37e03a60b51f55670181f970a834094c7acf29,2025-04-16T13:25:37.340000 CVE-2025-2205,0,0,fbf363faec05dffcfc872bf5b989460ea4958dbb9808068cb2832da5e42818ef,2025-03-12T04:15:19.810000 CVE-2025-2206,0,0,6d4b6e8bdf6b24741a4430972818a20f8052ecfc15f1df2ff630f331c8dbd714,2025-03-11T20:15:18.487000 CVE-2025-2207,0,0,56f8ea6de312fa52f135a30fd05af611b5ec865ae25945c14444aad808ec80f8,2025-03-11T20:15:18.690000 @@ -283897,12 +283902,12 @@ CVE-2025-2225,0,0,d26980ce605de1c16e8b872e505802fad1242bb85c846db0c5c70a05dbfaf0 CVE-2025-22260,0,0,6bffdd50ff1b9a95889c1f9bea94c0f7f92eb9097aa6e2dd07529a5cbb0d5ce1,2025-02-03T15:15:17.503000 CVE-2025-22261,0,0,cabefa2bbb4850682fa8dc2dd04543561914d58490173d75f62166401d731c68,2025-02-26T15:15:24.877000 CVE-2025-22262,0,0,2a90436047a91b64c9791cff4f6c4190896e3e92637458d2d2ccf25cb4f8537c,2025-01-21T14:15:09.757000 -CVE-2025-22263,0,0,eda150b94ee002ed09f75d1791b4919cfb5daa1e56096029273b7d60cff73354,2025-04-15T22:15:15.590000 +CVE-2025-22263,0,1,4d9d6d11c4457914959f4dfa4248f694214facde1509db1d23b6d562fca5fa74,2025-04-16T13:25:37.340000 CVE-2025-22264,0,0,79177f17455e861265910dfa8dd2caa5a78c248a179fa18c3179e839e36cde00,2025-01-23T16:15:37.257000 CVE-2025-22265,0,0,51006a5fb12dad2a881e7b25e5673794091472c79149c473510be2ae25b435e8,2025-01-31T09:15:07.167000 CVE-2025-22267,0,0,f20afa71bc4d80e805bd92045ab58754dc4544d5a2500dd19c3f675f1704780a,2025-01-21T18:15:15.100000 -CVE-2025-22268,0,0,0e41340a283118d0964bb45c64f2dcdb716165388f7cb4061991ffef29747aa4,2025-04-15T22:15:15.730000 -CVE-2025-22269,0,0,a62740b8906a8d7c46a7da62a2d6580839496f12e887d0493f93e5b64b1a36a1,2025-04-15T22:15:15.850000 +CVE-2025-22268,0,1,85b98ed2cf73ea0091cdec8b050c8b53713cf2da620cdff33087372b784ff365,2025-04-16T13:25:37.340000 +CVE-2025-22269,0,1,a498b5f24f0d41c02b84d9d490ce8a2ad5a8857134b9ecad1025c4b2959400f5,2025-04-16T13:25:37.340000 CVE-2025-22270,0,0,7a9647f1981c7f8597e37941c872c23267a6a0b387a70240c142797bac754eb2,2025-03-05T16:15:37.797000 CVE-2025-22271,0,0,1e3eb4c303404069ebdf1eaccbacad8ebf9bb5093e5c5ae88456256df43624aa,2025-03-05T16:15:37.927000 CVE-2025-22272,0,0,c2967b31da9d1feff547bb4c9d78a41ef5c3adaf7e85acfec3e9cbc3e8c5685e,2025-03-05T16:15:38.033000 @@ -284418,13 +284423,13 @@ CVE-2025-22894,0,0,099d82dc8568fb50b5dde7926f3fbb32a13311bb5c7a970a54e9828e99c29 CVE-2025-22896,0,0,cadb16b30aa07fd019cf5a31775c9c5a2a292f523d02b1c4ef2ed5d9558f302e,2025-03-04T21:25:33.663000 CVE-2025-22897,0,0,9a22b887d81fcac41848fbf55628d95a06189013b3a027c7ddc8085a3cd9eb1a,2025-03-04T17:39:48.960000 CVE-2025-2290,0,0,4f9c342ac3f078cc778b27ca93122440b9316877dedbbd45d5a29242af4367fe,2025-03-19T05:15:41.180000 -CVE-2025-22900,0,0,0da5b52e3247e6ba48a70a43daed05d21025f9655cd431e2e7b9ed20b83c4f4a,2025-04-15T19:16:06.987000 -CVE-2025-22903,0,0,17483d937773c31b6a9d30d680ef374a1242af9d92417b4d1f508b1c4a3e5fa9,2025-04-15T19:16:07.090000 +CVE-2025-22900,0,1,32cfd312ab4cf6123774e183a92d9177da668fb0c94f603713632ea82711d916,2025-04-16T13:25:59.640000 +CVE-2025-22903,0,1,fb8feeb07fe460020f9b6098506011eb797c463844fa38c79e0c5bf0323934c9,2025-04-16T13:25:59.640000 CVE-2025-22904,0,0,86b28319b40b8d7a66d7d03f157c4134653a72c10f1688103124dc640f8895a5,2025-04-09T18:44:38.387000 CVE-2025-22905,0,0,382074945b27a096018acdb89ab8419cee5a926b55aca9b4c05298642fc660ca,2025-04-09T18:44:26.190000 CVE-2025-22906,0,0,69174bb723d0779d45e6e8ede34109835ab1ff87db3539705d9e4fc9b2841ad7,2025-04-09T18:44:12.040000 CVE-2025-22907,0,0,701d8d048a9d0f1c10eab35cbfbf969881f7c9b6ce36b31238765d684fa1e154,2025-04-09T18:43:51.870000 -CVE-2025-22911,0,0,93222ee06402e223e5046d1461ba8da593f3f70216ca9eaa9db798a4d71e74ed,2025-04-15T23:15:42.550000 +CVE-2025-22911,0,1,3716cc6f7b70c13465008648d4bda370a9b2cb472c37a7ec882cc1c83a7f023c,2025-04-16T13:25:37.340000 CVE-2025-22912,0,0,63eb3ee325908f5c70e3a3241d2ce6a6044fe95095746725487ec32265008b07,2025-04-09T18:43:27.353000 CVE-2025-22913,0,0,5ea22aa5b58555fb937c316d9be053cdd1221f4a76d9f3da9f31c00acad32a33,2025-04-09T18:43:02.980000 CVE-2025-22916,0,0,48ec3f4c4e4ef1a7215c355c8bb61db6b7ae3ede07a20bf011c26b3a968bbbcf,2025-04-09T18:42:47.473000 @@ -284571,7 +284576,7 @@ CVE-2025-23125,0,0,2e6f0fce9ee8e787d649705f4cf1025930f6b72d6ac2efc70c4c1837b8d7d CVE-2025-23126,0,0,aec9ca15332b86ad22382c8419cfef8190ae4b723f5c3088974b31a1f5dd4089,2025-01-11T15:15:09.100000 CVE-2025-23127,0,0,ef1aeaee3e917139d62386eaa309c28fa46e54be8ed45ecdaab4f9d4f96931db,2025-01-11T15:15:09.173000 CVE-2025-23128,0,0,856260a69fb4f1bb5d13296c47ffc7dac686c7ca9a44fff8151b1b7f11a740a9,2025-01-11T15:15:09.250000 -CVE-2025-2314,0,0,a168ed8a8a8a7cfcbab4e3fb8a001b095c099632f3d69009fa8c80f6783c6347,2025-04-16T03:15:17.240000 +CVE-2025-2314,0,1,da0d16bd7cdf67126af9cb8b7b9eae653178ef2aa94ef32791352e7cdd49eda9,2025-04-16T13:25:37.340000 CVE-2025-2317,0,0,9ea9ba34615d5bc5ee8806158627db355af143699ea415828af46066a4160dd0,2025-04-07T14:18:15.560000 CVE-2025-23184,0,0,d117de9ebd2827a8b285a215a95edfb5f2bc8c36d298a840f4f419212fe8e651,2025-02-15T01:15:11.010000 CVE-2025-23185,0,0,6a8fc3993811d2ce0c7ae31663c2f10b11720d00b7d18acd6d25289de30c4360,2025-03-11T01:15:34.330000 @@ -285504,14 +285509,14 @@ CVE-2025-24280,0,0,7e6318ddeec3c45683c18b4a04b0c338f2389b9346d93c786d9c6752b668d CVE-2025-24281,0,0,76b9011c7783c871ef865a80caf1ae08e485f8d8810428515769f6f44737d638,2025-04-04T18:22:19.983000 CVE-2025-24282,0,0,92059d5a241b5d96ef7593ded7e2abc281079ec5ed3a524fa050c614e5194214,2025-04-04T18:23:23.340000 CVE-2025-24283,0,0,4df1743210499b8e21375ec5fdb7750825951563a76a92a49e54d06df67345b4,2025-04-07T14:07:33.510000 -CVE-2025-24297,0,0,567f42a654aeda31980e3608a63bb20eb256cf4309a124ef9e5f0df006e0a821,2025-04-15T22:15:15.990000 +CVE-2025-24297,0,1,5d4a74f3648dba475a9505a338d2107001df4a92611f1e742f9c3b8bc6fc9e4e,2025-04-16T13:25:37.340000 CVE-2025-24301,0,0,7b7c3fba06b103a537ce7db06429d9d2300d69047940e33831c6830c359206c5,2025-03-04T17:15:48.160000 CVE-2025-24304,0,0,d93e512a7b4aa7125a9d9a3a56f58a274a5675b50a430e59bfee24f84fb92162,2025-04-07T14:17:50.220000 CVE-2025-24306,0,0,73cf37771b6f85cbd5893cb054304bfb4bf15e5622c3cdffb9a2e4a50bd301ae,2025-03-18T09:15:13.570000 CVE-2025-24309,0,0,b881e80e18a543dac7caf5dbe4ebf8345a69e13fed09525eee5962b72198dbe3,2025-03-04T17:16:06.513000 CVE-2025-24310,0,0,79eb65b878bebb3c188042d461bf95ffa89d0a6a24e45ec375e0efb5d01b2e9d,2025-04-07T14:18:15.560000 CVE-2025-24312,0,0,95c47bb536b453078b50948ffe457339fcccb14868a3af4b230325aee112d79c,2025-02-05T18:15:34.060000 -CVE-2025-24315,0,0,b88ccc6334fd716150141b9e79fb5138d57d1d357ec7a311df9e9a9e49a02d11,2025-04-15T22:15:16.143000 +CVE-2025-24315,0,1,0e26ee76f79f703a200d15e48f75d77e02b1cb3d5dea1889a004bcedc57bbdb3,2025-04-16T13:25:37.340000 CVE-2025-24316,0,0,3d67fc5ca9257bdefdc420f872260ce49c49fc7bc45018e469adac707c1de56f,2025-02-28T17:15:16.790000 CVE-2025-24317,0,0,35ccc8002a4244f9d7e86d9c29c1e10a53dba7ff2370cbdb2aa4efc98026c42f,2025-04-07T14:18:15.560000 CVE-2025-24318,0,0,45737d4f27e86b0669543a856f157a50a0c8a223d43ce9658341d0666e6cb01e,2025-02-28T17:15:16.937000 @@ -285525,7 +285530,7 @@ CVE-2025-24354,0,0,33e96f6ab404cf45f0a4405c77520b82358348aceacdc778687814571e590 CVE-2025-24355,0,0,2b68b163db748dec99ff55b2d4d371492d44a4482a7f15b8973aa6b3a0f994c5,2025-01-24T17:15:16.047000 CVE-2025-24356,0,0,d0b82c0018364f3dc83d637e30ca6c64f4be25093ccf7468d678a6ec3efd7022,2025-01-27T18:15:41.347000 CVE-2025-24357,0,0,33b4b3c939c862c35be8fbd83a4f327fbd80fdaea485d698b2dba1d8e5ecb167,2025-01-27T18:15:41.523000 -CVE-2025-24358,0,0,063a206435864fabecbf382607afd067ac76f59a72d2b86a440672f1f66555a7,2025-04-15T19:16:07.193000 +CVE-2025-24358,0,1,b83291786fea313d1145b53b30f70b756ad6caabe4590a1a64d27ab42bbd02da,2025-04-16T13:25:59.640000 CVE-2025-24359,0,0,1ef1d48aa16d3d1524839190f2a92e68f271b7bbb06dbb86c77c3115b6a414ab,2025-01-24T17:15:16.197000 CVE-2025-24360,0,0,9b8d13d61afdc9c82b83c3501ec96029794286adee2fcfad926404556ff5277e,2025-01-25T01:15:24.047000 CVE-2025-24361,0,0,398144fa5fffc1da1e51f93b9cc9373c390b7e27a0bd14059d4987e6ffaf08d7,2025-01-25T01:15:24.193000 @@ -285627,7 +285632,7 @@ CVE-2025-24480,0,0,8c69070e4602e3e045b6de7421f305082c0b32c33d67076e7034c529b969d CVE-2025-24481,0,0,1f18ba539d38ed86105e18de8f701df1ae615df6838eaafd5a3bd88fcca169e2,2025-01-28T21:15:18.520000 CVE-2025-24482,0,0,bddd8d62e1d1ef759d3d72d308a4499752a0ac6f47d6ad7b4c765c13d2fd27ef,2025-01-28T21:15:18.687000 CVE-2025-24483,0,0,8e8c3f541513089421e16456a3415c9fe977a1e0274a2d9a7826bef889eecc77,2025-02-06T08:15:30.327000 -CVE-2025-24487,0,0,56a79953bb767ee8ea4a55d09703b343576e91b5050a9e429842486448a617be,2025-04-15T21:15:54.717000 +CVE-2025-24487,0,1,6cfb50534b9f66df8c6ab5b7fd99a29e22eab1acb6c93c8413ece70cd6d8bafc,2025-04-16T13:25:59.640000 CVE-2025-2449,0,0,0dbd069203a80b660cdb63a2610dc85f23643235633ff15eeaf11d0c77ab186d,2025-03-18T14:15:45.670000 CVE-2025-24490,0,0,c90744a991c52fb51aa8e878b4b2657f71ca215607f5858e899dd6952ad19778,2025-02-24T08:15:10.260000 CVE-2025-24494,0,0,43ac2d60a286060ae572ec37f3d35d579c4245be449efae1f59958937f264e22,2025-03-05T16:15:38.937000 @@ -285906,7 +285911,7 @@ CVE-2025-24830,0,0,149ce554396e6f6a2d01866c124b61e24002e40c9d6d50b44720c1d2e3007 CVE-2025-24831,0,0,c92da556f0147b9019570da06039147ae8945532d2deb083de9ea344daaf5414,2025-02-18T19:15:27.963000 CVE-2025-24832,0,0,6323ca18fbb7b250ae25bd8a26128cc938f8c40313999a5eb50edb4a58e57eec,2025-02-27T23:15:37.310000 CVE-2025-24836,0,0,2105a2b27eb3ab727652655fd6687e9c6f3ddb37ef353b640f3771eb913e5f22,2025-02-13T22:15:12.270000 -CVE-2025-24839,0,0,dcd8253945a05abb413ee5fe24730c5c51251593acf1e7668019b97a323f478f,2025-04-16T08:15:13.987000 +CVE-2025-24839,0,1,a846cdd6107cb952410793e2cde865928fce6c802a7520fb2e32a76686b5af5c,2025-04-16T13:25:37.340000 CVE-2025-2484,0,0,db81dd224fb04a4b222ed8145c9034a222c25b121346c742360e791dd95045f7,2025-03-22T07:15:25.470000 CVE-2025-24841,0,0,a2bfe696c59d71d61006c3347b2512e90c01384ccb7467de18b9531d5dd49072,2025-02-19T06:15:21.853000 CVE-2025-24843,0,0,fb4d0afee0c2783ca1631e4031059d2c08004431e384816d6d85a2fa124d2f4b,2025-02-28T17:15:17.103000 @@ -285914,7 +285919,7 @@ CVE-2025-24845,0,0,b01e6a569b8cc3a4584487bdfb3da2fbed952ffc0174ca89c61a3e20ee1bf CVE-2025-24846,0,0,395a1c47127c2c7ef37d1800a5094c8ea72456277181e4a623939a06fd6c82a4,2025-03-03T09:15:39.817000 CVE-2025-24849,0,0,8e5985d51102085b2b29506fc161cb28ee1a0b2a33328ea438367fccd6fa114a,2025-02-28T17:15:17.253000 CVE-2025-2485,0,0,28280741d2586daa7011be6c2bc771f4e8d5510e3e2e86f21ab0adf9ef4d2a1d,2025-03-28T18:11:40.180000 -CVE-2025-24850,0,0,b55b79d89ab91d516cc99e72a2fcd06c43f03ffa0734415e92e49430d9f07a25,2025-04-15T22:15:16.283000 +CVE-2025-24850,0,1,472de0f9b8177a2ff8a5c23dc6c66858f9548bfee6ac2f5fc53c56a74ebb6ce9,2025-04-16T13:25:37.340000 CVE-2025-24852,0,0,e5207d00131e6702a9295a9bdc1c6895f578dee210a994787ecb0c10a6489004,2025-04-01T20:26:30.593000 CVE-2025-24855,0,0,3b83ed2e42d12574419e7a5d93b58d3d4fa5393073d22ec518ba075ff8bdfcf5,2025-03-14T02:15:15.717000 CVE-2025-24856,0,0,de81d5fa3871c8fea36d9f92d65c776b1ac74e3aaeeb12190f8f5c33a73c1a6a,2025-03-16T04:15:14.517000 @@ -285986,7 +285991,7 @@ CVE-2025-24965,0,0,ba73304fa401c257949a63c9073322cf9d165b85acb67f8266f3dba90d290 CVE-2025-24966,0,0,01d95f45d88a1298f4cb0a9ab1e280c8339ef3fdbf1a2c657ebfd219b7b57d43,2025-02-04T20:15:50.627000 CVE-2025-24967,0,0,1c50949fac013da6e9270ba4035d03fad3fe3bacaf2e070d29068d518d318faa,2025-02-04T20:15:50.813000 CVE-2025-24968,0,0,e07f901cf7b356f85243eb69a8d49d189b396867f0cba0e1d10bbb82d5ac61c1,2025-02-04T20:15:50.997000 -CVE-2025-2497,0,0,1a9ba976794713f5c5f4b1a3edef787e855a3f658b692ad7f1bc5d9244de279d,2025-04-15T21:15:56.630000 +CVE-2025-2497,0,1,c6de5672a1e154ae7dc40c07716055c26b4163012097d3ed4f909bb958f9f172,2025-04-16T13:25:59.640000 CVE-2025-24970,0,0,1ec79588f47d61fc7f5eddb1acee5b0ffee64dc90dbd9954713ce89fba4e7d11,2025-02-21T18:15:36.383000 CVE-2025-24971,0,0,793f718b4bfb5d7a7a1d927b157b1ca84e15924b7b8def879502f3162eb90333,2025-02-04T20:15:51.150000 CVE-2025-24972,0,0,2bfeab49fb3f39eb9e65ce9ece026906b6d6d88216e33613e47c2e76c1f0f6a2,2025-03-27T16:45:27.850000 @@ -286200,7 +286205,7 @@ CVE-2025-2526,0,0,b4d2665b0df39fb8efb0ebc6a7ec708e940ede0cae79c4c99d0922650362cb CVE-2025-25266,0,0,14fc4214833d5ffeb8f363743939de320f9169af46798b63b6da510cc3dfff47,2025-03-11T10:15:17.850000 