admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-04-15T23:55:20.949550+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-04-15 23:59:19 +00:00
parent 5f2888ed38
commit e40b050971
99 changed files with 4532 additions and 321 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2023/CVE-2023-389xx/CVE-2023-38994.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38994", "id": "CVE-2023-38994",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-31T12:15:08.683", "published": "2023-10-31T12:15:08.683",
"lastModified": "2024-11-21T08:14:34.720", "lastModified": "2025-04-15T22:15:15.103",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -105,6 +105,10 @@
"Vendor Advisory" "Vendor Advisory"
] ]
}, },
{
"url": "https://raeph123.github.io/BlogPosts/Univention/Simple_yet_effective_The_story_of_some_simple_bugs_that_led_to_the_complete_compromise_of_a_network_en.html",
"source": "cve@mitre.org"
},
{ {
"url": "https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network", "url": "https://www.drive-byte.de/en/blog/simple-yet-effective-the-story-of-some-simple-bugs-that-led-to-the-complete-compromise-of-a-network",
"source": "cve@mitre.org", "source": "cve@mitre.org",

4
CVE-2023/CVE-2023-469xx/CVE-2023-46988.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-46988", "id": "CVE-2023-46988",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-04-01T22:15:20.023", "published": "2025-04-01T22:15:20.023",
"lastModified": "2025-04-04T21:15:42.900", "lastModified": "2025-04-15T23:15:41.170",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload." "value": "Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service (DoS)."
}, },
{ {
"lang": "es", "lang": "es",

6
CVE-2024/CVE-2024-228xx/CVE-2024-22851.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22851", "id": "CVE-2024-22851",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T09:15:37.473", "published": "2024-02-02T09:15:37.473",
"lastModified": "2024-11-21T08:56:41.880", "lastModified": "2025-04-15T23:15:42.150",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -70,6 +70,10 @@
} }
], ],
"references": [ "references": [
{
"url": "https://raeph123.github.io/BlogPosts/LiveConfig/LiveConfig_Advisory_CVE-2024-22851_en.html",
"source": "cve@mitre.org"
},
{ {
"url": "https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-22851", "url": "https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-22851",
"source": "cve@mitre.org", "source": "cve@mitre.org",

6
CVE-2024/CVE-2024-262xx/CVE-2024-26290.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26290", "id": "CVE-2024-26290",
"sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158", "sourceIdentifier": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
"published": "2025-03-12T20:15:15.233", "published": "2025-03-12T20:15:15.233",
"lastModified": "2025-03-12T20:15:15.233", "lastModified": "2025-04-15T23:15:42.283",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -81,6 +81,10 @@
{ {
"url": "https://www.drive-byte.de/en/blog/avid-nexis-agent-multiple-vulnerabilities", "url": "https://www.drive-byte.de/en/blog/avid-nexis-agent-multiple-vulnerabilities",
"source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158" "source": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"
},
{
"url": "https://raeph123.github.io/BlogPosts/Avid_Nexis/Advisory_Avid_Nexus_Agent_Multiple_Vulnerabilities_en.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
} }
] ]
} }

6
CVE-2024/CVE-2024-295xx/CVE-2024-29500.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29500", "id": "CVE-2024-29500",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-10T20:15:07.510", "published": "2024-04-10T20:15:07.510",
"lastModified": "2025-03-25T14:15:24.673", "lastModified": "2025-04-15T23:15:42.400",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -52,6 +52,10 @@
} }
], ],
"references": [ "references": [
{
"url": "https://raeph123.github.io/BlogPosts/inteset/Inteset_Secure_Lockdown_Multi_Application_Edition_-_Vulnerabilities_and_Hardening_Measures_en.html",
"source": "cve@mitre.org"
},
{ {
"url": "https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening", "url": "https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening",
"source": "cve@mitre.org" "source": "cve@mitre.org"

6
CVE-2024/CVE-2024-295xx/CVE-2024-29502.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29502", "id": "CVE-2024-29502",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-10T20:15:07.567", "published": "2024-04-10T20:15:07.567",
"lastModified": "2025-02-10T23:15:13.337", "lastModified": "2025-04-15T22:15:15.290",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -52,6 +52,10 @@
} }
], ],
"references": [ "references": [
{
"url": "https://raeph123.github.io/BlogPosts/inteset/Inteset_Secure_Lockdown_Multi_Application_Edition_-_Vulnerabilities_and_Hardening_Measures_en.html",
"source": "cve@mitre.org"
},
{ {
"url": "https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening", "url": "https://www.drive-byte.de/en/blog/inteset-bugs-and-hardening",
"source": "cve@mitre.org" "source": "cve@mitre.org"