CVE-2025-25267,0,0,327b2100edff4cbf9fdcfe1321dc00713a82279b4ead6a7ccdc62b6f97970ac6,2025-03-11T10:15:18.030000 CVE-2025-25274,0,0,90de1f80f28c13ac592acae9058f17aeba0fd544a5c1ea5aa19b39d1d3157bb2,2025-03-27T15:01:59.897000 -CVE-2025-25276,0,0,d483a39ea3af6e2da8f708041f77765896b799f267171c57b1f266b5b365e6d9,2025-04-15T22:15:16.430000 +CVE-2025-25276,0,1,bf4dced8fe6ecf840461d20f447f79fe43fd41e2cf95e1d16b25b820c49b6b08,2025-04-16T13:25:37.340000 CVE-2025-25279,0,0,042549a55fc10922a139cd28848b848f448630efd12168ac54dc544f129afb38,2025-02-24T08:15:10.607000 CVE-2025-2528,0,0,565f99093d5d41e6763162100190025117acec0052a108f2f98ce80c164aeded,2025-03-27T16:45:27.850000 CVE-2025-25280,0,0,1b5c77d51c05bea0ddf2810fde521e2bf98007c9c56671b108b14a4c893500b5,2025-03-03T09:15:39.990000 @@ -286276,9 +286281,9 @@ CVE-2025-2544,0,0,61f3dad808e2359bbac367a26f479ab656345326f5e769e424e5a0af4077fa CVE-2025-25450,0,0,e3ddffa39d860b594bb74ab98ef16e7416f14ecc887f5721e7943e1b1d73ce80,2025-03-07T17:15:21.640000 CVE-2025-25451,0,0,4c60686324e8dfbebc3bac09932f9dca9715cd901e8b055c1d7eb1acd46fa78d,2025-03-07T17:15:21.803000 CVE-2025-25452,0,0,f8ac00e705c69600b7bd756ffd6640407ab44891503ee6108f0e991980324498,2025-03-07T17:15:21.947000 -CVE-2025-25453,0,0,9e9d9ec1c003e25af802f35763c35df77fa7f2f7c557189ab13af0808a3aacf1,2025-04-15T23:15:42.647000 -CVE-2025-25456,0,0,7fc1996f17ae9b866f7ab42c929c13c004cbbaf0df7ae12091fd3af8a8905392,2025-04-15T21:15:54.877000 -CVE-2025-25458,0,0,d70a41306ab36e675efa6f3919a0ecad2e35b0e94abe7353cb5c47059abd43d4,2025-04-15T23:15:42.747000 +CVE-2025-25453,0,1,1696478f71d088f6449059d36efd1571cb9cb3a2c6bbb458623352d8446423ba,2025-04-16T13:25:37.340000 +CVE-2025-25456,0,1,a1b3b079ee0b91935af9297ed233566efc332deaf5d328e0327228d7b8a4343c,2025-04-16T13:25:59.640000 +CVE-2025-25458,0,1,ecdb333227dd8f21061401edc9b88135eae9e2065e48015513c4afa9bf727217,2025-04-16T13:25:37.340000 CVE-2025-2546,0,0,c3027dbe34196254c0063ed1c57ce0360ffc141678360f958c71a638a14495ad,2025-03-20T15:15:46.420000 CVE-2025-25460,0,0,82c83de72621855fac95e9c964cfbdf72c297a15a88fc1d2ee5a87f0355f72e3,2025-02-24T17:15:13.900000 CVE-2025-25461,0,0,ab0b84ac9f3f8ac10a932ec6905826cba8e3222301f41fba0cc01c825409c256,2025-02-28T16:15:39.387000 @@ -286367,7 +286372,7 @@ CVE-2025-25663,0,0,5a746eea3634250332bacc9c924ac5e785f1cc29be7fb51e65232a0170bb6 CVE-2025-25664,0,0,1da9718d556db2a8964602e6e91c5c694bfb0281423a38648b821b59368a1401,2025-03-17T15:19:50.133000 CVE-2025-25667,0,0,d0a445cc31a702833da7b419bfb916db019325d0a01c653b1aff0acf6f057027,2025-03-17T17:00:39.953000 CVE-2025-25668,0,0,3a390720dec3e2d486dc54a6361f2f35ae4d39f099b715395f225090d62ea40f,2025-03-17T16:59:59.693000 -CVE-2025-2567,0,0,74c4e6e2941c036d6c245424b48658ad4595679fa99e81b1fb369271708a1e70,2025-04-15T20:15:38.990000 +CVE-2025-2567,0,1,2ed42c22cd5a7ffa8d78bd031f48b8916164aac3205f9f592808bf83f3f0239e,2025-04-16T13:25:59.640000 CVE-2025-25674,0,0,8ce40ba3c5a2d332ca848bf332b28ce5e1ea817c4e5b7751e0bf1c1f0eeb7a9f,2025-03-17T14:23:02.403000 CVE-2025-25675,0,0,c72dca8ea86886a3af81f324f3cf1b0ae0870a19e6aae0e2e014084eb2e1c680,2025-03-17T14:26:22.483000 CVE-2025-25676,0,0,2caeac199d92898771cb61a1f50bc4e997a82341fb0b8426f50c92948f273cc4,2025-04-10T13:37:42.663000 @@ -286864,7 +286869,7 @@ CVE-2025-26708,0,0,2f79eae1bf3a9e2cd078bee2e260f7de2077d1f5b314f379e5bf317e129bf CVE-2025-2671,0,0,0ff196173808667dc01bbb7f848ba87ce3a33521fef4f72eb6fcd71f1f2d1a5f,2025-03-23T22:15:13.513000 CVE-2025-2672,0,0,1ad4f5c720df57a16e54455c07c8ba01830bc9ccd3c6fc6d0f2dc7c0cdc8b322,2025-03-26T14:37:30.087000 CVE-2025-2673,0,0,44164d43dd7a4b78996de070528755e6da7c21ce7c771f342d11af93caf1eb75,2025-03-26T14:15:40.467000 -CVE-2025-26730,0,0,d32e2a9a3e7299e47db0d0fe581cab127d58ce89344c8b7396b83516dd88c9ac,2025-04-15T22:15:16.577000 +CVE-2025-26730,0,1,4cd82bea44b4c6869f869d2cbf9eee26d396df1f582253494c873178ec37531b,2025-04-16T13:25:37.340000 CVE-2025-26731,0,0,c7817b389dd8e48ba9c23176ffc47a4513dc1c156d334d1e290101d6e70fcb91,2025-03-27T16:45:12.210000 CVE-2025-26732,0,0,9a4756d06e1f47486acc1d11e63e6358084f69cf8afe62886573bfd227906b42,2025-03-27T16:45:12.210000 CVE-2025-26733,0,0,3af17c2e611e2f31c28ce83c0cc80d8af616c2dd2717ffdf11fcc8663127ca59,2025-03-28T18:11:40.180000 @@ -286874,16 +286879,16 @@ CVE-2025-26737,0,0,ef70e0172c0763982b4f704c98436f4e8fa7d9222206609f397682c2bb7a4 CVE-2025-26738,0,0,fe74511d18daa7f8c822f7c00f478c77ab9fe05590b455ccad4998d15c474085,2025-03-27T16:45:12.210000 CVE-2025-26739,0,0,2514d7567fdad9bf988b03c827c3cf9332db7eb4aaa61ffce3b49cc72d1bf133,2025-03-27T16:45:27.850000 CVE-2025-2674,0,0,b17ff2a840d43872ce8941660011244ce317e8241898334fca92f2c7e2d2df13,2025-03-27T18:21:20.710000 -CVE-2025-26740,0,0,a48e22a45bcba574a6ce55fef5c9b2bfe94faf16c37acb362497f12b074b9254,2025-04-15T22:15:16.717000 +CVE-2025-26740,0,1,99f3ccaa7266bd920bfd37ef978e469f4e0adc8cbdcdb5cca10699631cc7f986,2025-04-16T13:25:37.340000 CVE-2025-26741,0,0,a2f406331136add48f12bb3b5a571163efcdbc88343388d56794e4875124fc7f,2025-04-15T18:39:27.967000 CVE-2025-26742,0,0,d1c1ef0a2d3414bdd8fc0829685f2cb4bdc30a516dc3a80c709e135b1569fc7e,2025-03-27T16:45:46.410000 CVE-2025-26743,0,0,aa5333d9dea9d8ed2dcdd95262008df6e705367a9b483bbea2ceac30851be044,2025-04-15T18:39:27.967000 CVE-2025-26744,0,0,f748841282870c4334f82bbb19fd3d4a75a56c89c036ff8da13ca2859e3adcb9,2025-04-15T18:39:27.967000 CVE-2025-26745,0,0,551b4e9f9eac01666003984c5b0c0a3034f75dcc543e1a8dda9d5473e96f1470,2025-04-15T18:39:27.967000 -CVE-2025-26746,0,0,7cb86fcc5c4c7b3414b030d70ca5266914082febc4381774971572f75a3c3523,2025-04-15T22:15:16.893000 +CVE-2025-26746,0,1,ceabccd9965787fe122841f52282ddcb4062cc61335278b652cf048fc03c0361,2025-04-16T13:25:37.340000 CVE-2025-26747,0,0,f799dbfce90467344ad4aaf43405a0c5bb92178129ef15a39374277528ecf159,2025-03-27T16:45:27.850000 -CVE-2025-26748,0,0,259e9268872345381c03510b4d22fca5a21286bc2d0358431858217446e18000,2025-04-15T22:15:17.053000 -CVE-2025-26749,0,0,6c8ad8a7eb7b3608b04b929562726e7350d2760bd1ba9bec51f3d573a4642bc8,2025-04-15T22:15:17.210000 +CVE-2025-26748,0,1,2c0fd9ce2382a9fcbf55ddb050f1e3c36497469f7adc1d09357b3058a80d043a,2025-04-16T13:25:37.340000 +CVE-2025-26749,0,1,7b93ced220808a49a15b07d291959cd9b89ec1c4792a61503ce30e92a50f36d7,2025-04-16T13:25:37.340000 CVE-2025-2675,0,0,e49840b3a5ca3e77744a146445fa06f116b5cc16d89bcce736017749e482f04f,2025-03-26T14:03:31.380000 CVE-2025-26750,0,0,d88bdcd674193a8c592f1b97cbf3fbf882d139c99406f62e08a860c366f790c0,2025-02-22T16:15:31.210000 CVE-2025-26751,0,0,fc2d5649850210570a1c66e7227d2f4e23c5b89d750a00b47264258ce20ebf91,2025-02-25T15:15:23.457000 @@ -286939,13 +286944,13 @@ CVE-2025-2685,0,0,e47390d79e6358f0707017a49a80b868500d2e61df885503f5f07ed00adc5d CVE-2025-26852,0,0,d72cd5d5e66b523b3c44dc3da5e235d0fd5febe59bde3155dcf917e418fe0241,2025-04-03T21:15:39.520000 CVE-2025-26853,0,0,9f63dbde1c4d35ee441f522b0a7fd7f1506fe9cfc205ea0689cbba8371dda7a6,2025-04-03T21:15:39.683000 CVE-2025-26856,0,0,7824298cfc11aa81d23219a23487dd842dd5c11d44f90723ef1786188c90cd64,2025-02-20T06:15:21.673000 -CVE-2025-26857,0,0,458e23d1f46b5c52567523aecde999c805072f0b6016017361688de1e60d7c50,2025-04-15T22:15:17.360000 +CVE-2025-26857,0,1,6f21fa82e13fdcc7bcb7f3ef6dda5171a735ca4141e7c0df0340f6e37550898e,2025-04-16T13:25:37.340000 CVE-2025-2686,0,0,eb80a0c8f7b31a5582d2e1c5cc77c14ca573ee9db201a3a963e2f24b2e246438,2025-03-24T06:15:13.127000 CVE-2025-26865,0,0,392cafa9196f9e16f10dbe623eb410cd729a2dc1013d61e7dc7061610b7c87ad,2025-03-11T20:15:17.917000 CVE-2025-26868,0,0,cba4f0d0c27029718e2b50a126041299a77ea3636d837c9614e50e9855b0878b,2025-02-25T15:15:23.903000 CVE-2025-26869,0,0,a478c5658e508ed802536bcbcd20e5908ef4279d4bf22775ffd2201f754d48ea,2025-03-27T16:45:27.850000 CVE-2025-2687,0,0,27bb11d09e87f67e308b5df8d882120f5aff0d2280b537587a204562dcae0660,2025-03-27T18:14:18.840000 -CVE-2025-26870,0,0,8e069b05eb0ea7b71201a59eb33b3af63932aa87f308ca1c95f1df5ffb23f2b4,2025-04-15T22:15:17.503000 +CVE-2025-26870,0,1,dc7e8848de50d3fd2d459905abc0347a2d7cdc448dc5af1a96d9e0ede8c31570,2025-04-16T13:25:37.340000 CVE-2025-26871,0,0,2a55e987f92fea9189ceac5ee41ddd6e7a4f8d03cc64f6910d3d32ce60f6d5f0,2025-04-10T17:53:34.280000 CVE-2025-26873,0,0,29a8338bf87d3e41fb79edbad4c6dad89ff1aedd14c150bc441242230b6bb3e4,2025-03-28T18:11:40.180000 CVE-2025-26874,0,0,3906c541d3c2328f17b778a284f8d8b03cca5035667b064d99481ac9bbf55d5c,2025-03-28T18:11:40.180000 @@ -286955,7 +286960,7 @@ CVE-2025-26877,0,0,b6bbd106fc09effb170ea41e4eff1e72fc5e0e40d7a5e670464380cec25fe CVE-2025-26878,0,0,b83c78001aed3b72257afa473beed64325520c746080d9d4c55fc0721207cb83,2025-02-25T15:15:24.560000 CVE-2025-26879,0,0,ff13b8336e93c3c4112258e1261f28d97f76ce67ffc3e5951e1c9eced4ea0dc7,2025-03-03T14:15:56.213000 CVE-2025-2688,0,0,3db76f6c7ae6bd47c67a7955d3d43773d55b0ddfc445a5d95eadf558dec95819,2025-03-24T07:15:12.760000 -CVE-2025-26880,0,0,812b774cb416421b431abbe2f37065032c83a3820f6df0b8d681cc65aef7ff39,2025-04-15T22:15:17.643000 +CVE-2025-26880,0,1,da84e2330a560f7b1855215c494200741db29c3a24f93ba76a255f39bbbbece3,2025-04-16T13:25:37.340000 CVE-2025-26881,0,0,921429dd5a0c5a1101d4da691445afee44c665c84de754602fbf841d0217b94b,2025-02-25T15:15:24.690000 CVE-2025-26882,0,0,7062fd0c75af34ccf6b6ec2ff75c922493b57ba8fdc01187594aa2fa72d319c7,2025-02-25T15:15:24.837000 CVE-2025-26883,0,0,922ad8d066f9e08d920e6020bb5edb414ef495b7a7f4fba5c400a5b716452883,2025-02-24T15:15:14.007000 @@ -286979,12 +286984,12 @@ CVE-2025-2690,0,0,75f1203ac5b34c88acc73b68e6ba0da2d7e1bf821a23d04642fb589976fd25 CVE-2025-26900,0,0,059a3c3ee3ee2a5a8549e4b2d083087d5d389f3b34374b636a32cc0884702ad8,2025-02-25T15:15:25.853000 CVE-2025-26901,0,0,275fcd1724f1e09cf5b312f35af7c97f9731ba6ce5fcb10bb28c3ad70715e042,2025-04-11T15:40:10.277000 CVE-2025-26902,0,0,a352d49522ef9a8ce292a40d2fcf63e3c78f10a3db52281b2745c9cfedfb5d40,2025-04-11T15:40:10.277000 -CVE-2025-26903,0,0,b14ee5023e207ffc59367e257215aa457a7a28c1096a6f26caa6637dcff3fb34,2025-04-15T22:15:17.787000 +CVE-2025-26903,0,1,c22fd0ba415dfb58dfe79be632ff7901195d7d34c0f435f19b0b4c62e5db36c7,2025-04-16T13:25:37.340000 CVE-2025-26904,0,0,cab9a4c8649e54f1340a29bbdf14f52168b5cc51065c592884d99916bd742bf3,2025-02-25T15:15:25.990000 CVE-2025-26905,0,0,3fd420b5cf6d35f2394ffb7c8b96279ea5b6a88032aa4ac13abb160d4bcc3b89,2025-02-25T15:15:26.127000 -CVE-2025-26906,0,0,d6dd5e2a91b735f580f5ff3827c8c861f4c519a661616fd3f2f9cf472fbdd629,2025-04-15T22:15:17.920000 +CVE-2025-26906,0,1,7e0543f5675dd4fdfce78418317be0b5c7a02892675c1e6c88e224864ca19833,2025-04-16T13:25:37.340000 CVE-2025-26907,0,0,12cbcc5c8b9c8102e25a8b6b26b7cf51a11f16a102e0d9c393e6b591cd6460db,2025-02-25T15:15:26.263000 -CVE-2025-26908,0,0,3735fda46d3134596c6dcec0aac9b9b889253a325574bf4753f63ae3ee4d9eef,2025-04-15T22:15:18.057000 +CVE-2025-26908,0,1,763803b7c362ec974948dac75bcd81ddbcb27c7125b98d9f0ea263864bc023bc,2025-04-16T13:25:37.340000 CVE-2025-26909,0,0,5d0fcbc30b621c07fe2a4f5cb7d6b6729dad21266cc3a2453124baa5b9596a45,2025-03-27T16:45:12.210000 CVE-2025-2691,0,0,3e0c7bb9b74b91cc1c7f226007a0a4b2765523a838b6451534f4d7af5747b3db,2025-03-26T15:06:35.310000 CVE-2025-26910,0,0,ca74ac486aa989f6f999598f8bf14014c34c48339b6905c0296af8a29556b3ef,2025-03-10T15:15:37.660000 @@ -286996,21 +287001,21 @@ CVE-2025-26915,0,0,e63561d7adcf992fc96846addce01208e0fc68636cda02f3f3ede272653e6 CVE-2025-26916,0,0,f758c32d09b38a24f4c348c15aba8cb3a44ed6c4ea3664e23dee9d5858835140,2025-03-10T15:15:37.830000 CVE-2025-26917,0,0,3fc39fec66986a8b7bd40f698f506534d61e59c6582e491b1216365ddb3f6932,2025-03-20T12:25:42 CVE-2025-26918,0,0,e0fc59a79e46c5fcf8cafd0b2b3657455a0238ac9b7d59603d1a8c12f6ce4a03,2025-03-17T17:57:36.580000 -CVE-2025-26919,0,0,dc3bd6393c921a67ad306f81bb1d0e5b096e48ead7fa559133f86416c81e44d7,2025-04-15T22:15:18.190000 +CVE-2025-26919,0,1,8418b6cdf7e830a7562ba2919a890e91e32dcf2fced8570a22fc851e83a733fc,2025-04-16T13:25:37.340000 CVE-2025-26921,0,0,89fff991fd2a17b2631799c0a10d97acc3e948cef9b5fa5a4ad29105c2269245,2025-03-15T22:15:14.517000 CVE-2025-26922,0,0,21dcea9978e7cbb71c87d1e8640f8fe68181302b833e2fe5cd4ac540a43db6f2,2025-03-27T16:45:27.850000 CVE-2025-26923,0,0,4e693927f4840764b6e95e3f2c142ea01ee7a54f312985dc1ea26a5a647795a0,2025-03-27T16:45:27.850000 CVE-2025-26924,0,0,cb1c2780be4c3aefb0ede4d6931acf4ab096ee32b7e90b61d12e0b5ed023ed5c,2025-03-15T22:15:14.663000 CVE-2025-26925,0,0,d5e509c3100c8df66ee25704b916843165e5ea195a85927b6d7f6a9a10386673,2025-02-26T14:15:11.743000 CVE-2025-26926,0,0,46670274056f543a2d8d831b8a506aef43cfadd1396d409b955b63f1e76e669c,2025-02-25T15:15:26.930000 -CVE-2025-26927,0,0,6416a2c3bfd3c9688a201e1151dd2cdf4798d840432be5796f5987eae991ead3,2025-04-15T22:15:18.330000 +CVE-2025-26927,0,1,8e9459a7de3f5e5317f7efbbb12628809cc064e5be380e52ba091fa9c6ec38ac,2025-04-16T13:25:37.340000 CVE-2025-26928,0,0,861f1ddc85c79a1a8d63021b4a752a7980136fff79059fb765bfdd66a75382c5,2025-02-25T15:15:27.067000 CVE-2025-26929,0,0,bb3575a6298dbbf2effca049bfd2bd4c57dd334f967c451cd6318b2bfa94bfc1,2025-03-27T16:45:27.850000 -CVE-2025-26930,0,0,31795cde7d79d16dfcdcba834cccb73135af4fb3c8e2959be2b258237454856a,2025-04-15T22:15:18.463000 +CVE-2025-26930,0,1,ffdd0e05d01ed10d8d927c53dc4495d97e95d9d6209fb7bc62750ed4b19f3a4a,2025-04-16T13:25:37.340000 CVE-2025-26931,0,0,7680a16e5e4bc5cb7d571ec7522e8eb1da81a45543fb23fce8deb347b9f39cce,2025-02-25T15:15:27.200000 CVE-2025-26932,0,0,30e11ffe0fff9feb38697cc84d4135950611987600314e1279c1b8624ccdcf60,2025-02-25T15:15:27.337000 CVE-2025-26933,0,0,c72fd5b233eb6a6c742b9899ed4e432e73eabce6ba195da01f5e87528d188c44,2025-03-10T15:15:37.997000 -CVE-2025-26934,0,0,0d362a85cda53679b248c8d7674fe814af83a7323a9b39b3e51e22d6ab55fb8d,2025-04-15T22:15:18.607000 +CVE-2025-26934,0,1,6d3d0a2b856b49ab4db20522bb9bc4dc26abd78ea5ac584d0cfff4556da56f16,2025-04-16T13:25:37.340000 CVE-2025-26935,0,0,a87ac2b03277f02c7347360facc65e6c05522926da95bc4c71de2019c25b787e,2025-03-25T16:40:10.203000 CVE-2025-26936,0,0,623d1876bb95d48384f44f85a7c572aa33d42d6708aea8460ab34aaf42eadcb8,2025-03-10T15:15:38.177000 CVE-2025-26937,0,0,fed4f7fb03e7e7397a66feffa07ed44235873cf8d6e3b0b63bd6710ca35b749c,2025-02-25T15:15:27.607000 @@ -287026,10 +287031,10 @@ CVE-2025-26946,0,0,df781d5aa26b91c3cad6d895bb9f19c76a8ac0bc37b086b89e10307c33900 CVE-2025-26947,0,0,17ca4a960f692537dd7bd29667eead07a638e9187cd25b27f2e6eb39d83f12f2,2025-02-25T15:15:28.457000 CVE-2025-26948,0,0,7e692ce2f0fb2189773dab014b01c64cf92c1c0d6e24b0bdecd31d44fc8a160e,2025-02-25T15:15:28.597000 CVE-2025-26949,0,0,756ec3a8273ffe21cd013eae401b29681f02ddf1186e27472f179b3deeae84ca,2025-02-25T15:15:28.733000 -CVE-2025-26950,0,0,dcfb8996e9a418391ed1df843fc9f27e229602d5ce683276c3e40511fae506d9,2025-04-15T22:15:18.750000 -CVE-2025-26951,0,0,7440d2bf5df8ecfe23ba66ce6f4a50ce2b841fa40bd9d49941500ee7a03a2f68,2025-04-15T22:15:18.890000 +CVE-2025-26950,0,1,e8c90fa308414bc30e81e0a6bd4e96333c8b64ca0efd748f8de0ae5a3f678162,2025-04-16T13:25:37.340000 +CVE-2025-26951,0,1,5399370fbb1501feef7fdbf8553198872fd9bfdde60d56b4fe398cb4ab8ec26b,2025-04-16T13:25:37.340000 CVE-2025-26952,0,0,a13de9204c8fb7f5ac97c6580a46c2af94bfa390df931bb26a31447f73f1cb45,2025-02-25T15:15:28.870000 -CVE-2025-26953,0,0,897245ee28d8673c0dd86daef30fb2705ddbc47c2218ad42278cf505fcaf0598,2025-04-15T22:15:19.027000 +CVE-2025-26953,0,1,72abeb573880ca7a08003090a47581d6c6ba438bb7d34ef9131f4e73b84792a9,2025-04-16T13:25:37.340000 CVE-2025-26954,0,0,61bbb677c76367dc681a61a9eb34b1cb4b843872dfbc537b65e6b0e5164d6927,2025-04-15T18:39:27.967000 CVE-2025-26955,0,0,4c1429af0322731502991eac13c1a9065d93dfaec66c7f3aebcd3a2addb646bd,2025-04-15T18:39:27.967000 CVE-2025-26956,0,0,67dc3e0376c57291d36674bc82b71c5ab19cd7ba364ee74deb6f26199d4b6b1d,2025-03-28T18:11:40.180000 @@ -287072,16 +287077,16 @@ CVE-2025-26992,0,0,c93906bec2c33a02d838c5a2d09c21bba267dbc68120aa93c178090114737 CVE-2025-26993,0,0,25d916d390de90b80a1e84bf0243f302c32b655919eea97f6f91c9f96aa389dc,2025-02-25T15:15:31.590000 CVE-2025-26994,0,0,03494b736a3ca693fdaefc610166ca8a10d800440713e480c6b170f7815e45d0,2025-03-07T20:37:45.723000 CVE-2025-26995,0,0,9f9fd1cf4c78a39e37c563908ec2c351a2e202019a39ae0f35b6be53c49be04b,2025-02-25T15:15:31.720000 -CVE-2025-26996,0,0,47211e4c7fbc135ac39f57423505660e6b79de3d0f8302a20ae3b6e6fafaf7ae,2025-04-15T22:15:19.163000 -CVE-2025-26998,0,0,8a8d96b4adaca111bcdcd441c7137f550eb814bbe9e521768049bf459aba45c2,2025-04-15T22:15:19.307000 +CVE-2025-26996,0,1,ce7607feddf1ba4ad5cb10cdb417963ae100256ab9b7a9f444a7a8afb3596540,2025-04-16T13:25:37.340000 +CVE-2025-26998,0,1,822fa2ed2b224876632a224b4e6c89639b2ba2f9ca9ca9bba87fb48ff55fe279,2025-04-16T13:25:37.340000 CVE-2025-26999,0,0,cdacabf1a660ac6dee9a5685fa630f6b1572dbc44af9dd2498823746cb2cfe2c,2025-03-03T14:15:57.830000 CVE-2025-2700,0,0,5071cd8329bcbe3e4081f465d8ee368358c8db967df119c33d261aceab1236e6,2025-04-01T20:47:42.813000 CVE-2025-27000,0,0,1ac554f083699af2e8a7ca7e5b9fee0cf63423d6e7b9eac2cf80407f8bbcfb4d,2025-02-25T15:15:31.853000 CVE-2025-27001,0,0,9549fdac37d52ebf8e1c75331c3601de8f03a77a6f35cd82e54896fef08473b7,2025-03-28T18:11:40.180000 -CVE-2025-27008,0,0,d1260e3e5eedcb365d3c0af11fdb8707fc002abec52559500d8e4c1560c6f87d,2025-04-15T22:15:19.443000 +CVE-2025-27008,0,1,1708de4dfae031876ed7d8e7fae7765e4b7ae93e2aef72116fe164d3c1e29fab,2025-04-16T13:25:37.340000 CVE-2025-27009,0,0,ba7a3973ccfababfdb452ae41b4eb27fe597fd251e088b37a2e2b8e171857c6b,2025-04-15T18:39:27.967000 CVE-2025-2701,0,0,4a00a8c87ae1a8f8d8996e5497fbf475b3761e12c82cf113f0ba83ecc0864e95,2025-03-24T09:15:13.950000 -CVE-2025-27011,0,0,680a962d0e96a56355a9bef031d7c4eea20486dfb2dd35081a852ce3d6f1a6b8,2025-04-15T22:15:19.580000 +CVE-2025-27011,0,1,e64d4b239234bb430ba5bbeabc5eea11a45254e26618d364061331bd0598f833,2025-04-16T13:25:37.340000 CVE-2025-27012,0,0,3a1893682864e642f849034c4092180dc7a4b18b7a6ad2f7375bac0e9841b34a,2025-02-22T16:15:32.497000 CVE-2025-27013,0,0,9b9378b18f13319340e1f24d5072a99db201f1036e2a63d2b47d9e89c2a36e2e,2025-02-18T20:15:33.880000 CVE-2025-27014,0,0,bdb4bb53ed32c8910a3d15ff13e2e53e881921db613d28fde5d34dee78b2e31e,2025-03-27T16:45:27.850000 @@ -287323,7 +287328,7 @@ CVE-2025-27405,0,0,663163c6c073b18f53346712329739a975081e88ca8125075a565c094735c CVE-2025-27406,0,0,16d66ed71bcc122eca2801ed1c57d9068f62c5d5532697159291cafa7e5c3495,2025-03-27T16:45:27.850000 CVE-2025-27407,0,0,1d15654ef204c91cd32beae5fe1b20af01b3f98dc702fb1b2edea51c8a7ee1cf,2025-03-12T21:15:42.560000 CVE-2025-27408,0,0,93737553abae903ea76018e61e22703521d366acf436a7c85e20d8d3f4423a3a,2025-03-04T23:15:10.897000 -CVE-2025-27410,0,0,c17e2cf05fc1e5815bfea0a0ae78fd9d0f61a50a1e1564df1f57054d7ec57468,2025-04-15T20:19:49.100000 +CVE-2025-27410,0,1,a05a17639c1b1b86ae196b7a01c237a501afb172d4aaf15631790229df7af6ab,2025-04-16T13:04:55.890000 CVE-2025-27411,0,0,0a8c61754ca17a315a8d6c0a67146f15c92b522c31bf75cc818698eafa246ea6,2025-03-05T16:15:40.310000 CVE-2025-27412,0,0,d9bbfd830ce3a327538dfaf425c1c45f17af21af968a5c50b137821ea628ebef,2025-03-05T16:15:40.457000 CVE-2025-27413,0,0,3bf0ae01f8e6b7627b108e281288e91ed99512fff48352570acffd4f0573a43b,2025-04-15T20:27:24.010000 @@ -287415,7 +287420,7 @@ CVE-2025-27520,0,0,eb3d510e2ec71b4e6facfc8b91a612963b703d70470ba5885965b0fab915d CVE-2025-27521,0,0,3b64245e66b6009e2ff156d542cd7e2067920fb3d6a5d36cfbeb94f5872a522c,2025-03-05T14:00:54.577000 CVE-2025-2753,0,0,e912daa6c2718d8ed3f24e43ec3e9ee9f4a48455fb53e9e67461e5144c99f550,2025-03-27T16:45:46.410000 CVE-2025-27534,0,0,e40558e45672ac9b9a33735fa16ef08f02dcb0996c9978ce0ed6bcd8b32d3dcd,2025-04-07T14:17:50.220000 -CVE-2025-27538,0,0,d51d2764cb7709f147d85eb1d0dc7616e1602a110d245ad0abe0e3ae81e4c0b9,2025-04-16T08:15:14.217000 +CVE-2025-27538,0,1,f1e1ef82e819f0c41a8132d8d5deb4b21b908fca68acfe18077b1f8576b7daf2,2025-04-16T13:25:37.340000 CVE-2025-2754,0,0,f7d4984908c96f676bcc9696fea1364d56b7dcb9a4ef8bc0bc9ea457aff5131e,2025-03-27T16:45:46.410000 CVE-2025-2755,0,0,73153d88e3fc0f87ce9b6e082e912d243f127ec5112dd7f0596e8d019ab0c8c5,2025-03-27T16:45:46.410000 CVE-2025-27551,0,0,890a9d15888394805e7115ba9f385ec1edb3ecaa955cb3e5783dec5931afc460,2025-03-27T16:45:27.850000 @@ -287424,14 +287429,14 @@ CVE-2025-27553,0,0,3fdfc758e50a10792399f2278b5d552e3c4d38453307aaa115f95e5d1b805 CVE-2025-27554,0,0,cf23284196495ef624f6aebb4a495f3e36a6b5bfc39b634f5a2b752d43a7754d,2025-03-01T06:15:34.693000 CVE-2025-27556,0,0,4ca86b14fb70d2b656f3535be9cca045a182add78643be3ce819c6025668a902,2025-04-02T22:15:19.367000 CVE-2025-2756,0,0,092a25b42b3189a59251afe4527fb8569dc69374ff038cad349569e68ebf3853,2025-03-27T16:45:46.410000 -CVE-2025-27561,0,0,0df655a6bae0a5f474e2fa3b5ed5d49e3bd23f8c04f3549ea053ff0f90aeaf11,2025-04-15T22:15:19.720000 -CVE-2025-27565,0,0,1ba7149500b68d30173ee8c93bad01971dd6ebb191efbd25383a4cded0337ab7,2025-04-15T22:15:19.867000 +CVE-2025-27561,0,1,9a2ed6a48d4c37646f33372f3188d4d9d564856295e313ebd6cb5bf15b4af1ba,2025-04-16T13:25:37.340000 +CVE-2025-27565,0,1,e150582bbd4ca1404978c02e2de39c9c934be7297b5291301044964574dfba69,2025-04-16T13:25:37.340000 CVE-2025-27567,0,0,8ca9b74c3e219a4d15e6ee8281f7f16769702266f24ed34aea1ada953bbf2d6a,2025-03-28T18:11:40.180000 -CVE-2025-27568,0,0,959628bcba2be6020a933bd25140d5c2bf0651a2d0c53dca589425d24c4d331e,2025-04-15T21:15:55.060000 +CVE-2025-27568,0,1,513118bef551546900b0904a780fb137349b74efa6a94e6c0245ef7a9599ca08,2025-04-16T13:25:59.640000 CVE-2025-2757,0,0,7bd39bef42ca34fb5d12792b895089cd6318ba18d4fbf0374c2916e645d3eab2,2025-03-27T16:45:46.410000 -CVE-2025-27571,0,0,7087595df28edbccbfc56a049b4faf8a19d4603ae8422a2d18bbc7e4dfbd3438,2025-04-16T08:15:14.353000 +CVE-2025-27571,0,1,4b3b1eb3532f1da50e9afef19264d37b8e7e6167565806a8e32af2fcb00c893e,2025-04-16T13:25:37.340000 CVE-2025-27574,0,0,93f87063722ae1c1814b2d9c92899de9d571237b060b0430e67ac3aa4baec2c6,2025-03-28T18:11:40.180000 -CVE-2025-27575,0,0,762ddb3fcbc22d59c5316d984c65f4dc95827e4e3e38d9c54d1935ce95387299,2025-04-15T22:15:20.013000 +CVE-2025-27575,0,1,e0800d8690277959bc53bbcc380d67f44746bb160d92e18cb88f2848c9a4b292,2025-04-16T13:25:37.340000 CVE-2025-27579,0,0,e37901d639203dabeb0abb1f8d25952e3d9090042ecc93a0b94bf072c75c186f,2025-03-04T19:15:38.800000 CVE-2025-27583,0,0,0323a5ab9427edc3fc5fcf52b07bbd68cd541b31029bf0b1077e85dabad17762,2025-03-05T17:15:16.693000 CVE-2025-27584,0,0,f03e6726bedccad19322a88f13d717b29a57c1713f548b043d4f11c0c134f427,2025-03-04T17:15:20.527000 @@ -287525,7 +287530,7 @@ CVE-2025-27705,0,0,c5ff1aec7cfc8542770275a002f6e0d41571adb88f3dd40ea1ae12b57d47c CVE-2025-27715,0,0,3945a29c5f5d17f328e68afe21b406dfe2951d48ca4e13bc184b7c24d7c6efed,2025-03-27T15:01:03.360000 CVE-2025-27716,0,0,65bcc3c5b3482c33d19a88cecf33eda0c46f0e6a542313f4127f96639786d02e,2025-03-28T18:11:40.180000 CVE-2025-27718,0,0,89353bf3b85d5d2d9beda4c3f569d21a69be548f857d5ad779be46bb63a2d115,2025-03-28T18:11:40.180000 -CVE-2025-27719,0,0,da168889fc80bda65a4e061b54815cdd386705d1bf1220e0344634b5f71c6cda,2025-04-15T22:15:25.427000 +CVE-2025-27719,0,1,2d8a002b5f29561b2094156ca9bc47c88cd090e828e5aba54e9b59e7cf292a3d,2025-04-16T13:25:37.340000 CVE-2025-27722,0,0,f6643ccc8a22899781482acbc064cbbf83bedfd8a0b28b0db307e860db0ae57e,2025-04-09T20:02:41.860000 CVE-2025-27726,0,0,38a1ac46d0efea1df2b1e49f61f22cd8b30134b3fdb6141c216328e096cf40e0,2025-03-28T18:11:40.180000 CVE-2025-27727,0,0,789a1c04ba58a25a6855558607527be4357ba246f22824b45c569b071597e135,2025-04-09T20:03:01.577000 @@ -287580,7 +287585,7 @@ CVE-2025-27787,0,0,155035fe75bae04ee902cac5759b78779c185535cde642fccfdd2b025dec0 CVE-2025-27788,0,0,b24a56e317b2a6ab1d22b1dee70e073e47082751d4072c9e5bc5b9f65a1fa097,2025-04-02T12:35:54.383000 CVE-2025-27789,0,0,1d6dffc84798f01608e4f99792545443ae7fe01f00fb8a5ade60b9d3392855a3,2025-03-11T20:15:18.330000 CVE-2025-2779,0,0,f769b50fc7746b0a71d436d1e829f1cd996f030f421eebbc56b6cd3744554c33,2025-04-02T14:58:07.527000 -CVE-2025-27791,0,0,5d37fd3efda29142db4d59d4f4c4bf5614512242bb9507ddd121f00f18386617,2025-04-15T19:16:07.433000 +CVE-2025-27791,0,1,7307ae45cbe1ae64811506cef60abbf2e7295fe06219730ec37506c98251451f,2025-04-16T13:25:59.640000 CVE-2025-27792,0,0,b74c7d86509a90375e7b6ae418264a1e46ee3163db3412e248a72d4623f714ea,2025-03-12T14:15:16.930000 CVE-2025-27793,0,0,62455994f5face7dbcfa1a98caad81214c4b0da370d91206c6d21af82a45c6cf,2025-03-27T16:45:12.210000 CVE-2025-27794,0,0,29af72e657ff2464b2a2937c7c4f1f9dbae6fd8fd9c8cc38aa28016fcbce1e25,2025-04-02T12:33:56.437000 @@ -287618,7 +287623,7 @@ CVE-2025-27867,0,0,706ccc11683336c438698de97765a7b785ce156810f1f1b352bcbe344a441 