21
CVE-2024/CVE-2024-492xx/CVE-2024-49200.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-49200",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T22:15:15.467",
"lastModified": "2025-04-15T22:15:15.467",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory corruption vulnerability has been identified. The root cause is use of a pointer originating from the value of an NVRAM variable as the target of a write operation. This can be leveraged by an attacker to perform arbitrary writes, potentially leading to arbitrary code execution. The issue has been fixed in kernel 5.2, Version 05.29.44; kernel 5.3, Version 05.38.44; kernel 5.4, Version 05.46.44; kernel 5.5, Version 05.54.44; kernel 5.6, Version 05.61.44; and kernel 5.7, Version 05.70.44."
}
],
"metrics": {},
"references": [
{
"url": "https://www.insyde.com/security-pledge/SA-2024015",
"source": "cve@mitre.org"
}
]
}

56
CVE-2025/CVE-2025-222xx/CVE-2025-22263.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22263",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:15.590",
"lastModified": "2025-04-15T22:15:15.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a through 8.8.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/global-gallery/vulnerability/wordpress-global-gallery-plugin-8-8-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-222xx/CVE-2025-22268.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22268",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:15.730",
"lastModified": "2025-04-15T22:15:15.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS. This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.7.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/uncanny-learndash-toolkit/vulnerability/wordpress-uncanny-toolkit-for-learndash-plugin-3-7-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-222xx/CVE-2025-22269.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22269",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:15.850",
"lastModified": "2025-04-15T22:15:15.850",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC Real Testimonials allows Stored XSS. This issue affects Real Testimonials: from n/a through 3.1.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/testimonial-free/vulnerability/wordpress-real-testimonials-plugin-3-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

25
CVE-2025/CVE-2025-229xx/CVE-2025-22911.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-22911",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T23:15:42.550",
"lastModified": "2025-04-15T23:15:42.550",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formiNICbasicREP function."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/xyqer1/6145c00a51093baad7ab5b8293a06e80",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/xyqer1/RE11S_1.11-formiNICbasicREP-StackOverflow",
"source": "cve@mitre.org"
}
]
}

100
CVE-2025/CVE-2025-242xx/CVE-2025-24297.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-24297",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:15.990",
"lastModified": "2025-04-15T22:15:15.990",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-243xx/CVE-2025-24315.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-24315",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:16.143",
"lastModified": "2025-04-15T22:15:16.143",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-248xx/CVE-2025-24850.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-24850",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:16.283",
"lastModified": "2025-04-15T22:15:16.283",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker can export other users' plant information."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-252xx/CVE-2025-25276.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-25276",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:16.430",
"lastModified": "2025-04-15T22:15:16.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can hijack other users' devices and potentially control them."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

25
CVE-2025/CVE-2025-254xx/CVE-2025-25453.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-25453",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T23:15:42.647",
"lastModified": "2025-04-15T23:15:42.647",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/xyqer1/84dc6d8b3f92597d1d597b2799c2c45f",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-serviceName2-StackOverflow",
"source": "cve@mitre.org"
}
]
}

25
CVE-2025/CVE-2025-254xx/CVE-2025-25458.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-25458",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T23:15:42.747",
"lastModified": "2025-04-15T23:15:42.747",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/xyqer1/d195ea1eb37ba1cc5f709b1d4fc1a2c6",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/xyqer1/Tenda-AC10-AdvSetMacMtuWan-serverName2-StackOverflow",
"source": "cve@mitre.org"
}
]
}

56
CVE-2025/CVE-2025-267xx/CVE-2025-26730.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26730",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:16.577",
"lastModified": "2025-04-15T22:15:16.577",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-497"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/macro-admin-email-data-optin-calculator/vulnerability/wordpress-macro-calculator-with-admin-email-optin-data-plugin-1-0-multiple-vulnerabilities-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-267xx/CVE-2025-26740.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26740",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:16.717",
"lastModified": "2025-04-15T22:15:16.717",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burgersoftware SpaBiz allows DOM-Based XSS. This issue affects SpaBiz: from n/a through 1.0.18."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/spabiz/vulnerability/wordpress-spabiz-plugin-1-0-18-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-267xx/CVE-2025-26746.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26746",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:16.893",
"lastModified": "2025-04-15T22:15:16.893",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Advanced Custom Fields: Link Picker Field allows Reflected XSS. This issue affects Advanced Custom Fields: Link Picker Field: from n/a through 1.2.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/acf-link-picker-field/vulnerability/wordpress-advanced-custom-fields-link-picker-field-plugin-1-2-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-267xx/CVE-2025-26748.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26748",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:17.053",
"lastModified": "2025-04-15T22:15:17.053",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/arkhe/vulnerability/wordpress-arkhe-theme-3-11-0-csrf-to-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-267xx/CVE-2025-26749.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26749",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:17.210",
"lastModified": "2025-04-15T22:15:17.210",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through 1.7.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/product-tabs-for-woocommerce/vulnerability/wordpress-additional-custom-product-tabs-for-woocommerce-plugin-1-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