CVE-2025-2787,0,0,4aa889cfcc070b06e1753e76a9737fc448b22e64e5347c5b1fb406395a105243,2025-03-31T07:15:18.557000 CVE-2025-27888,0,0,8a8aa5b91d5bfb492ad148fbb9efc0a6effab4f3d802fb1b2e446246bda2ee28,2025-03-20T12:15:14.563000 CVE-2025-2789,0,0,df64e299b1d14f12e54de55990e408be4e84e9ae24d1c4be9c394d87d6d12ba9,2025-04-07T14:17:50.220000 -CVE-2025-27892,0,0,4da1ddffb2f4c17cc635e9144af32abfe72afb884c9723918cd707f4f061e8e0,2025-04-15T22:15:25.577000 +CVE-2025-27892,0,1,c917453cfbd21465c08fbbbbc9489c7b2be617b6b80c1f79fc130127d8f32de2,2025-04-16T13:25:37.340000 CVE-2025-27893,0,0,e84577b5fcdd778bbc1f7429e59a23dbdaffc7f181556a9020c20ce55649162f,2025-03-11T14:15:26.033000 CVE-2025-27910,0,0,0bb94e3f7527c14f76129f12ea1086d3e9a5c32bf0c93521589ebefce719530f,2025-03-12T16:15:24.253000 CVE-2025-27911,0,0,10e67228aa90db73c3414ce28096a25aef6cbc3f128533308c9edad1912d6fdb,2025-03-11T08:15:11.500000 @@ -287629,14 +287634,14 @@ CVE-2025-27915,0,0,cd099995dd55d9bf47b9910748dbe833f7620d7232f17e750972cd85ba2bc CVE-2025-27924,0,0,4840c809271edb4af189b2d2219c4305e2093cdd10afd54a1be0c296547a863e,2025-03-10T23:15:35.280000 CVE-2025-27925,0,0,20d248e60598e5f95d1fae0ce2e564e286fc723b6dc1ad95ef277e933ed7ce47,2025-03-10T23:15:35.473000 CVE-2025-27926,0,0,55eb57ada8c72239b09d3012ac06f54ef846ef608760d35a348131200e00a4d9,2025-03-10T23:15:35.670000 -CVE-2025-27927,0,0,c61b4302997ba1ba490315b19be546e1fdef4deceedd9c89d2c77a34b5c20262,2025-04-15T22:15:25.697000 -CVE-2025-27929,0,0,88febc56c48d4e99d884274f991ff538e0e02e6e21457bc723ce1d769b3610d9,2025-04-15T22:15:25.850000 +CVE-2025-27927,0,1,bf2dbe703ec635d634e96d2beb7695c7f8896c464dab8b24ddd962dfd38a667b,2025-04-16T13:25:37.340000 +CVE-2025-27929,0,1,405d4ba285dc2d56a2a609d37007a99aabba6336d29b9f347d71d44d90f1dc2b,2025-04-16T13:25:37.340000 CVE-2025-27932,0,0,e89ea3f7bc1f24dc892df481b28cf611425fca497d4d9ab9fafb911d848cbe47,2025-03-28T18:11:40.180000 CVE-2025-27933,0,0,93368137a33aa362057a4035ec036f1aedaefb3c8486745a8d93918e46a37c4e,2025-03-27T14:55:25.660000 CVE-2025-27934,0,0,95b3d1b020dd3defb4f0c3dbb03f408c8cd96475518f9b12ef782500b5b25703,2025-04-09T20:02:41.860000 -CVE-2025-27936,1,1,9677905dae4982fbd55d7499dc258ab5f48757c5e4c9f134e4371413238c6f70,2025-04-16T10:15:14.797000 -CVE-2025-27938,0,0,d7bcba0f632aea5ba1fa66cdb4197163f583f147ed6637861a43074f1b6bdc99,2025-04-15T21:15:55.273000 -CVE-2025-27939,0,0,a8b0a5d4ce4ab89c9d411bc9587b1d3b976725e3774d2de4ed0fe101b1a61c51,2025-04-15T21:15:55.433000 +CVE-2025-27936,0,1,933ed0883cfb67d8c2ed55aa84ededa60ab084051873f24a0b9a6b24f02378d5,2025-04-16T13:25:37.340000 +CVE-2025-27938,0,1,bf71cc20089ab7c31af5546076ba78a2d82abe6a041a4a3a3ccbdca3b4c0c117,2025-04-16T13:25:59.640000 +CVE-2025-27939,0,1,62ad4faad8f2ae97298e92fdca3809e2a8391141ef6e47b0825e7d4aff3fc3a9,2025-04-16T13:25:59.640000 CVE-2025-2794,0,0,b6c5052929166b2fdf6e3c269a20ead353e60c001082fefc35ed2b51aad72541,2025-04-01T20:26:22.890000 CVE-2025-2797,0,0,b1486c99f88bb0fe24ee44879fb68daede55b0ca436e040e01e9162820f0ca7f,2025-04-07T14:18:15.560000 CVE-2025-2798,0,0,ce50f1abf598f0e20dbb0b231565f286c9fd88d139aecf5e428c88b471d2c0d4,2025-04-07T14:18:15.560000 @@ -287695,7 +287700,7 @@ CVE-2025-2837,0,0,b89aeb2a53f8a50fdc7d1cb971618f78d6548d3dfb914df0b41cb0d9a2a5f8 CVE-2025-2838,0,0,ad5519332c14610c417f2ebe0957fac238c08deca06808872c71584919e4dfa3,2025-03-27T16:45:27.850000 CVE-2025-28395,0,0,e2a008eff6d871d94e498e18fdcd7ec1a8104377f0bfd0c36d8d69a8cfbea062,2025-04-15T12:52:46.433000 CVE-2025-28398,0,0,a80aa3350f7ebc843f0b185d49e6b66d7edf0d8201a54a2ee3a02548dd1b1270,2025-04-15T12:51:12.750000 -CVE-2025-28399,0,0,890515fc4c5ee5f31215b4d77822313672e2e8f4e4673dda090a433835910eb3,2025-04-15T19:16:07.567000 +CVE-2025-28399,0,1,2793f8d82decfcf0e3cbffd59a80b16cf2d9706fb7a28799b040cda7c2b0d93a,2025-04-16T13:25:59.640000 CVE-2025-2840,0,0,1611919e470b3959ac5f5634b987862e109125e9a8a008183091dc9630f3ea33,2025-04-01T20:26:30.593000 CVE-2025-28400,0,0,cc1f6f84cf8a6714de7f979e521029089d85e3bab5eb1dddede51bed2df8cbb6,2025-04-09T17:29:47.113000 CVE-2025-28401,0,0,f7b9c29cb1543d57a788f6df9919d9bc678436ddeda3822118494d478d80547d,2025-04-09T17:19:47.947000 @@ -287879,7 +287884,7 @@ CVE-2025-2919,0,0,b96ce7ce0f34936fb136f2b1ffc6459c07bdc587830fdf6a756fc40e2dfb51 CVE-2025-2920,0,0,2401864f099a711f30f8b2d38398a72d7195f85541e7f19ba35b8b1ff663c52a,2025-04-01T20:26:39.627000 CVE-2025-29208,0,0,67e2605039ee3d1f3c5ea9f6fc4b9f6bb3ff72ecfc77443b4593d17db1d38ecf,2025-04-14T18:15:29.100000 CVE-2025-2921,0,0,d4bcd9d1bb65075ea7939e905e49c36e22f8a771b8d05601490e3dfa0958d0cf,2025-04-01T20:26:39.627000 -CVE-2025-29213,0,0,3a9fda1762d4d3be9b89268198a6d7cb8d542eb3a8d4320fe195cbc3b7d87368,2025-04-15T19:16:07.673000 +CVE-2025-29213,0,1,57cf0fb5bdcee13c9f6a0a90ce30cfb88efa206e5394cb25386896e145687e47,2025-04-16T13:25:59.640000 CVE-2025-29214,0,0,2f3c93fd24943456f370bfa5c5d58e2eb2d54f2259ee734aa123f6beaa43463e,2025-03-25T17:37:42.507000 CVE-2025-29215,0,0,96e2f565718ae35623a5dad2291d2bb27d05c2c10bebe7c06ba56599d76124a9,2025-03-25T17:38:20.710000 CVE-2025-29217,0,0,e64e2910b1dc1b0effd2ebba9d04863326d941e1021d8d58ce80e3146dd4312c,2025-03-25T17:38:28.670000 @@ -287938,7 +287943,7 @@ CVE-2025-29431,0,0,d467a56b9c5c57e54c01aff6a53ffdd59b78e3e6577e8a72af651975cfade CVE-2025-2945,0,0,5701c477425c2a81bc66d944f3bb97a7255b4c935bf92c67bb01910b6829ab38,2025-04-07T14:18:34.453000 CVE-2025-2946,0,0,d1b6bc216dd9866fedcefbedd5d27e2a55560ea3e179cb5e876100bee6cdba81,2025-04-07T14:18:34.453000 CVE-2025-29462,0,0,2dbf51a848bf77ad433e707ac24330b357114ddd7a825b863e5708fee007dbfd,2025-04-07T15:15:43.373000 -CVE-2025-29471,0,0,961953d6170f04cb23a53bc1ed1ae61730e1f6df0078ef09214618374dbff090,2025-04-15T22:15:25.997000 +CVE-2025-29471,0,1,450f250954b6f01c4b2ae9b43aeb073383b0d03f1287a662accabdd1853aafc5,2025-04-16T13:25:37.340000 CVE-2025-29476,0,0,3010ae735c879d92a342e7748811b3946ae8287c6c80f89374bb498690e8bd18,2025-04-07T19:15:55.790000 CVE-2025-29477,0,0,2b1c163b57b7284c39b710b65fa772d27c2dfad0127610dec2abcbdeeac4b145,2025-04-07T19:15:55.950000 CVE-2025-29478,0,0,95539760950ade4571816f9ae6141a29c105591902e01f13a4661b18fef5d518,2025-04-08T18:13:53.347000 @@ -288146,7 +288151,7 @@ CVE-2025-30092,0,0,81be76bd5e4d358e5e497793b136a481ab98791f4e442314445db080e37b8 CVE-2025-30093,0,0,1b6f9f05e31019a953ba5e0a3595825a9aa3d03b71a7b0fef4f489c7f79cb737,2025-03-28T18:11:40.180000 CVE-2025-30095,0,0,93e17bec8d1cf481725cf4f9bcf311125c6633428f3ca644a0806bd1e05b67db,2025-04-11T14:15:24.813000 CVE-2025-3010,0,0,0be162920eaabdfafeeb15da6565caf83eea25a19d64f9d941d63d7a5862718e,2025-04-01T20:26:22.890000 -CVE-2025-30100,0,0,f36b418785fbf99ed7e3d43ce256d83a9a639566d1d4080521516a5311ad481c,2025-04-16T02:15:41.270000 +CVE-2025-30100,0,1,1cdb7cbecbf8ef60d4895ef0a0b246e8d9ac3c9e0dfa9be5bd8d0db9b57645ae,2025-04-16T13:25:37.340000 CVE-2025-30106,0,0,d0ec2fed531a791fcdb7e275c6cc676f11c96b4c23a970884370a41e87a3b6a0,2025-03-21T17:15:40.227000 CVE-2025-30107,0,0,7ae7d3e2db9a3bcfc7100b14968701083bbe2237ed720df55c99fa3bf4e70491,2025-03-24T22:15:14.450000 CVE-2025-30109,0,0,c697d3ced89db3fb240ff33efe8653842b736020e748d3eead592e6135cb99ac,2025-03-21T17:15:40.447000 @@ -288202,7 +288207,7 @@ CVE-2025-30197,0,0,2d4109cd57eb04a1dbf5d412cbfee8b568c6ea58cd4671c7483e548e96f39 CVE-2025-30203,0,0,5db06c38cdbea2eb8c493695ff18560d3171df5fdf98e563249182ea23863bb1,2025-04-01T20:26:22.890000 CVE-2025-30204,0,0,a62a2febc5dc48c687f751c501a508130f5fcc004bb8b764581a0a0be25b0f0a,2025-04-10T13:15:52.097000 CVE-2025-30205,0,0,5a6e6a15e27f16257c15600ed612a889ee89ec4cb07cdade70362275ccba48b8,2025-03-27T16:45:46.410000 -CVE-2025-30206,0,0,20dd65517169f54b2695361fbfcaa6fc084c16ec10b330d4ec81a791c17d4ecb,2025-04-15T20:15:39.127000 +CVE-2025-30206,0,1,609aaaa043d8fb96e93113b18fef95a527cc04300a166f1af7cfaab351032b8c,2025-04-16T13:25:59.640000 CVE-2025-30208,0,0,8d10db1183f79516c18383e3ab326bcd260d9a2a6e5e9bbda5d21358e669589c,2025-03-27T16:45:46.410000 CVE-2025-30209,0,0,296b6bfd92b671240c888b0d7357ec25edc1731069d0df4d8d354cf96814c041,2025-04-01T20:26:22.890000 CVE-2025-3021,0,0,a819f7885f966c318efce1137c78018078cd56f1c4c8d8cc0e7412d02d27b6bc,2025-04-01T20:26:30.593000 @@ -288211,7 +288216,7 @@ CVE-2025-30211,0,0,6f934d1391ac57ee0e441fec63067c5b8a66d2fe9be5fdffdfe7b65e836f0 CVE-2025-30212,0,0,972410e2716e8f2e53ffd488d4d423564ff98176b3c1d36a04eac762d7cbcb18,2025-03-27T16:45:46.410000 CVE-2025-30213,0,0,9bc622ae8e82b32e191467dd2fc76643485ad29790111a6b5bc5c8f5ed285211,2025-03-27T16:45:46.410000 CVE-2025-30214,0,0,18b0a8e5b0aa52930309829b5c50a4314f3b9445c89b2192f63b40d54ef90591,2025-03-27T16:45:46.410000 -CVE-2025-30215,0,0,fa054c25808a3888174e1f30e9df56e9a3b059a0fd95562f12add7995bb8550e,2025-04-16T01:15:53.670000 +CVE-2025-30215,0,1,4f14f89bc8e9ecd4abf3829731ae9ffba5b3437fd23c83048f712dd2b601486e,2025-04-16T13:25:37.340000 CVE-2025-30216,0,0,4a4e5b54f04495c4df1b80922555eeaa5f35ae1f03a9f789985b2bdeebb439d3,2025-03-27T16:45:46.410000 CVE-2025-30217,0,0,255ed4a5f5d331010e4f8f80bb9c804fc57df9c07f06a9ea33aa8ab1adac0ffe,2025-03-31T13:15:45.683000 CVE-2025-30218,0,0,0938dca1e8d47564f064f28410796b8b85eb62ded957e7109b8e0c2e3158457f,2025-04-07T14:18:34.453000 @@ -288227,8 +288232,8 @@ CVE-2025-30232,0,0,eeb8ece2fb628c02d10a566625252905e84a897de93ba8f383987da02d0cb CVE-2025-30234,0,0,cf20660d6d37e637116a40ce9b3055465db9a1b9c87663c91728f3bae499e866,2025-03-19T05:15:41.353000 CVE-2025-30235,0,0,9222f9a2278ce550ac692bab27bb8a819d1de8dee62df51cf264df3162d55e58,2025-03-19T06:15:16.043000 CVE-2025-30236,0,0,3f73c2c498a83243d93d66190e1e818a0ccbcdd521592f269afac288686f067a,2025-03-19T07:15:34.313000 -CVE-2025-30254,0,0,35456a363fbf28c87b603f42a9cdced4864f1016ea3df3893befcc1f55b193a9,2025-04-15T21:15:56.807000 -CVE-2025-30257,0,0,d1d78a939025f4e33d3dfe27fae8d7757d224e3e9e0127a831a6cfaaa50cf8ce,2025-04-15T22:15:26.117000 +CVE-2025-30254,0,1,da1d16a46820d71900f53d810ce1fe1ebed01824c713861505ca6fc997e896d8,2025-04-16T13:25:59.640000 +CVE-2025-30257,0,1,9ccc3ed13a71d3b859385eaaebbd26fc6242cd3f0f494deb9f38d38761c8555f,2025-04-16T13:25:37.340000 CVE-2025-30258,0,0,cc431d0d4fe6a8b6881434ff2ad3ef316269606a3845b529c54a958324c9ac24,2025-03-19T20:15:20.140000 CVE-2025-30259,0,0,e7ad748a07d97a3ed7d8fd479d0bd66cf98f38cbfee97910d52cd90aa0d3bed9,2025-03-20T00:15:13.780000 CVE-2025-3026,0,0,e1d5f90de5cffdef16fb6ac0720c6a50512e756b166ba5e7f995a1b9b9409a90,2025-04-01T20:26:30.593000 @@ -288357,10 +288362,10 @@ CVE-2025-30474,0,0,eb6c167d1736e5a0a05d76dda95c9383453e456c61b97e97ddf0c32b61180 CVE-2025-3048,0,0,5eb6156d35bbaa6ace17e28077befe8dbbf8441f38642f57d7841d345fe9515f,2025-04-01T20:26:22.890000 CVE-2025-30485,0,0,f2856ee96c6d55a594aa71df88615bdd59c4c1a0f52dcb79297759def1147103,2025-04-07T14:18:34.453000 CVE-2025-3051,0,0,03f9e07d76193917b8de9d74f13ff070438d20cd42142f9b8ee6c497180d4b37,2025-04-01T20:26:11.547000 -CVE-2025-30510,0,0,5c03f855375882866c3d83929d5002846d442779d47093356d6a553142ede6bd,2025-04-15T22:15:26.260000 -CVE-2025-30511,0,0,950ba25bd4e531329ce5219090eea50d95491a49061ec48f0eadfcd5b9fed3b7,2025-04-15T21:15:56.953000 -CVE-2025-30512,0,0,d4252fe8bcea9d074f39b74722b0c9c243bcca2090fc7c3b6c5fc1c9d3fef2f5,2025-04-15T22:15:26.403000 -CVE-2025-30514,0,0,d858590fbc89e9efeeb8e4efd9fb97d8fafd4ddb6b63d0e0dd65cc029ed7a067,2025-04-15T21:15:57.090000 +CVE-2025-30510,0,1,65385fbb77c3413b4dbd5af09bd8095b856fda193f49543e9bce544dff1a2627,2025-04-16T13:25:37.340000 +CVE-2025-30511,0,1,8563c461353588100bf079ab1328ff6e11ab2f047bd1165d78f20b19233b493f,2025-04-16T13:25:59.640000 +CVE-2025-30512,0,1,830ca9aa3d060fbfd3176f9d9f5c7cd3b5eb14a6890ffb225ca2f7e33b59a139,2025-04-16T13:25:37.340000 +CVE-2025-30514,0,1,191fbbadf6252574a267c8157cf87ff8e05e4c53e45be9178ae9e940181c57b2,2025-04-16T13:25:59.640000 CVE-2025-30516,0,0,6e9088ba36985b7325f51c1d3c78cbc79ac0a2c6c97bf904fbc9eebc8d7f06b9,2025-04-15T18:39:27.967000 CVE-2025-30520,0,0,36202f4247a4e2c05ed8fe3c2794dc6deb26ec20b4118dea06db3314c5e3a395,2025-04-01T20:26:11.547000 CVE-2025-30521,0,0,eee2f839741a5e176cacf865cc6d42d2df432fd3f60c0ff1d8e1355c4ac5b964,2025-03-27T16:44:44.143000 @@ -288496,69 +288501,69 @@ CVE-2025-30673,0,0,e292e0371f10baa0dbb2b4b3b206efd65282a8bcd608d5d5a448633581759 CVE-2025-30676,0,0,708f03a86f4c884ecda3f7ec1e5552de291778e3e25b801a6e5af963ebcc884a,2025-04-02T22:15:20.260000 CVE-2025-30677,0,0,ac691303aa13f8ca9aabebde82f77f60d124e3f5ca096d5288780405b88472c8,2025-04-09T20:02:41.860000 CVE-2025-3068,0,0,de66f3afaa7fd4a67fa9d3ab57331fb0ab9491ba6c44d88f9dc6104a16396311,2025-04-07T13:30:02.277000 -CVE-2025-30681,0,0,de727ccbf693b4911ceeb269f6c442e993342edfa40c4b48a18ecafee569717b,2025-04-15T21:15:57.233000 -CVE-2025-30682,0,0,4e341e25f571ff3bf5869817fa9844d08b74ce26de9c382b4a2ab866beda3c8a,2025-04-15T21:15:57.347000 -CVE-2025-30683,0,0,706edaf8ce60226b6137ceddb891c2f7e5ef51c6b73d27ecfc819e8831fafbb6,2025-04-15T21:15:57.447000 -CVE-2025-30684,0,0,332550cf9ac274a815719502ce817571fa51894566465d205f272d8a7c246745,2025-04-15T21:15:57.560000 -CVE-2025-30685,0,0,c45394444a2657603065e733496b429ccbe3928f2f3d36f257fed708aa0393ff,2025-04-15T21:15:57.670000 -CVE-2025-30686,0,0,57667bdd347957535337d1674acdc6bae11667773b17e45f98ba7309919c5a55,2025-04-15T21:15:57.787000 -CVE-2025-30687,0,0,02f2deef2680134cf008fa1a919a5cba7bd8db30f5f4fc1686fb1858c02492f8,2025-04-15T21:15:57.903000 -CVE-2025-30688,0,0,742e23b1df3b104646dbb936ca87efcf74147035c61f8d85a09f464390b7024f,2025-04-15T21:15:58.013000 -CVE-2025-30689,0,0,df828656e716dc7ac700651ca6a1c3e3f60755a23b85827eb44de1be6d397d38,2025-04-15T21:15:58.130000 +CVE-2025-30681,0,1,5fc26d3cf3fcc0f9854625a8bfa4309fa8c67e871b009443e3f78d7820c3c91b,2025-04-16T13:25:59.640000 +CVE-2025-30682,0,1,9efc8092ddae4d3c56aa8ac3fad6cd801aea7bbf3dd15824b603992b847d4baa,2025-04-16T13:25:59.640000 +CVE-2025-30683,0,1,77e72bafcf37fce0769f8ede7b14083fec2e3629a19f45641e8803c75e690cc5,2025-04-16T13:25:59.640000 +CVE-2025-30684,0,1,8c8186d40f5a3f042bc2515d71ecf6d23f026cae4101e021a2cb61cd20fd76c8,2025-04-16T13:25:59.640000 +CVE-2025-30685,0,1,2076eec4385d015fee0649e4090672d9f28163fc4d50d4e54240c09c4c3b503b,2025-04-16T13:25:59.640000 +CVE-2025-30686,0,1,476114f456e381cf0f6eb899611fb9e7228775c9dc9c880ebbe455a22babeb36,2025-04-16T13:25:59.640000 +CVE-2025-30687,0,1,9f67b05bcc3a4b221a6bee152969cf1a32adf4038a9fab45edae356eb2abbe3f,2025-04-16T13:25:59.640000 +CVE-2025-30688,0,1,eac644fa67cf45be0315e8fb627f1f38e01c14492ed5485455492878131a75e4,2025-04-16T13:25:59.640000 +CVE-2025-30689,0,1,5063202e8690d33bf5f1f1ddbfd6b9c81956d2e8da6d8beaa766acbb90c61bef,2025-04-16T13:25:59.640000 CVE-2025-3069,0,0,c275422f91841fbe2892e1b63afd1da88d5376102ceba230e87a55bfbdd7bb13,2025-04-07T13:28:15.670000 -CVE-2025-30690,0,0,14976c02198e53a54d924c3ef20cf6b8a0dac09dee9ec1c54bf327fb501643e4,2025-04-15T21:15:58.247000 -CVE-2025-30691,0,0,26f9e37b73f1846343b6f70c68afc88c2dd0e5e3d4325167bbb91605a5325910,2025-04-15T21:15:58.360000 -CVE-2025-30692,0,0,3a141603a009bd7e9604f285bc589eb6df4995755ae48cfc3d88b9432b4c585d,2025-04-15T21:15:58.470000 -CVE-2025-30693,0,0,14a611c2658eb3a40bae4db7caf80e96dde378f4ef40e4564103b6215c779825,2025-04-15T21:15:58.580000 -CVE-2025-30694,0,0,05f7d0997e4389487da285027c5d35a84a2b7249fee4d1cad5acb4c00cc32cb7,2025-04-15T21:15:58.697000 -CVE-2025-30695,0,0,9ce4804f83de837e5d892b6a749c137787212af36857320c75299f2a9d40fc37,2025-04-15T21:15:58.810000 -CVE-2025-30696,0,0,d7deb80e6182391c9cbca6797520d8de02c8a760528dec4f0a4496892ee29a4f,2025-04-15T21:15:58.917000 -CVE-2025-30697,0,0,2e37f43adefca055c89105d0556b2aa56d5a0ffbe9b4018448d0479e8343c32c,2025-04-15T21:15:59.030000 -CVE-2025-30698,0,0,6681def26219ef87ae7e56bb36b78230e46dd18e7d540c5159e058f843f5f225,2025-04-15T21:15:59.137000 -CVE-2025-30699,0,0,56b3b6e8e3a55f99a49572dba01496c5eca8af4eff9438d9bbd11745a54511d1,2025-04-15T21:15:59.247000 +CVE-2025-30690,0,1,b95125ba48992afd327cf67395e77c1d7760b3f37b1f57e20ac637bcc50c25b8,2025-04-16T13:25:59.640000 +CVE-2025-30691,0,1,cf6ce53fd0a14f08c757a990635b1ea5278a23990cb9bfe01fb8421ed42dce52,2025-04-16T13:25:59.640000 +CVE-2025-30692,0,1,3f09cd779ebdf6b7e1d437ca8d8c92678619e334c9d1d2d8079b264d3189452e,2025-04-16T13:25:59.640000 +CVE-2025-30693,0,1,58df0244654582add8c495b5fa04c8f270c24522c7faa0585b07e29135085b1e,2025-04-16T13:25:59.640000 +CVE-2025-30694,0,1,047e4a9edc9e81f3725cd6695307dc4732713f68e2547fc6046919966354e4c4,2025-04-16T13:25:59.640000 +CVE-2025-30695,0,1,f05dc513dc26128333b0ebaa4c22dd317d01e3b0ad8a258182c7f270b2a57500,2025-04-16T13:25:59.640000 +CVE-2025-30696,0,1,5d78f27041c934d492e318a2c2a310b2955f54a690249ee7672a0e46e622e1c1,2025-04-16T13:25:59.640000 +CVE-2025-30697,0,1,5e9de58b2b65bda2a8c402adabcf0fb2b5093e95c4a44eed69ab71372aba2748,2025-04-16T13:25:59.640000 +CVE-2025-30698,0,1,4f592b71da4dd0a8ab55fbcf24d36b087e592652c17ac640894a51af69ddab2e,2025-04-16T13:25:59.640000 +CVE-2025-30699,0,1,d85fec1a52b426500c02fa4c21efdd2cd5f8d8655b6fabbae59d9384e78b1c10,2025-04-16T13:25:59.640000 CVE-2025-3070,0,0,389eca2715a25e0502dfee20fa689abffda48144e371016d21a2980b0deeba8c,2025-04-07T13:28:06.423000 -CVE-2025-30700,0,0,6c1f1c11dd96926fc987198621a97c3f888f6d160f5272497f9b80e2a13383e2,2025-04-15T21:15:59.357000 -CVE-2025-30701,0,0,02320e0f79de653f0e63ed8ef952acfae9537886c8b2c6bb73279adb07c79e61,2025-04-15T21:15:59.470000 -CVE-2025-30702,0,0,e85f780839776d6e5dec1ea78bba08027d3a0dfb820867f2363a04c0b270add0,2025-04-15T21:15:59.580000 -CVE-2025-30703,0,0,41447de662f40f530efa40f6da0551998ba4ce7ea27fa36e369363244c0fb939,2025-04-15T21:15:59.697000 -CVE-2025-30704,0,0,530c76a78ad6099a5f797fbce09a46ca492cf3dea427993416a68c125e69878d,2025-04-15T21:15:59.810000 -CVE-2025-30705,0,0,4c2f08f25f3a06d9aefbd2a5ea6975bd7b41e598e21c9c0fa400047baf37cabf,2025-04-15T21:15:59.927000 -CVE-2025-30706,0,0,1076bc9255e6e5de6bbe4d4a0dbf049eb216e1aa98b82a04fe29924bf253e2d2,2025-04-15T21:16:00.043000 -CVE-2025-30707,0,0,28f707aa999a0ed69379a943551430dbf174f0f6c89913b7db7b6ebd22bc016a,2025-04-15T21:16:00.163000 -CVE-2025-30708,0,0,a855a578aeef1425fa47570535ccc71fccda39e78ef850829d3285738ddd6b76,2025-04-15T21:16:00.290000 -CVE-2025-30709,0,0,d6da4c3929277a643773b54d97ca5a3d35fe79da3830f7b9e39f38edd39e7d73,2025-04-15T21:16:00.420000 +CVE-2025-30700,0,1,a362a1f52db418ba594743ee7a3172223d16ce76eafe15c2f17c43ca890c1799,2025-04-16T13:25:59.640000 +CVE-2025-30701,0,1,44513962feaef7f79564ef557ab6623f33490128e0bcc28e23bdd791ab449ba8,2025-04-16T13:25:59.640000 +CVE-2025-30702,0,1,5da8d5ca5c5c79a758df420f71d9d826caea9751a114f91b5b9edc6917be1cf2,2025-04-16T13:25:59.640000 +CVE-2025-30703,0,1,650c98d17af9b91e77f4b0af59e4063e8dcd8e182a2b79d9d8c26eb1eec64942,2025-04-16T13:25:59.640000 +CVE-2025-30704,0,1,af431a0a467312ee8971b3f9672e8da6c804106e37a69ba1ca8627f85d47c5df,2025-04-16T13:25:59.640000 +CVE-2025-30705,0,1,aa969d49ac3156e6a6bb51fd27c2ed0c36bf29f361326ebe5a5756560db7d0e9,2025-04-16T13:25:59.640000 +CVE-2025-30706,0,1,af8c6d9ff97e0e84824243db780abf1f247708161657fe2ccb09db57cb38dfe5,2025-04-16T13:25:59.640000 +CVE-2025-30707,0,1,12901135f449d9c7e9f7500e45d06b22efdcbd61beecea010ea56cbf5521a6b8,2025-04-16T13:25:59.640000 +CVE-2025-30708,0,1,79986e2b81e871fbc68eefc7bab3eb8146dedadebe143d92f70268194a98022c,2025-04-16T13:25:59.640000 +CVE-2025-30709,0,1,e26db58dc657d43e896b68c2ab2419e0a97bf5d47268e0582baa845af0141915,2025-04-16T13:25:59.640000 CVE-2025-3071,0,0,d16bcf87876b69db8889459754164a9a7a5a7660b7bb26af9304dff3429a1889,2025-04-10T21:15:49.347000 -CVE-2025-30710,0,0,bd663a973cde3f71dfc1bb0c1fa86318d5c575ad1163058d9c6281d4fceadfbe,2025-04-15T21:16:00.527000 -CVE-2025-30711,0,0,a37cb5a3f95881a6aa0ef83355123b82b96b6b41cb4813735681fb42020988dc,2025-04-15T21:16:00.637000 -CVE-2025-30712,0,0,b053f602e86df40463d3936d6afd9813b8f01f60a56d7e83b804cbb62e9e03c1,2025-04-15T21:16:00.750000 -CVE-2025-30713,0,0,3c7370d5635817de23647344cdd6e2803bc38c58d512a973bd66b37319c420f2,2025-04-15T21:16:00.860000 -CVE-2025-30714,0,0,b56f3bf5f5304b3890cfcaa02f2dfd7d3e696e80b099e93673a484a2e7e7bceb,2025-04-15T21:16:00.970000 -CVE-2025-30715,0,0,79a0080619eda539de2b97a3ec78e9154af44669496fc2f2481eb185479543e1,2025-04-15T21:16:01.080000 -CVE-2025-30716,0,0,5ef2ec7c1bbdb01fe317fd65637074ab3b993ec6b2d02de8d7456169ab702cb0,2025-04-15T21:16:01.193000 -CVE-2025-30717,0,0,5e628152e63610aa0c717986d11b501c59fda5e0a2df2f1309a19c5318d26f46,2025-04-15T21:16:01.317000 -CVE-2025-30718,0,0,20911dffdb8b5003da6259a5a46641ee4cc2311951e1aeeee5588b8d947e0e4b,2025-04-15T21:16:01.417000 -CVE-2025-30719,0,0,979ccca11b84d949959334c6cf4cc73bc1fd9f936b4c044a29f911949a31fafe,2025-04-15T21:16:01.530000 +CVE-2025-30710,0,1,980a074a2e381c8ce06d3e83bbe021b0b6b3814943209a130ed620cde1347b57,2025-04-16T13:25:59.640000 +CVE-2025-30711,0,1,d59401efaccc801885ce28402a9008c3d15abe8b0fcf43bcd62ab747fedc7e0d,2025-04-16T13:25:59.640000 +CVE-2025-30712,0,1,641a74935c8a61af85585e42d1034bd8d5a81b1cd3c1a9ceff1fff45e043427e,2025-04-16T13:25:59.640000 +CVE-2025-30713,0,1,c27cf88f29669a835de6255dcece0c6cf773a5538133681e89ee1a7d3a8e019e,2025-04-16T13:25:59.640000 +CVE-2025-30714,0,1,2c7105b14bbc54662e2b1ffade34633443eb863e1cd8f94005f3f8d2e767bbb4,2025-04-16T13:25:59.640000 +CVE-2025-30715,0,1,d47f3c433bf2bf4214d083e8d20b1b73da407fde8f9d70a8e477e5aaeba241d7,2025-04-16T13:25:59.640000 +CVE-2025-30716,0,1,01ee84d78e1dc89152df219c0b3e0640eceb13a50d85f0a0d1ce18aac6015d9b,2025-04-16T13:25:59.640000 +CVE-2025-30717,0,1,20fcc5e5543aa06aae400db89ef16c93d314b5ab28af64d362ff7e07eb0d5475,2025-04-16T13:25:59.640000 +CVE-2025-30718,0,1,944202aaf21711f19fdf126642b9661d6053a49013db765ef74f18272b56a12f,2025-04-16T13:25:37.340000 +CVE-2025-30719,0,1,edab994f531ba68b03fcc013f401b3a76edb4b2ca9dfb5fdfc0fb3955a7d0db7,2025-04-16T13:25:37.340000 CVE-2025-3072,0,0,eeb3db7593d5f3529425ae721269ae179a33f0348a29e56f5910d6e63bdc88c2,2025-04-15T14:15:42.603000 -CVE-2025-30720,0,0,be711cd2afdcefce54643a3e6a3b7a315dbd2bf0a19c4c1033220dc6e7cf9654,2025-04-15T21:16:01.647000 -CVE-2025-30721,0,0,eb619243a3d6d76ac434721d0d0df64234f5f82291f9a2d13e5fb699753bd627,2025-04-15T21:16:01.760000 -CVE-2025-30722,0,0,13565ec682ea175a579d697f04f9f114bca5e90a1eb20ffc3d78ad1f931934a6,2025-04-15T21:16:01.870000 -CVE-2025-30723,0,0,52f7a3f4b3f28e744254067195be18e57c4fd1a9c00e37192faca26147348e6d,2025-04-15T21:16:01.990000 -CVE-2025-30724,0,0,9aa6c3cd275e066340079f80c291adca96e4d7cd1b5237a3df4b639e87a2665b,2025-04-15T21:16:02.103000 -CVE-2025-30725,0,0,d8828de8a9e5ab761670ed6cda45419eb3abfc683100aadf68e5dd75c6d8a12c,2025-04-15T21:16:02.217000 -CVE-2025-30726,0,0,20fc90cfb9f1fc12e33145c90e1ad220c2958880e1a612ca8ebc2ba844612b46,2025-04-15T21:16:02.327000 -CVE-2025-30727,0,0,94a65f456189111be3ea7332e0bc5b8b5a25a09cf20e074e29a9151223b66014,2025-04-15T21:16:02.457000 -CVE-2025-30728,0,0,5f2b981cfa31636ce8734f7e029e0c40cfdabf71d93ca6ef14961325bf73d550,2025-04-15T21:16:02.563000 -CVE-2025-30729,0,0,00813415b33bd9b8b3323393e8caf123e46a4904311be76cd6cede28d194196f,2025-04-15T21:16:02.677000 +CVE-2025-30720,0,1,abf5635f797042efad8bb697933f1423e667d989a7cafdf71e570009b2139c45,2025-04-16T13:25:37.340000 +CVE-2025-30721,0,1,d78b8a48def3a82289cc73569b02f610ebfe04beec9740314b22fac8fe538e81,2025-04-16T13:25:37.340000 +CVE-2025-30722,0,1,fcef87f888000b209276366dfbffeb0ef3c15bc3fda76cc72da960119b0a2f78,2025-04-16T13:25:37.340000 +CVE-2025-30723,0,1,107e0efde3efcfbbc89ee1d8f0fb71ad136bb7dee254eee478ab3fa61fdeb765,2025-04-16T13:25:37.340000 +CVE-2025-30724,0,1,f392e47a01bfa51833b6578b84e655d39f40d33e113945994ffd19c83e1043ff,2025-04-16T13:25:37.340000 +CVE-2025-30725,0,1,ce6a1c78f906d7fbcae105c3f405000daa8a038c7116d41ef9d65d3f1e0f46c1,2025-04-16T13:25:37.340000 +CVE-2025-30726,0,1,5c7e3ae1f7d6e89707a3bc51fdbb682b12dfc058758b4235d955cff5e51358c3,2025-04-16T13:25:37.340000 +CVE-2025-30727,0,1,dea4ed917a9c28b84372b8882b0976a5e9b2f27304fa3ee487955698723b540a,2025-04-16T13:25:37.340000 +CVE-2025-30728,0,1,f1d17062a37a93d2bf6a57fd62237c8480f0b9526d0ead5f8e433550c47fc1e7,2025-04-16T13:25:37.340000 +CVE-2025-30729,0,1,00d50eaca23cc4bfb10f10e76da1362aeef903a136d8c3811da6c9466d57bdb4,2025-04-16T13:25:37.340000 CVE-2025-3073,0,0,b8cefb713e892a781a35310514ad6b3b41dd1484763cb3422d2c498e41be370a,2025-04-15T14:15:42.760000 -CVE-2025-30730,0,0,4e0248b42bb41941444b4baad8b0cd067071ddfd5e9d08dad4cff58186cb730a,2025-04-15T21:16:02.793000 -CVE-2025-30731,0,0,715b4163025c8136edcc29a3affebf84a0ae31a31807dfc54f87df7fcb0a6b42,2025-04-15T21:16:02.907000 -CVE-2025-30732,0,0,26afe28e36e9844321f01570bd271451cd681f30b0d44d8467a37c65ee99db43,2025-04-15T21:16:03.013000 -CVE-2025-30733,0,0,25d7d25c61eeb44835e0d90f0a1dea40102f183c67c83a6631de6824552e975a,2025-04-15T21:16:03.133000 -CVE-2025-30735,0,0,704f922d9702731b326a230b3edd0b4790b8871943860c2a6cef138bee19f6c8,2025-04-15T21:16:03.247000 -CVE-2025-30736,0,0,3f2164f9cfc4847badd98bee40c9afe59b2289af7a554a64fb3f9f079f8dde55,2025-04-15T21:16:03.360000 -CVE-2025-30737,0,0,7ff0a27daf3370ed8a0d6ad95dcbd57a3e98b60a0f5b25c589b2b8ca8ca2b71f,2025-04-15T21:16:03.473000 +CVE-2025-30730,0,1,254091f6692621fcd70465a9329d05c2a02c7a7ae95ae97ba3adfa4c34266a46,2025-04-16T13:25:37.340000 +CVE-2025-30731,0,1,b708a45780c951e7827c1f7a6f97e52981192d17f0fd666af2702f7f27821d17,2025-04-16T13:25:37.340000 +CVE-2025-30732,0,1,d3e9f99945117bc1e3040f7a2cbe63f9af5f9f0cb21bc6691bd38bd6047fde71,2025-04-16T13:25:37.340000 +CVE-2025-30733,0,1,533e382b58b112785fd62e54339d956151017aa31563ecd20db31659e608a4b5,2025-04-16T13:25:37.340000 +CVE-2025-30735,0,1,be1064c8f422c10fe8e519f7a1324f015f22b4912b694486a64bc1858a6a1c8b,2025-04-16T13:25:37.340000 +CVE-2025-30736,0,1,e972e3e232a25c4d006e18ca3c57ac7c151c933cadf450f87207f2ebcf3b82b5,2025-04-16T13:25:37.340000 +CVE-2025-30737,0,1,5bc86acdfba00308a1fe44455ebc9c8249de2afe7326b86556cf07a4fa2c3833,2025-04-16T13:25:37.340000 CVE-2025-3074,0,0,2919bffa252d2ef1244b20f9a8e634aa667db9aeff764ace7dd4a346fb40ac69,2025-04-15T14:15:42.900000 -CVE-2025-30740,0,0,801e2b3b97949116ba0792fe1a8a34b2b193fa3ac7c85bd2bdedff3b2a7d1924,2025-04-15T21:16:03.597000 +CVE-2025-30740,0,1,4f54a7d91d1672fbce768f716eba614845e0af88eef4cb3df921622428eb6df8,2025-04-16T13:25:37.340000 CVE-2025-30741,0,0,a7ba724d5523a4cf0c1b38678a2ee1b0c99bfb24f80e0249782577c8771159ad,2025-03-27T16:45:46.410000 CVE-2025-30742,0,0,86ca35df94be3200dc999955b93d6c2b0d3e9fbdd347944fb57613c93c49228a,2025-03-27T16:45:46.410000 CVE-2025-30763,0,0,8cae761cd1fe343dec958c3bde26a021d7b611e1f3fb5c049ea6e8543db73e0c,2025-03-27T16:45:27.850000 @@ -288568,7 +288573,7 @@ CVE-2025-30766,0,0,b959d5b90514fcda1f235f5f0cdc6456653b8a74c7a69faed76c642563713 CVE-2025-30767,0,0,2cd416346be5e5c4eb60291951595fab2d1897d1a2a5870fcf71565e31b0348c,2025-03-27T16:45:27.850000 CVE-2025-30768,0,0,327842b4665976903497c3474c4429ccb925ec9c8575b431a01ca46ec9cc40c0,2025-03-27T16:45:27.850000 CVE-2025-30769,0,0,cce80edd1330c7e05e676ba6209c7d7c8b963a033a628fd98a1f094c897a18d9,2025-03-27T16:45:27.850000 -CVE-2025-3077,0,0,b469416d3cbf12bcaac9b0eb76c88f3364678ddc9a85ef60742e13809b662bc6,2025-04-16T08:15:14.500000 +CVE-2025-3077,0,1,14e488e13da07fd528191ca2233e511c2f4814f193ca119f02309dcf3bc49c4c,2025-04-16T13:25:37.340000 CVE-2025-30770,0,0,dab4ea9f83ab36dcead4f406120c8660a192dafbed11b3cf32455fb77181496c,2025-03-27T16:45:27.850000 CVE-2025-30771,0,0,4bc7204c9348fe2621346e8eac40aa2932f849595d64cbefee5e299599efe9c6,2025-03-27T16:45:27.850000 CVE-2025-30772,0,0,3ddd942d529dcad81069b9d4fc16adf3a7169a1e32d2feeb4eedd047e790943a,2025-03-27T16:45:27.850000 @@ -288732,20 +288737,20 @@ CVE-2025-30924,0,0,f7c9bc1028773adc8e89a6f6304abf0ba5e8ad193dfedb8f5ad01eddd1963 CVE-2025-30925,0,0,303059a0519907d0c47140322e242ea05b7024546a805d0c164e0f0e362aa4c3,2025-03-27T16:45:12.210000 CVE-2025-30926,0,0,b661a84f99652a2821e7ff3d11c13e4069bdece4b97608c23c3ec387d8764f48,2025-04-01T20:26:11.547000 CVE-2025-3096,0,0,8268841e6f7bc41398dcf36b7be8d3dcaa69d002c9097adfeaedeae01b3e118b,2025-04-01T20:26:01.990000 -CVE-2025-30960,1,1,f1dcdb33cf5bf7e5edf2fc52a789e3858c62dc85e1b4265cbeb0a7e1757401a3,2025-04-16T11:15:43.090000 +CVE-2025-30960,0,1,281473a8924cfbb3f0531d373f76684a182c3d1393799c079c08339c17536056,2025-04-16T13:25:37.340000 CVE-2025-30961,0,0,a9060b0c2e5039ac1c7dc0d0a4866d8355c5b144195397ac7f7bbd22c91d7a82,2025-04-01T20:26:30.593000 CVE-2025-30962,0,0,61abc3537c316341b81e3b604ec8a2370306f1ae7f221848a71a48416fe8c0ba,2025-04-15T18:39:27.967000 CVE-2025-30963,0,0,8f31ec02fefff5554b72626ba454b387f81489df6ae8a03a71d1b10a82ac3371,2025-04-01T20:26:30.593000 CVE-2025-30964,0,0,b1bdd1e8b847395bebbbef539d6bee054063ea1911ad7226d4d14c5adf11ab91,2025-04-15T18:39:27.967000 CVE-2025-30965,0,0,2aab2c872c22b115fc299a8fe36cec7869a34f86e4bdcc406bb909df9f628702,2025-04-15T18:39:27.967000 -CVE-2025-30966,0,0,ae5e1beb5a32b51adc60e0077e99d8865dae69c19a7c61b69c645fd37557bd16,2025-04-15T22:15:26.553000 -CVE-2025-30967,0,0,210e4d5f6b848e1bdb547a3392db4b7f129b963c9a860cc57ae0c8fe90d03089,2025-04-15T22:15:26.683000 +CVE-2025-30966,0,1,ac009a6da52419c0270aa04ca81abc4fa5f318078fe3f9441908971cf101d5af,2025-04-16T13:25:37.340000 +CVE-2025-30967,0,1,0c0b96e53b9cde9ad2bb3f71987232b57aa50bd6a24c6758752eb95376072a25,2025-04-16T13:25:37.340000 CVE-2025-3097,0,0,a56f46f6ab586feb1d3c504e3ae22e548d2acd2889f7f29233e79a32e7240220,2025-04-02T14:58:07.527000 -CVE-2025-30970,0,0,6f2adbd9b5e6b5d96a59c4170e31edf6818f99d9eb4d864a1fe13551e68e2f6b,2025-04-15T22:15:26.827000 +CVE-2025-30970,0,1,0383c09158983a94697a54299bf3565b5884c0a46522c56908d558692c246209,2025-04-16T13:25:37.340000 CVE-2025-30971,0,0,bdaa81d5f90f891b35dfd2da44198cf771c61350682b9305a17f8bc2d53e966d,2025-04-01T20:26:11.547000 CVE-2025-3098,0,0,64e3da7989169613fb4eaf552a0f5621059a5a42e666f32ff39d3d155f26ca41,2025-04-02T14:58:07.527000 -CVE-2025-30982,0,0,2557e0e7c323070d97101026d156e5e6c3ea92cc35a8e6d8e5618e215bd16dd4,2025-04-15T22:15:26.957000 -CVE-2025-30984,0,0,f1e1c846a02a8f359847d030b1c7a2377cc4e1cd143c4001d919aa6a57682b9d,2025-04-15T22:15:27.137000 +CVE-2025-30982,0,1,59b15597be0361f08e3ea3f80591cb7c60a45abff0964752a18bb3c57220d42d,2025-04-16T13:25:37.340000 +CVE-2025-30984,0,1,034a74e0caa7bd14ced17a5c80bc778777c5654b7ca69176fb0d7f7ebaf75688,2025-04-16T13:25:37.340000 CVE-2025-30985,0,0,4d5b87b2ec0bef3e56e1cd5a13b3f11fdf6c579a0e83bf5a1537331fb22c849f,2025-04-15T18:39:27.967000 CVE-2025-30987,0,0,1ddeca9f293b13339e82c187149d285418438fc60231797e7c68c5fcad6fe64b,2025-04-01T20:26:30.593000 CVE-2025-3099,0,0,8b5b94044c5b312a61081eb6466602886f5edc420174286cf66115736f8de591,2025-04-02T14:58:07.527000 @@ -288778,7 +288783,7 @@ CVE-2025-31034,0,0,00045c692d736174347a15996f2644c271311b493b2650b7c9934fd5c24aa CVE-2025-31035,0,0,5c760e02fcbaee44a22a24ae8d34d9e90e3913b6f5837b6cb83b1fc705e4819e,2025-04-09T20:02:41.860000 CVE-2025-31036,0,0,62cc9af3a9e12c32332fdab0e5c5a83ab6b53958493b4efe680877f6a1c84c8b,2025-04-09T20:02:41.860000 CVE-2025-31038,0,0,7b5afc8e5d375ec9301ab6b724560141888b47309d5f5f2d9937b8782c078587,2025-04-09T20:02:41.860000 -CVE-2025-3104,0,0,0905d759a0bca7551d77d61337908493b7c73c18965ca2d5a29e73b8c43984f3,2025-04-16T09:15:28.030000 +CVE-2025-3104,0,1,8ec9c38499be01585904142f3c7fa726762c923ee15b2c5d108d30c770afd2d6,2025-04-16T13:25:37.340000 CVE-2025-31040,0,0,0231cc866d51dc61c7f61781fad3ea23cc4ca7aeca5478924158d392d59bb7f9,2025-04-11T15:39:52.920000 CVE-2025-31041,0,0,0041321ae6c993907944cd87119ee6b5b37dfd775d87cba0f12518a7a41dc2cd,2025-04-11T15:39:52.920000 CVE-2025-31042,0,0,dd7508689f88e2fe1dddad52457abe85ec8bdf2cefb5a744ba057ee4d8c1ed58,2025-04-09T20:02:41.860000 @@ -288846,7 +288851,7 @@ CVE-2025-31139,0,0,f77a452b5e1edddf158af71a264cde2428ac6b657f8dcbc921a40f17dadbb CVE-2025-3114,0,0,418d9b2c4c39970a6b7c0e8549739605f4addaf83e877938cc0f3fc3ab0c1506,2025-04-15T21:16:04.847000 CVE-2025-31140,0,0,b5354da0d0be6641b36fd62d7ae5da72fa26945541a5950d6dcb5ec04d83adab,2025-03-27T16:45:12.210000 CVE-2025-31141,0,0,406867c864568f6048dee1b7cffcd596f08f273e12b98bc9b9a899fec211a190,2025-03-27T16:45:12.210000 -CVE-2025-31147,0,0,e354a34ce7526459b0a269b12b480f774e9d49e851397c94e899e7682ed69a61,2025-04-15T22:15:27.283000 +CVE-2025-31147,0,1,b4b9372e5c8a5e40ec0d018e08c7d412a3cd39ffe19cf8f186844b6fcf8ffb0e,2025-04-16T13:25:37.340000 CVE-2025-3115,0,0,56373582c6a36776aed89b3820adf24688db4877d09f8b8d1c0e67b7b8bdee29,2025-04-09T20:02:41.860000 CVE-2025-31160,0,0,82f17d7889cbcc07a050e3bd5a0bf584b89c18037b9043c83c638bc1493fe9fc,2025-04-07T01:15:42.477000 CVE-2025-31161,0,0,a5cff012c6715e6d7cdf36222e1d08dbc62300c22c1d4fecfefc68e4ec1dd101,2025-04-08T15:30:22.440000 @@ -288897,11 +288902,11 @@ CVE-2025-3134,0,0,a71cb6e1788fa22b93ff06d650061e802b0d1c6df7394ab696b49920594382 CVE-2025-31344,0,0,65c936e29f1de25d67d01a063b267643eaf5638b5d4808a0121d439e68cf0905,2025-04-15T18:39:27.967000 CVE-2025-3135,0,0,faf2817fe977a6ad95e9552e324f8f965e6f56a203594f3cbe1385fe01f217f4,2025-04-07T14:18:34.453000 CVE-2025-31354,0,0,8859aebbd9d1507a0ccff49785879adc62d0266669311963d5ee8770dbdc051b,2025-04-15T18:39:43.697000 -CVE-2025-31357,0,0,1dcbf52d71c5b1a7ef73593329e4bd6e9a93fd35a0759c036187653e0f0c2856,2025-04-15T21:16:03.737000 +CVE-2025-31357,0,1,10568eb634d6e712fcbab95ba9d1ba1b9cae9c7b98346cc44a3edcb291c43f89,2025-04-16T13:25:37.340000 CVE-2025-3136,0,0,80636d1eff19bdca2f7e3675f7eceb70040c1df75b8bc383cc4d01584e4433e6,2025-04-07T14:18:34.453000 -CVE-2025-31360,0,0,6347fffbef756cc7d052dcd15126111bfd429995509b7dd054de78f08422c896,2025-04-15T22:15:27.430000 +CVE-2025-31360,0,1,d1f586e795abef0eb367609debec6330cd41ffe8fbde4933f6aef94b2cc696ff,2025-04-16T13:25:37.340000 CVE-2025-31362,0,0,29e714bdac918165d1f72d9b66a1fef39fc1fe95242e3501acdc160e75ffc0c8,2025-04-11T15:39:52.920000 -CVE-2025-31363,1,1,b8331e76bc58c14f9fedb7995970b49b57b0f41f7515f2eadea24abeda58f96e,2025-04-16T10:15:15.170000 +CVE-2025-31363,0,1,1d9d7cda8f37c689a0d02ddb6c79dae73e021ee6be17fb1fb2ca383a2438db69,2025-04-16T13:25:37.340000 CVE-2025-31367,0,0,85cd14db2ac76f9194e6a05115a520fe93ce77ad125f659bc4b1625771b812eb,2025-03-29T04:15:24.037000 CVE-2025-31368,0,0,07c9f19a54136c020ece5afe45106551d4106a87fecd0821fbb57cd0575c1b58,2025-03-29T04:15:29.740000 CVE-2025-31369,0,0,25ade6a3774203ee6fdcd4321ce56e82b90112f6538ef50e396382d43bc53a60,2025-03-29T04:15:38.600000 @@ -289027,9 +289032,9 @@ CVE-2025-31491,0,0,121a93a76a8e7ee91d64bde9e260caf7e7fcc2f30832e94abd08189e26e2d CVE-2025-31492,0,0,c3a8af2b78a6ecf7a731e5159a73f99e4e0787364701aa4aef00fbbfc177b209,2025-04-07T14:17:50.220000 CVE-2025-31494,0,0,49e512ef4ebfe8914086467b54ce6e9a2ad2dba6ac7ca963a5d77ca48d87fef5,2025-04-15T18:39:27.967000 CVE-2025-31496,0,0,12f17064ea4e4584d7a91216d2d100c9a89220efe7b8206230e9a4ff7e506dee,2025-04-08T18:13:53.347000 -CVE-2025-31497,0,0,d2eb0a84cd26ddb4971b6a4980660bf39bef72b267885351680d57c6bad841f3,2025-04-15T20:15:39.270000 +CVE-2025-31497,0,1,1b82a56d9177bb215369f5c660b01f4df1461ec4d11c3d6455af08d6d37b9842,2025-04-16T13:25:59.640000 CVE-2025-31498,0,0,f84cf018b9a7f2d3baed2463f19bf6204e206ba0c9a21e4ea32e21746b404d29,2025-04-08T18:13:53.347000 -CVE-2025-31499,0,0,68ea86c421fc8a23a1bb46288bb8e1d590f84c93314488cf6a3bd2f878eb4b22,2025-04-15T21:16:03.937000 +CVE-2025-31499,0,1,100e06aff4f77dc4647d3005d0769091b549a8bd3abfda5543fb54d262913d30,2025-04-16T13:25:37.340000 CVE-2025-3150,0,0,a30a7688ae10248ab6f92b08d529b33559f00224524ffa44e9f5b1d925f39cc6,2025-04-07T14:18:34.453000 CVE-2025-3151,0,0,fc53025e57933c63ffd27d66baa971840e395a51a52617b1c48843e916fa986d,2025-04-07T14:18:34.453000 CVE-2025-31515,0,0,65e0cceff3005eb000d81df9c13b2b61bcc11ce5d49244e52c4f8300da4f784d,2025-04-01T03:15:17.700000 @@ -289160,7 +289165,7 @@ CVE-2025-31629,0,0,7feff55cf06b17a9b14d5e928a7330b9e036aea992741e33d5558d6e786b4 CVE-2025-3163,0,0,1abd6db1045bbae70669f1f8c9907280a5478489e8b1ebabb8eb88b115451d71,2025-04-07T14:18:34.453000 CVE-2025-3164,0,0,524d9769a71affe8b81690c3ed0b562fd00f5c5232f9c0d91b2d9be6cf9796fb,2025-04-07T14:18:34.453000 CVE-2025-3165,0,0,2e02105ce99f3564dd878406ce8c0b7835d84010bc4a7c0c3ba88c3a6192f2c5,2025-04-07T14:18:34.453000 -CVE-2025-31654,0,0,c2390a8456819e6bd2298a5dfb5a1f55431b0863dfb6b947843ec698efe845b3,2025-04-15T22:15:27.577000 +CVE-2025-31654,0,1,c85615ab54233a158d1eec4ce7ea5a25d93d07293af602cf9b39c0b8e448858d,2025-04-16T13:25:37.340000 CVE-2025-3166,0,0,17028d9ea804572df4baaaae9408352ee57c738220a3aec0680e295f0ee3c81b,2025-04-08T19:54:38.830000 CVE-2025-3167,0,0,b34599c040918980d6f606e5670b68090d1729d06d9c44998cbb7c2b6c7b9e52,2025-04-08T13:50:05.433000 CVE-2025-31672,0,0,dbd3fa2043f1cba55af7fa71f1f7e198def36b294c8a0580ce3ec06fe96c5aba,2025-04-09T20:02:41.860000 @@ -289407,19 +289412,19 @@ CVE-2025-31910,0,0,f90306bb3a5ca866ba4ad6c3e2e3265ac1aee43de585a8755ddbdfd5d848a CVE-2025-31911,0,0,a3e8c05d42eb38721b859fcb5e3e84e7f358ba837d299b49c2c70eab8912fd09,2025-04-07T14:18:34.453000 