100
CVE-2025/CVE-2025-268xx/CVE-2025-26857.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-26857",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:17.360",
"lastModified": "2025-04-15T22:15:17.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

56
CVE-2025/CVE-2025-268xx/CVE-2025-26870.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26870",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:17.503",
"lastModified": "2025-04-15T22:15:17.503",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetEngine allows DOM-Based XSS. This issue affects JetEngine: from n/a through 3.6.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-6-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-268xx/CVE-2025-26880.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26880",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:17.643",
"lastModified": "2025-04-15T22:15:17.643",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar allows Stored XSS. This issue affects SKT Skill Bar: from n/a through 2.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/skt-skill-bar/vulnerability/wordpress-skt-skill-bar-plugin-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26903.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26903",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:17.787",
"lastModified": "2025-04-15T22:15:17.787",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery allows Cross Site Request Forgery. This issue affects InPost Gallery: from n/a through 2.1.4.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/inpost-gallery/vulnerability/wordpress-inpost-gallery-plugin-2-1-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26906.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26906",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:17.920",
"lastModified": "2025-04-15T22:15:17.920",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts allows DOM-Based XSS. This issue affects WP Delete User Accounts: from n/a through 1.2.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wp-delete-user-accounts/vulnerability/wordpress-wp-delete-user-accounts-plugin-1-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26908.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26908",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:18.057",
"lastModified": "2025-04-15T22:15:18.057",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegrat\u00f6r allows SQL Injection. This issue affects Kargo Entegrat\u00f6r: from n/a through 1.1.14."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/kargo-entegrator/vulnerability/wordpress-kargo-entegratoer-plugin-1-1-14-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26919.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26919",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:18.190",
"lastModified": "2025-04-15T22:15:18.190",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tainacan Tain\u00e1 allows Stored XSS. This issue affects Tain\u00e1: from n/a through 0.2.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/taina/vulnerability/wordpress-taina-plugin-0-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26927.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26927",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:18.330",
"lastModified": "2025-04-15T22:15:18.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server. This issue affects AI Hub: from n/a through 1.3.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/aihub/vulnerability/wordpress-ai-hub-plugin-1-3-3-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26930.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26930",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:18.463",
"lastModified": "2025-04-15T22:15:18.463",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Home Services allows DOM-Based XSS. This issue affects Home Services: from n/a through 1.2.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/home-services/vulnerability/wordpress-home-services-plugin-1-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26934.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26934",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:18.607",
"lastModified": "2025-04-15T22:15:18.607",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in graphthemes Glossy Blog allows Stored XSS. This issue affects Glossy Blog: from n/a through 1.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/glossy-blog/vulnerability/wordpress-glossy-blog-theme-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26950.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26950",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:18.750",
"lastModified": "2025-04-15T22:15:18.750",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonsPress Nepali Date Converter allows Stored XSS. This issue affects Nepali Date Converter: from n/a through 2.0.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/nepali-date-converter/vulnerability/wordpress-nepali-date-converter-plugin-2-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26951.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26951",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:18.890",
"lastModified": "2025-04-15T22:15:18.890",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in covertnine C9 Blocks allows DOM-Based XSS. This issue affects C9 Blocks: from n/a through 1.7.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/c9-blocks/vulnerability/wordpress-c9-blocks-plugin-1-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26953.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26953",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:19.027",
"lastModified": "2025-04-15T22:15:19.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in NotFound JetMenu allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects JetMenu: from n/a through 2.4.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/jet-menu/vulnerability/wordpress-jetmenu-2-4-9-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26996.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26996",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:19.163",
"lastModified": "2025-04-15T22:15:19.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets allows Code Injection. This issue affects Sign-up Sheets: from n/a through 2.3.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/sign-up-sheets/vulnerability/wordpress-sign-up-sheets-plugin-2-3-0-1-shortcode-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26998.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26998",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:19.307",
"lastModified": "2025-04-15T22:15:19.307",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks \u2013 Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks \u2013 Gutenberg based Page Builder: from n/a through 1.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/skt-blocks/vulnerability/wordpress-skt-blocks-gutenberg-based-page-builder-plugin-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-270xx/CVE-2025-27008.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-27008",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:19.443",
"lastModified": "2025-04-15T22:15:19.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in NotFound Unlimited Timeline allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Unlimited Timeline: from n/a through n/a."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/unlimited-timeline/vulnerability/wordpress-unlimited-timeline-1-6-1-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-270xx/CVE-2025-27011.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-27011",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:19.580",
"lastModified": "2025-04-15T22:15:19.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager allows PHP Local File Inclusion. This issue affects Booking and Rental Manager: from n/a through 2.2.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/booking-and-rental-manager-for-woocommerce/vulnerability/wordpress-booking-and-rental-manager-plugin-2-2-8-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