CVE-2025-3192,0,0,14f88a64f4f058599196fb894b7652f55d55387666faa45a3d02f24f7d0ecfe8,2025-04-07T14:18:15.560000 CVE-2025-31932,0,0,362dfb3dede0e01aeba8ae3f507453eedf01ad64b58b11b9af4da649bce815d6,2025-04-11T15:39:52.920000 -CVE-2025-31933,0,0,52176559ed996047acf3cdfe6474df7f53f3501bb4d353550f6b653d7f799d77,2025-04-15T21:16:04.063000 +CVE-2025-31933,0,1,2a61b61203ec683549113bb16960e9aeb58172d005b123a154e689ef3beec5fb,2025-04-16T13:25:37.340000 CVE-2025-31935,0,0,1a1eebc01d15fbf2c63c6382620e7c4790cb67d3b55395a82d0ec6c7df306a0c,2025-04-15T18:39:43.697000 CVE-2025-3194,0,0,23a5c95379b253424e9febb0b842b536dd2f8dd3324a3c76cbac09d82342e603,2025-04-07T14:18:15.560000 -CVE-2025-31941,0,0,56ec8495309ee4d3db55b58dd91eb1942e9a12588924b8072b3c8ffceedd1713,2025-04-15T21:16:04.200000 -CVE-2025-31945,0,0,47859805b6daadee2c736e92826d4d2679547deb8018a67bf6bb1ecf06281234,2025-04-15T22:15:27.730000 -CVE-2025-31949,0,0,82ad48a902781c5e8b3d05c476fe9bd563af6002448b9038fd17b9e1440e9dbf,2025-04-15T21:16:04.337000 +CVE-2025-31941,0,1,29bc49fedf031151539c0dbaef611b89965ac35da910eb4b812a785b6c68c30d,2025-04-16T13:25:37.340000 +CVE-2025-31945,0,1,e363e3d97604f53150fa4a3a546fa69abe62e1d0d4e8340507297aad74b6c6af,2025-04-16T13:25:37.340000 +CVE-2025-31949,0,1,04e674161e866304240acb145291660b9b3f1e4d7b002c2903be172476121e53,2025-04-16T13:25:37.340000 CVE-2025-3195,0,0,93a6c89bac6b891825aae9732fe4ce25fe868ef9ef97cfbba20606c8bcdcc376,2025-04-15T18:49:36.733000 -CVE-2025-31950,0,0,99de02793e5b275dd0dfb1ff8d660b9997cbbf576e3f23de915b6c76e957e3b5,2025-04-15T22:15:27.867000 +CVE-2025-31950,0,1,ae4037468931b312cd6a0f1e462daaa883a2ff6a14f26c331c4565822f400cc4,2025-04-16T13:25:37.340000 CVE-2025-3196,0,0,bb0d2ecf21993903a71e6dff645fdb05a339ebaf3e6e9f8f684bcf59eec4ea9d,2025-04-07T14:18:15.560000 CVE-2025-3197,0,0,e79e9bde316dbfd1ba7b8b9ac58822adceab867075d18a7670c50494d881764a,2025-04-07T14:18:15.560000 CVE-2025-3198,0,0,9ea9a8c586fb27cd4141f26bc5f53c6d47512dda4a6f8f32123c47190f49343b,2025-04-07T14:18:15.560000 CVE-2025-3199,0,0,b2c8a0f552e5c66b559702403ed11bd1140ca56173e2c4b53e84f8a9895b6f6e,2025-04-07T14:18:15.560000 -CVE-2025-32012,0,0,08dc34f05cdbff74ee93f758e43274cf2fbd5ba46ee2243f43a4a533b44cefe2,2025-04-15T20:15:39.400000 +CVE-2025-32012,0,1,b0776b1f52985236e3b0f0ac31e6563e5d0337c072f41a1ff81c3b677d9f11c3,2025-04-16T13:25:59.640000 CVE-2025-32013,0,0,b9e014f5fd31f7e573b509bf40d04ff5548b21d354f26d5a5266036bb938dc7e,2025-04-08T18:54:07.337000 CVE-2025-32014,0,0,af089ef047d3ce8d7747406914b66a9d22daea2274c66b4c0d88bc73728bf977,2025-04-08T18:14:17.307000 CVE-2025-32016,0,0,210d54eeb85679dba0aa0fa591ab7524396a1833fed6c42b9666ce95c8071335,2025-04-09T20:02:41.860000 @@ -289427,7 +289432,7 @@ CVE-2025-32017,0,0,8a0f7f2a3dc0f318bf58248c4fe2f160ba48033de9c615edbc9d5ce3722cc CVE-2025-32018,0,0,f9a9dd5168ecc7953ffdea2ce7e4019a350eb30fd43b370fc3c1a5f23e1a320f,2025-04-08T18:13:53.347000 CVE-2025-3202,0,0,b5df9a4f10b6a094526640bce151f74d263fe1512b1e3334f9249ec0e5e39a5f,2025-04-07T14:18:15.560000 CVE-2025-32020,0,0,5b7d2613617c9ad4e941ba7e2b1cf1f147b7a3d7b6c82162fb86d6a3786c79d3,2025-04-08T18:13:53.347000 -CVE-2025-32021,0,0,f5de35570fd18b279ed3edc00072ab0d6440a80ca60d4e2a4de58929680620a7,2025-04-15T21:16:04.523000 +CVE-2025-32021,0,1,a8ba4b0b79b31bd02c0118585301794df7dafbff809e010626ab24e62cf01525,2025-04-16T13:25:37.340000 CVE-2025-32024,0,0,aaff324cba06ca8f03c4a4173bee9b2afa9dec13a6b5d5f449993fc4b6eea500,2025-04-08T18:13:53.347000 CVE-2025-32025,0,0,5b101f2fdaeb4bea12aa8eb2f822059db81531c623e382758e69fd88182cc8e2,2025-04-08T18:13:53.347000 CVE-2025-32026,0,0,a3f057cbd474338c495f1d95a560978a772ad4f2f87d9883afb826980afa64ff,2025-04-08T18:13:53.347000 @@ -289675,10 +289680,10 @@ CVE-2025-32380,0,0,c8e502ca2a1d7848aa29488649458187bb1c1a319841e66316c941fb4f151 CVE-2025-32381,0,0,9a021bccb8055e9ac06ab545154eb07d7cb170bef3ba75a0a61768987e904be0,2025-04-09T20:02:41.860000 CVE-2025-32382,0,0,500e2233bfdde4ca81f1cd7422b1483ead79a7537a8327f54eb95ab0c00c34d0,2025-04-11T15:39:52.920000 CVE-2025-32383,0,0,0af06fa6169ce711a7266c3fcbd3f7c3bdf408f8bfe0c4ec49d8139c73ec676b,2025-04-11T15:39:52.920000 -CVE-2025-32385,0,0,3971c96b1694f29505bcc6ea03127f5fb9e32904c841e72f29aca63a4ddc9a8c,2025-04-16T00:15:19.907000 +CVE-2025-32385,0,1,871cc088ecb38998563a7e6abdf2496fab6f587a5dc58dfbfe2dce7b9fa8499a,2025-04-16T13:25:37.340000 CVE-2025-32386,0,0,35fa478ec866097c61376bec0ef1c1b1fc66dbd01bb69c1c6b6e024f68419ecd,2025-04-11T15:40:10.277000 CVE-2025-32387,0,0,d79aab09e55ea3579243a6297cec6b2889716102a81419246cfea55d51fc569c,2025-04-11T15:40:10.277000 -CVE-2025-32388,0,0,08a806e8c80b0e5ceead86839bdea82fded1ed701016ef6b56fdadf847a9f42a,2025-04-15T23:15:42.843000 +CVE-2025-32388,0,1,5761246ce985a7eafedebc4f0456afdc6153971f351241992f6fe04253859380,2025-04-16T13:25:37.340000 CVE-2025-3239,0,0,d82817b34dd7b66d6aa65a93073be6dc4033b0ef23e651c8d1c7428dd5441e76,2025-04-07T14:18:15.560000 CVE-2025-32391,0,0,01a08115ae4cefd9de1b9aefec1b85980241d6513f3292da97678ea6370f601e,2025-04-11T15:39:52.920000 CVE-2025-32395,0,0,a161f016c761dba18a6390dd5da5792bac2d2e42803818db2da92c349d4b75cd,2025-04-11T15:39:52.920000 @@ -289693,16 +289698,16 @@ CVE-2025-32426,0,0,97f7719ef42c67257e2006b52ab9747f51788ff83c926fc892139743aec5a CVE-2025-32427,0,0,0416426b54022f69535fafb066a105f3453a61c3cc047d8982deab84a0710a9d,2025-04-11T15:39:52.920000 CVE-2025-32428,0,0,32eeebbb9eb52efc2ed96bd05d1eccbda5203d0361f63bfcafb88d13c22b345a,2025-04-15T18:39:27.967000 CVE-2025-3243,0,0,b05341f12b748941f8ca2dc4c2b8a53c07658570f17c96676f3c5904a6066c66,2025-04-07T14:18:15.560000 -CVE-2025-32435,0,0,653269282ccdc841467a0cfbb3a52dab67e569139669ef6c33c1f953667148f6,2025-04-15T23:15:42.983000 -CVE-2025-32438,0,0,bb64812376d0f8c327414293e83e3eb4e7826963b95d6fad17d830466791c359,2025-04-15T20:15:39.533000 -CVE-2025-32439,0,0,1fb298802f1711c990bb5f83d30b91c97afe550e21454e25e5a50939f2db6034,2025-04-15T20:15:39.677000 +CVE-2025-32435,0,1,7ba8a8f054688926acb7f901f231a9b0d1f3c82a661a3919e86abb05ad5c7deb,2025-04-16T13:25:37.340000 +CVE-2025-32438,0,1,296774c27c9f9d6fea06d7416f18b1b6b989b53f8f837fb0990eec395e66a9b8,2025-04-16T13:25:59.640000 +CVE-2025-32439,0,1,bc2ffe14216b9cfe29b31e6fc5be13f4870b9bbc8f43f42b1dd5fa85872b2005,2025-04-16T13:25:59.640000 CVE-2025-3244,0,0,a20bb1d848a28a44d0b8d510e43cbe068220041e655dcf96cf8633b9bc977caf,2025-04-07T14:18:15.560000 -CVE-2025-32445,0,0,efadc0d2312e38527e9b43436366383bf8dd4a41f3fdce4ffe8f9ebbf65733de,2025-04-15T20:15:39.807000 +CVE-2025-32445,0,1,1b5ba881d2838c8e1a17201ae0d99d597a5e3f65b98d8fa06e156c1abb87955d,2025-04-16T13:25:59.640000 CVE-2025-3245,0,0,396ea3bbe154112d349f915c8c28a6610578699cecf486191d9d012a69d9c5b9,2025-04-07T14:18:15.560000 CVE-2025-32460,0,0,16cc364f1c655bf6f21d50384a646311718edc25ee850ac035bf3b1975d34030,2025-04-09T20:02:41.860000 CVE-2025-32461,0,0,8bce56f6863b74eaac27069424b18b802ee4aeb8905aa3153fdbbd924c0604dc,2025-04-09T20:02:41.860000 CVE-2025-32464,0,0,90ecf00992aa935a1ec172382a80a6a814adef224b6842ca8a80c5ebbf6d56cf,2025-04-09T20:02:41.860000 -CVE-2025-3247,0,0,fa8780e25ad5b025db213cf6c924f2e6ef3351ee29b437d774b8dd4d4a6d23a9,2025-04-16T06:15:42.933000 +CVE-2025-3247,0,1,de417f93083f53a095a331b7f7a4a52b9b1338fe061d7ed48128d633e68ff031,2025-04-16T13:25:37.340000 CVE-2025-32476,0,0,9d54d65167184e122be5c3a790d5ad19d5abaa6b052713e592bcb27d26085427,2025-04-09T20:02:41.860000 CVE-2025-32477,0,0,6aaeb344af7fac729d48ed1cd0817d6c11c34e76428c0bd5b074c3df21934506,2025-04-09T20:02:41.860000 CVE-2025-32478,0,0,dda56302d340936b33be9b172f0f1b3962b76b9c83b1ee4199324d81c031ab47,2025-04-09T20:02:41.860000 @@ -289875,11 +289880,11 @@ CVE-2025-32773,0,0,03fdfca9cc7985ee58aee953e3e633f3a2fbca9f53ceb1ba1a00e94646c94 CVE-2025-32774,0,0,b203f315043800eab189186279357f210925b21f5fcfc47ce9b5782e61185f7d,2025-04-11T03:15:15.200000 CVE-2025-32775,0,0,0fc8e60ca0e0a1e6b116ccd0b6b05a3155be0d53785b8ae060df538fffe53282,2025-04-11T03:15:15.250000 CVE-2025-32776,0,0,9e510bcd55ba94130d952891959e8f9c8e62241b99eeaada5797ed9f8a73c832,2025-04-15T18:39:27.967000 -CVE-2025-32778,0,0,f304101d133f9a7b53cec5c27697c17efb7bb5486ec3be362c97fa4800acc652,2025-04-15T21:16:04.710000 +CVE-2025-32778,0,1,93333c106bade1942d189295a57ca8b886e6e79a18429247cda3fa2e156f83c7,2025-04-16T13:25:37.340000 CVE-2025-32779,0,0,9b0c0f3e1679aa6a29c07a0230230eddd75bcf03028ff914fcc18fd0552bd825,2025-04-15T18:39:27.967000 CVE-2025-32780,0,0,66c032871841ee8f1135c9a708f1264f3edee13154b2ee90fcea8f285386936f,2025-04-15T18:39:27.967000 -CVE-2025-32782,0,0,fc82c459ca139a2de7a6d7fc9fb30a7bfb8b5abfc1ca0c3220faa868c62f046e,2025-04-15T22:15:28.027000 -CVE-2025-32784,0,0,1f83d20a936edb5aff1f9304b58e62b803ea7c73ff812d7965b62a1bb36839df,2025-04-15T22:15:28.157000 +CVE-2025-32782,0,1,ea3e82903e807a520de4c91c10f7d08fd70839175e235aa475d1b12f4a8b1338,2025-04-16T13:25:37.340000 +CVE-2025-32784,0,1,f07e1bae891c8076c2e74beba24dfa0a792bdc8c6b542f23984d9697f06bd191,2025-04-16T13:25:37.340000 CVE-2025-32807,0,0,791ea9650394de4a3c6a4bce28448af084ce5e8fb834d69b1769b35b955fdca4,2025-04-11T15:39:52.920000 CVE-2025-32808,0,0,4460b802a312298836218e51f145ee69f847802ae0b680f0631fd4c9d767af72,2025-04-11T16:15:20.673000 CVE-2025-32809,0,0,ca90ff3ced06efa4e939486b48b76783f1482c86186847921ab08cd5bd99e3d5,2025-04-11T16:15:20.807000 @@ -289900,7 +289905,7 @@ CVE-2025-32912,0,0,d3070db8447868fa2ece35d0452a8355ec1e0bd109d8c6849b4a995c4f9a6 CVE-2025-32913,0,0,9a6437af944f5a8dfca81e0157cf042c9111cc56e3ea3f711289676647b70152,2025-04-15T18:39:27.967000 CVE-2025-32914,0,0,9339e03e13fdc57e8071d217b67af961566b6ba4b2f1f9b9540277c735046c80,2025-04-15T18:39:27.967000 CVE-2025-3292,0,0,ec50c9f00071ec9815b655c626839dc9ebd5356aafa51cbcaed8da23653663c8,2025-04-15T18:39:27.967000 -CVE-2025-32923,0,0,1d9866970ebe1edc93315c80851cae65fcbfdafa7c504cb0cf7556cf00881713,2025-04-15T22:15:28.290000 +CVE-2025-32923,0,1,a52facaf2e37400983e8c03a1ceeca22c3067be9be025a531236fb3ed36caeda,2025-04-16T13:25:37.340000 CVE-2025-32929,0,0,9c30465d7a5e541eac6d942c2f37e3e9c23ade67288367f38047cabdb5901be4,2025-04-15T18:39:27.967000 CVE-2025-32930,0,0,7aa7721c6427b0edc6ca10f6fa05a98645a2b1c5fcd736b40f97d37f2fbc0637,2025-04-14T15:15:25.787000 CVE-2025-32931,0,0,108b21d731c5f4a0a283b6bbe8ff4f995ddbf4e1cd71101b317d56e45bddc4d1,2025-04-15T18:39:27.967000 @@ -290052,7 +290057,7 @@ CVE-2025-3470,0,0,19aa6171d68cb7df7c1f3be18d7bfe917a85b5b7f1d5f3673d31726045a390 CVE-2025-3474,0,0,86c754cf553decd220dba53e5d0d63448d8121da39946fc69feccec714981904,2025-04-09T20:02:41.860000 CVE-2025-3475,0,0,443d35ed0e717701a1888d83d8695b8f16fb37648583a3e79025b880997d544a,2025-04-09T20:02:41.860000 CVE-2025-3489,0,0,67fcd6c9f94bb6bf638f4e8bb2240b0887ef71aca32f3728fb5180eccf26711c,2025-04-11T15:40:10.277000 -CVE-2025-3495,0,0,33f3b3c0a3fdb55ad65eb4232402007b3699ef75002cf367ec54d67d64f7957b,2025-04-16T03:15:17.530000 +CVE-2025-3495,0,1,fe640c81a3ed6a86c53f35442fa10e181d645418d808dffc6fff69a3880ca71e,2025-04-16T13:25:37.340000 CVE-2025-3512,0,0,036d013cd0e3204c7e29f8f12826d9befccf940571ea0ad101dc3475585d72f8,2025-04-11T15:39:52.920000 CVE-2025-3522,0,0,13b86e2113b9916628d4f3c98532160fc0a580631a97f6054902fe5b2e21cfb5,2025-04-15T19:16:08.057000 CVE-2025-3523,0,0,fa61e276ed520c60ef470d9ec997dd78ddb7b8dd8cb8ae65af3613434a0804b4,2025-04-15T18:39:27.967000 @@ -290080,8 +290085,8 @@ CVE-2025-3551,0,0,0af495328e32fa4289c7f25e609803a47f9639c2693a9cf28fe39eba4f6a3f CVE-2025-3552,0,0,2eee97925b40dc2eacf4ba01e66d0bdb8d286a517e59cfd6a72f8d18568a8faf,2025-04-15T18:39:27.967000 CVE-2025-3553,0,0,8c1f5e14061a66a48b1706566e256d4f8488eab0bb5ab64ca443be3751b0a454,2025-04-15T18:39:27.967000 CVE-2025-3554,0,0,c0abfdbdf90c0e224f35d24ce51fd8768d7addfcdcc1d013eb7c63964315f5b4,2025-04-15T18:39:27.967000 -CVE-2025-3555,0,0,8eca78afb6c3c086b8826336dedc5421e422c629e8646942dd9c194230b6dc13,2025-04-15T18:39:27.967000 -CVE-2025-3556,0,0,d12905e155562707b06a9e9974d9bfe005a7a0a024cc3ba45931abb5bde5ccfa,2025-04-15T18:39:27.967000 +CVE-2025-3555,0,1,b7c360be3db59a3fe1c48e7f971bfcde48092d0da4916799343add506c814c87,2025-04-16T12:15:16.760000 +CVE-2025-3556,0,1,bfede4c8457d3440d4d03a354e7ab8e2cd3bb22ddceb36c7b9a10223152074a6,2025-04-16T12:15:16.893000 CVE-2025-3557,0,0,2c478abf035beb9b2ad09ad87af3d5ed64194e5d380caa7931bb43584130f989,2025-04-15T18:39:27.967000 CVE-2025-3558,0,0,10acb6868ff41d47a26f80e62e2c4783cc3d1f3a2972e51874c32dfeeb80cf4a,2025-04-15T18:39:27.967000 CVE-2025-3559,0,0,d092c1ef1b57d07ecb86075a08fa993d8dc60f278d1e37b448fbd0a739b2dd6f,2025-04-15T18:39:27.967000 @@ -290118,22 +290123,86 @@ CVE-2025-3613,0,0,9c314abbc6473987a4462c7f86d0ede7026d1a1d89f3e10127913343b31eed CVE-2025-3617,0,0,8b166380afe19241854c65e4319a7a4bf7fa4a3b21b435fec16e6239c6e67cc8,2025-04-15T18:39:27.967000 CVE-2025-3618,0,0,eda45473138c6808735db2df162e6171a422dd9195142056b67b3d52202066c7,2025-04-15T18:39:27.967000 CVE-2025-3622,0,0,6b7db9933e6b248f0000367113483a5e806bad53678214380c37af6b793ac885,2025-04-15T18:39:27.967000 -CVE-2025-3663,0,0,fa2e0960b918812c638afdd8c1c2fafb9b500a45bc96c2abddaf978fcf1b98a1,2025-04-16T03:15:17.680000 -CVE-2025-3664,0,0,cf22f719d3698b38e86a180ea4652dc27df85c18f033ca8e0b197b572edbf120,2025-04-16T03:15:17.883000 -CVE-2025-3665,0,0,1f4374ee4287f0666887b1c9fc6ecdfcbb0aa03e9e8bb8ffd16185df92964133,2025-04-16T03:15:18.057000 -CVE-2025-3666,0,0,013c53642f9002028db16e0f6f66c915614dba9a66ded506d4bf5a7e3a4d6559,2025-04-16T04:15:23.040000 -CVE-2025-3667,0,0,1b2b51d7de6babb6a695353dfe57612a861c8ad2b5e591ebe4981ac8b2b614d3,2025-04-16T05:15:32.660000 -CVE-2025-3668,0,0,58342357ea7ebc8c499e4c8a044a0200fc62864e574b400d3c8f0e35870b4b7b,2025-04-16T05:15:33.003000 -CVE-2025-3674,0,0,a4538d60e855a22391915743a30ee7d71badf24110eb40a2f6f793d77b531a7e,2025-04-16T07:15:42.300000 -CVE-2025-3675,0,0,7b0f93cad5b003511307db8cf27413ab379fc3e942aed287bd8dfc8bfbaf5f0f,2025-04-16T07:15:43.947000 -CVE-2025-3676,0,0,b7bd31627c4deb295f306ca0a4e86f8bc429d71da6de8ca83051c785e0e66cb6,2025-04-16T08:15:14.707000 -CVE-2025-3677,0,0,b0e4ce5321542a44aa245bd78a2fc6622934de998fbd0d8e9cf2db66067e6b9f,2025-04-16T09:15:28.273000 -CVE-2025-3678,0,0,34688ff98a4f66c79aa1c058f9ca67138073266043424d653960c5665777c967,2025-04-16T09:15:28.820000 -CVE-2025-3679,1,1,f776ef1abb4b76e7d1f078d3dd5cffcf1c11dc679bc10667654eb42cb4158d31,2025-04-16T10:15:15.290000 -CVE-2025-3680,1,1,ae5499eaefe1aae458da3b393bc9238119a56cfdcbadd582f138a961c4b3bfbb,2025-04-16T10:15:15.483000 -CVE-2025-3681,1,1,3997e663890ac0448977202af7afe931e585542af0f6958a85fa29f43c4ad658,2025-04-16T10:15:15.647000 -CVE-2025-3682,1,1,a50fe20783cf3ebc4f62d8996d26dc7dc95e88c4823b961a9b36e156526578cb,2025-04-16T11:15:43.237000 -CVE-2025-3683,1,1,271f4455e6be19e0db6eb0da174fa437712d81325f6c04779e168c6b9ef01da7,2025-04-16T11:15:43.393000 -CVE-2025-3684,1,1,4675dddd08a1c6385e67f54cdc1ad5a9cb1f871f1f4c1b33469d9bbce951a092,2025-04-16T11:15:43.557000 -CVE-2025-3685,1,1,b7cc1f721d0911002fb79578a813194d73f58ab10c7e9ee98a316fb9e6d3b82c,2025-04-16T11:15:43.740000 -CVE-2025-3698,0,0,ef82dc028cd253273764159d19762bdf354152d22755dd0186a08209438342d7,2025-04-16T03:15:18.223000 +CVE-2025-3663,0,1,1ce80bfc94e480b50f27d0432deca8fffb2ad8de6b84f90469934d90488bc703,2025-04-16T13:25:37.340000 +CVE-2025-3664,0,1,90f33eebe249ce942e649b4609fa6510375edd0e0acf8536f941c4c709ec323e,2025-04-16T13:25:37.340000 +CVE-2025-3665,0,1,d4559cfe24ea725e2604646567b03e41bfa79ade9eb35b12096bff034c818950,2025-04-16T13:25:37.340000 +CVE-2025-3666,0,1,11f0717691c44660d377020e8670753fb9ac124ff3c41ff932c3f2c8ca720d93,2025-04-16T13:25:37.340000 +CVE-2025-3667,0,1,147dc9ec0f7d051a58f891a00e5828585be2c1b227adf90918800cd3730a48b6,2025-04-16T13:25:37.340000 +CVE-2025-3668,0,1,68848a711c240fe066a88f5f6c585c7d62fe74fb2114fe02a179a57e777edb10,2025-04-16T13:25:37.340000 +CVE-2025-3674,0,1,f3d82337b9a598cbb191465b9d4953b8d2ba6e46a85987508a097344949eb9ce,2025-04-16T13:25:37.340000 +CVE-2025-3675,0,1,8fc64576d9408584769dca7b251b2811cba19ed1b29b0a5e250c895856174a97,2025-04-16T13:25:37.340000 +CVE-2025-3676,0,1,8b3fc538dc5f1e3498af0923d848cb34d8a7c1143698b7acb611e22232098068,2025-04-16T13:25:37.340000 +CVE-2025-3677,0,1,d0b4158217f3756823f68a8901374ac1abc98276cdc21fdc8b5cbe01ac5c1b87,2025-04-16T13:25:37.340000 +CVE-2025-3678,0,1,fe7f9b10b498ab4c4118f8e6f6b85a631558210b3c32871c50930a944540940a,2025-04-16T13:25:37.340000 +CVE-2025-3679,0,1,446e04558eb230eec927c51ce180063a3fa6fa91ec96e94e755f427493b65db4,2025-04-16T13:25:37.340000 +CVE-2025-3680,0,1,e4061c98c0e0499ef09d53ea0f81d99425a5592581a4f9a6e93f2f448909ace9,2025-04-16T13:25:37.340000 +CVE-2025-3681,0,1,afb51d266c451fbde1f2a8c6fbcd22fe26b9958a1356dce9d88a7695ccfc58ac,2025-04-16T13:25:37.340000 +CVE-2025-3682,0,1,a1a3627cf4828be5cc6df9da8a0f2f41732fec410dc476df5357387e0553c670,2025-04-16T13:25:37.340000 +CVE-2025-3683,0,1,d38629c61c0f2758783afe98a00339c2e85ac233053f3fb9b5e81573ff01b178,2025-04-16T13:25:37.340000 +CVE-2025-3684,0,1,63f88dff19bcf1fda5d1f39d2840466f4ae54529ded99775994bfd67f1de0023,2025-04-16T13:25:37.340000 +CVE-2025-3685,0,1,a038f7016d9d7aee9eb0536d9d006e5189794d512e4af0149f231284d7782e60,2025-04-16T13:25:37.340000 +CVE-2025-3686,1,1,7959444999d939397b75d41bf9d8d3af522c96b7a107cfe0f6ed3f78546dfcf6,2025-04-16T13:25:37.340000 +CVE-2025-3687,1,1,bfcd1105c45ffd01c638f7a0d711bfaafb14b738b574d0e9dc0ee7e35eda29a3,2025-04-16T13:25:37.340000 +CVE-2025-3688,1,1,65ef6b8af8a2529dc40f35e01851ec1528f02044364d98884fde7da07256ab2f,2025-04-16T13:25:37.340000 +CVE-2025-3689,1,1,d998f00726e4bf780ff6ad1b92e16dbb361d85f987bc23a29c424387df62d3b8,2025-04-16T13:25:37.340000 +CVE-2025-3690,1,1,b8534551ad5f2dfd0e7a8ef9206b0f407e0aa69f62ac9d4a6ebee4272bac1507,2025-04-16T13:25:37.340000 +CVE-2025-3691,1,1,bf52385af020d0ddf7deaa313d85f5c483ddef38e541a223771a1029f94bb8c4,2025-04-16T13:25:37.340000 +CVE-2025-3698,0,1,a85bd4e716b5042dc448ae03cc678deffad5484277538a03887b03dcf089741e,2025-04-16T13:25:37.340000 +CVE-2025-39512,1,1,30e6c9aa53398b93f238c977dd94d763073bc9afd9ceab721695d171a8dade76,2025-04-16T13:25:37.340000 +CVE-2025-39513,1,1,e63086a6d242a225a037b014e92b4880238a63e6b65c770949ab086ff1bcbafb,2025-04-16T13:25:37.340000 +CVE-2025-39514,1,1,ba639a18160e4b5cc470d9c159efde6fa200d7f0bedf7e2ea3c44d08a9eea205,2025-04-16T13:25:37.340000 +CVE-2025-39515,1,1,0f679e70648dc6588952b68cd65b0e41179ab5227b783f8086dbada3d7fb546c,2025-04-16T13:25:37.340000 +CVE-2025-39516,1,1,1be65405a0c43dae3fb2b4ac9a6dacde2dbe78e3e010e551ecc411391eee2839,2025-04-16T13:25:37.340000 +CVE-2025-39517,1,1,275156a06a26dc947361ebc4de250d9473b673e14441db1199697c01ae711588,2025-04-16T13:25:37.340000 +CVE-2025-39518,1,1,7ae418211f60485b131fe053fa5f5130693dbef0904d86cb15596f35858a1099,2025-04-16T13:25:37.340000 +CVE-2025-39520,1,1,2ec59d4967eacfa5712cbc01be175e1e6d39361b0bc17ef6e6ef55157a268573,2025-04-16T13:25:37.340000 +CVE-2025-39522,1,1,1bdda88d8f861e939cef3917fc42be7370e6c9d03b39476fb076bc2b95775591,2025-04-16T13:25:37.340000 +CVE-2025-39524,1,1,bbd2d0bfef7100bba44827c36195e2dc8b5e56a1d34c7a66e3698063baa935ac,2025-04-16T13:25:37.340000 +CVE-2025-39525,1,1,6fc9fe636f2bb8a820e27d9abc4ddc8c7bcbc22e07a7f78fc55252c010601b7b,2025-04-16T13:25:37.340000 +CVE-2025-39528,1,1,946a7561f773e851fa3bf2f3c2a9fa317caed2cd3423985e34d4443e7c66130a,2025-04-16T13:25:37.340000 +CVE-2025-39529,1,1,90673ab1f565189e2d1f1c2c856fb28df509ab89e65f524024f8255955a27dfc,2025-04-16T13:25:37.340000 +CVE-2025-39530,1,1,d3576b494c094a7c386f62747623c1b849ea77e160876c8ab301c812c6ec4878,2025-04-16T13:25:37.340000 +CVE-2025-39531,1,1,eb458df012b0419d928c6e62b5f0daca5b1a5da79dbe999cc73f4002781c9a40,2025-04-16T13:25:37.340000 +CVE-2025-39538,1,1,4bfcc20da76b32e65d5449286920be8768943b840a93ffd6cb2692528a1ff836,2025-04-16T13:25:37.340000 +CVE-2025-39540,1,1,2a111e0eedc96801ab60e2869c59e05055ee86f6ea5e8d7e1795e06cd53cc951,2025-04-16T13:25:37.340000 +CVE-2025-39543,1,1,7bfb5a7c4e3c114612dbaf2d71938854e74b3f6f57155c7c337239b13ec2a0ca,2025-04-16T13:25:37.340000 +CVE-2025-39544,1,1,6f95537e1256d4ec49905c17dd8139d41e8d79dc1ac4b08d04d5dadae5a663f4,2025-04-16T13:25:37.340000 +CVE-2025-39545,1,1,e815e21a13c4e605e41d2781280a877d45338f89edbca7949225653a8850a906,2025-04-16T13:25:37.340000 +CVE-2025-39546,1,1,dde5420343cdb09c2074655e19dd0f4a74e9c62b1bcd7b7c4acf147c18ffbd7c,2025-04-16T13:25:37.340000 +CVE-2025-39547,1,1,c81e320499e7091b27d71f62d608e45796b928a73c3a2ff9c4a5ab56a3288a30,2025-04-16T13:25:37.340000 +CVE-2025-39548,1,1,69ff74a29c926bb8dcf8caf2d370316bcf2cb78169adfd6f436158ab566e58f3,2025-04-16T13:25:37.340000 +CVE-2025-39549,1,1,d96f363e8720702fdaade6ec716f4912f39a034c831b6c545d000c8a09ed33a4,2025-04-16T13:25:37.340000 +CVE-2025-39552,1,1,a64dd5ccc26cd5cc10559823a5b67f9c6de1daecee92c4acd2407c57cc66d97f,2025-04-16T13:25:37.340000 +CVE-2025-39555,1,1,7577b39b898e7e3a07a92ecd21684a26ef1f0a9507599eb18a520e7d359bf314,2025-04-16T13:25:37.340000 +CVE-2025-39556,1,1,3e1795964e5a4e566585390a011b7ac3f244e4ce5bd6af042ff85c9893aecea8,2025-04-16T13:25:37.340000 +CVE-2025-39557,1,1,cd64668a2131e647035bbf03afb8d6ce348a2262ac03c8cf894e30b352d725f5,2025-04-16T13:25:37.340000 +CVE-2025-39560,1,1,f0aa32be8ce8516fa9947fff0227e9990e71557cc34178f4c5f4c92c824fad99,2025-04-16T13:25:37.340000 +CVE-2025-39563,1,1,79f536f44ca79f5af174f0ce5fe907ad490ada92928f5885ff6dd5140b553cb3,2025-04-16T13:25:37.340000 +CVE-2025-39564,1,1,d7742f02b3faaffbebda67b676ffca494a033b1bcc32d0de23aa03428c34f97c,2025-04-16T13:25:37.340000 +CVE-2025-39565,1,1,38306dd5cbb8d022ac42a065544ed286d828509ecbd27f05f04d20a50639e64b,2025-04-16T13:25:37.340000 +CVE-2025-39566,1,1,5be6dff6480197c61b6388b62d9440b6051821ff7c822377815a03d7b4cad3a9,2025-04-16T13:25:37.340000 +CVE-2025-39570,1,1,66761c752a98f0beae571f2ac8302bae95275c36786d4767d23829d3d870d1dc,2025-04-16T13:25:37.340000 +CVE-2025-39571,1,1,7286c428fcc5dabe0790091bcd909498e9d27cffa25986c11181c90d8775afcc,2025-04-16T13:25:37.340000 +CVE-2025-39572,1,1,fd6eabbe1da98427f3aff3b3d3aaca441fec58e691f97eefdf8a1d16c7967d48,2025-04-16T13:25:37.340000 +CVE-2025-39573,1,1,bbac3fce22b623a96da8bb66f275f9456bb7d1dbbe5ce821daf701ea22e120c2,2025-04-16T13:25:37.340000 +CVE-2025-39574,1,1,13bec3cd1d835d8a4d18f1597239ce6795ac44bd2424b97c267f170a42a73297,2025-04-16T13:25:37.340000 +CVE-2025-39575,1,1,ca6f3be510fddaed4ffdd7e9233ee044acb892096f21eefa80fd274181e4c645,2025-04-16T13:25:37.340000 +CVE-2025-39576,1,1,6a525b02d9a7ff2f7cd6249e17d0345cbbedd26176b8103bcc1e6d488e46f75d,2025-04-16T13:25:37.340000 +CVE-2025-39577,1,1,01e8587528191547a2e3e13f29e5aa9f7e38c98a55cf3db63710a3e300554b5a,2025-04-16T13:25:37.340000 +CVE-2025-39578,1,1,75554fb5757a22255bcac284fe850698da7815b97a1b16000f3c2aa1b4f06b88,2025-04-16T13:25:37.340000 +CVE-2025-39579,1,1,fa8405755770fae24b97e80cb36a9c3b2fa72fc1fa2ea68f58c7f94ea992346f,2025-04-16T13:25:37.340000 +CVE-2025-39581,1,1,252c7290e144f02b158f3bf2a5fed8a796e11c70aab6c293064b4670640acec6,2025-04-16T13:25:37.340000 +CVE-2025-39582,1,1,29f80499fe0a8ef07c30d0fe55239af8fbda0fd4f9392976f66e4802bb7f8971,2025-04-16T13:25:37.340000 +CVE-2025-39584,1,1,0fb669b53d7c9628b931dd90e3f2fd533b5290a6c3a4165e625e7166dad6ce18,2025-04-16T13:25:37.340000 +CVE-2025-39585,1,1,9005349c01cef9b77091e99ddcbe7df09c999efec892b8d7c2e1c4cb8dbac4fa,2025-04-16T13:25:37.340000 +CVE-2025-39589,1,1,3199bcb00d228f55a80672e6727ec3b358747c5bd770f5f7d195fda24a79db38,2025-04-16T13:25:37.340000 +CVE-2025-39590,1,1,2480835c2a31947ae52163a7b3d998cbf7c56df5090b79aa774c6395fefcc7c1,2025-04-16T13:25:37.340000 +CVE-2025-39591,1,1,dda14e67fa405b52d761ea5d67284009dfa5a9f2ff9e796fc18cbe75483c02fc,2025-04-16T13:25:37.340000 +CVE-2025-39592,1,1,530d9e2291917f70853822141758e135ba6902c813b10741276106503fb1568a,2025-04-16T13:25:37.340000 +CVE-2025-39593,1,1,8ee558aab1ae90d0d4b9e2520b4c394eeecf587b672273be8a34d36af10c9b40,2025-04-16T13:25:37.340000 +CVE-2025-39597,1,1,fc2155885e0a15a80b9a041c233e7563ef733942cbdc7b9e2039b6d34e541576,2025-04-16T13:25:37.340000 +CVE-2025-39598,1,1,a8b31c601155a7abe0afa05f80127860fccca6f3d3f28f42b4924f9c6cd99a8f,2025-04-16T13:25:37.340000 +CVE-2025-39599,1,1,b32165e9ac35cddc8365b5382966b3cdc907609baee89eedf472d2eeabdae9db,2025-04-16T13:25:37.340000 +CVE-2025-39600,1,1,ff53b226229c137b254fd094b41c03f9992afdd195d414242990f0faaac29b77,2025-04-16T13:25:37.340000 +CVE-2025-39601,1,1,7f3568c982e2cbdfe236a2b826bbacce5227350e296ed75f61b4bbcedef35537,2025-04-16T13:25:37.340000 +CVE-2025-39602,1,1,df27de5ee22e5ec9d9d74c987812c0381cd04ef064c0d9455c3c07c5309a9403,2025-04-16T13:25:37.340000