100
CVE-2025/CVE-2025-275xx/CVE-2025-27561.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-27561",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:19.720",
"lastModified": "2025-04-15T22:15:19.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated attackers can rename \"rooms\" of arbitrary users."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-275xx/CVE-2025-27565.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-27565",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:19.867",
"lastModified": "2025-04-15T22:15:19.867",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can delete any user's \"rooms\" by knowing the user's and room IDs."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-275xx/CVE-2025-27575.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-27575",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:20.013",
"lastModified": "2025-04-15T22:15:20.013",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

8
CVE-2025/CVE-2025-276xx/CVE-2025-27637.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27637", "id": "CVE-2025-27637",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:34.977", "published": "2025-03-05T06:15:34.977",
"lastModified": "2025-04-01T20:52:04.570", "lastModified": "2025-04-15T22:15:20.167",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27638.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27638", "id": "CVE-2025-27638",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:35.157", "published": "2025-03-05T06:15:35.157",
"lastModified": "2025-04-01T20:52:00.150", "lastModified": "2025-04-15T22:15:20.347",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27639.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27639", "id": "CVE-2025-27639",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:35.297", "published": "2025-03-05T06:15:35.297",
"lastModified": "2025-04-01T20:51:55.347", "lastModified": "2025-04-15T22:15:20.517",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27641.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27641", "id": "CVE-2025-27641",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:35.583", "published": "2025-03-05T06:15:35.583",
"lastModified": "2025-04-01T20:51:47.547", "lastModified": "2025-04-15T22:15:20.677",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27642.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27642", "id": "CVE-2025-27642",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:35.720", "published": "2025-03-05T06:15:35.720",
"lastModified": "2025-04-01T20:51:42.377", "lastModified": "2025-04-15T22:15:20.853",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27643.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27643", "id": "CVE-2025-27643",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:35.847", "published": "2025-03-05T06:15:35.847",
"lastModified": "2025-04-01T20:51:38.243", "lastModified": "2025-04-15T22:15:21.020",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27644.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27644", "id": "CVE-2025-27644",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:35.990", "published": "2025-03-05T06:15:35.990",
"lastModified": "2025-04-01T20:51:34.410", "lastModified": "2025-04-15T22:15:21.180",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27645.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27645", "id": "CVE-2025-27645",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:36.117", "published": "2025-03-05T06:15:36.117",
"lastModified": "2025-04-01T20:51:29.760", "lastModified": "2025-04-15T22:15:21.337",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27646.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27646", "id": "CVE-2025-27646",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:36.257", "published": "2025-03-05T06:15:36.257",
"lastModified": "2025-04-01T20:51:24.737", "lastModified": "2025-04-15T22:15:21.500",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27647.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27647", "id": "CVE-2025-27647",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:36.387", "published": "2025-03-05T06:15:36.387",
"lastModified": "2025-04-01T20:51:20.087", "lastModified": "2025-04-15T22:15:21.663",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27648.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27648", "id": "CVE-2025-27648",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:36.523", "published": "2025-03-05T06:15:36.523",
"lastModified": "2025-04-01T20:51:14.347", "lastModified": "2025-04-15T22:15:21.840",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27649.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27649", "id": "CVE-2025-27649",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:36.667", "published": "2025-03-05T06:15:36.667",
"lastModified": "2025-04-01T20:51:09.270", "lastModified": "2025-04-15T22:15:22.007",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27650.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27650", "id": "CVE-2025-27650",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:36.817", "published": "2025-03-05T06:15:36.817",
"lastModified": "2025-04-01T20:51:03.593", "lastModified": "2025-04-15T22:15:22.163",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27651.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27651", "id": "CVE-2025-27651",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:36.950", "published": "2025-03-05T06:15:36.950",
"lastModified": "2025-04-01T20:50:58.073", "lastModified": "2025-04-15T22:15:22.327",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27652", "id": "CVE-2025-27652",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:37.077", "published": "2025-03-05T06:15:37.077",
"lastModified": "2025-04-01T20:50:53.640", "lastModified": "2025-04-15T22:15:22.490",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27653.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27653", "id": "CVE-2025-27653",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:37.203", "published": "2025-03-05T06:15:37.203",
"lastModified": "2025-04-01T20:50:49.830", "lastModified": "2025-04-15T22:15:22.653",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27654.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27654", "id": "CVE-2025-27654",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:37.340", "published": "2025-03-05T06:15:37.340",
"lastModified": "2025-04-01T20:50:44.153", "lastModified": "2025-04-15T22:15:22.810",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27655.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27655", "id": "CVE-2025-27655",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:37.480", "published": "2025-03-05T06:15:37.480",
"lastModified": "2025-04-01T20:50:39.213", "lastModified": "2025-04-15T22:15:22.980",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27656.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27656", "id": "CVE-2025-27656",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:37.613", "published": "2025-03-05T06:15:37.613",
"lastModified": "2025-04-01T20:50:34.333", "lastModified": "2025-04-15T22:15:23.140",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27657.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27657", "id": "CVE-2025-27657",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:37.740", "published": "2025-03-05T06:15:37.740",
"lastModified": "2025-04-01T20:50:28.293", "lastModified": "2025-04-15T22:15:23.297",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27674.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27674", "id": "CVE-2025-27674",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.293", "published": "2025-03-05T06:15:40.293",
"lastModified": "2025-04-01T20:45:46.587", "lastModified": "2025-04-15T22:15:23.460",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27675.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27675", "id": "CVE-2025-27675",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.420", "published": "2025-03-05T06:15:40.420",
"lastModified": "2025-04-01T20:45:42.590", "lastModified": "2025-04-15T22:15:23.627",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27676.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27676", "id": "CVE-2025-27676",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.553", "published": "2025-03-05T06:15:40.553",
"lastModified": "2025-04-01T20:45:38.970", "lastModified": "2025-04-15T22:15:23.780",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27677.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27677", "id": "CVE-2025-27677",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.683", "published": "2025-03-05T06:15:40.683",
"lastModified": "2025-04-01T20:45:35.137", "lastModified": "2025-04-15T22:15:23.943",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27678.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27678", "id": "CVE-2025-27678",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.817", "published": "2025-03-05T06:15:40.817",
"lastModified": "2025-04-01T20:45:28.963", "lastModified": "2025-04-15T22:15:24.107",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27679.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27679", "id": "CVE-2025-27679",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:40.933", "published": "2025-03-05T06:15:40.933",
"lastModified": "2025-04-01T20:45:25.730", "lastModified": "2025-04-15T22:15:24.280",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27680.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27680", "id": "CVE-2025-27680",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:41.047", "published": "2025-03-05T06:15:41.047",
"lastModified": "2025-04-01T20:45:21.830", "lastModified": "2025-04-15T22:15:24.447",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27681.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27681", "id": "CVE-2025-27681",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:41.177", "published": "2025-03-05T06:15:41.177",
"lastModified": "2025-04-01T20:45:17.240", "lastModified": "2025-04-15T22:15:24.613",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27682.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27682", "id": "CVE-2025-27682",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:41.297", "published": "2025-03-05T06:15:41.297",
"lastModified": "2025-04-01T20:45:12.823", "lastModified": "2025-04-15T22:15:24.773",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27683.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27683", "id": "CVE-2025-27683",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:41.427", "published": "2025-03-05T06:15:41.427",
"lastModified": "2025-04-01T20:45:09.113", "lastModified": "2025-04-15T22:15:24.933",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27684.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27684", "id": "CVE-2025-27684",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:41.540", "published": "2025-03-05T06:15:41.540",
"lastModified": "2025-04-01T20:45:03.630", "lastModified": "2025-04-15T22:15:25.100",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

8
CVE-2025/CVE-2025-276xx/CVE-2025-27685.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-27685", "id": "CVE-2025-27685",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-03-05T06:15:41.663", "published": "2025-03-05T06:15:41.663",
"lastModified": "2025-04-01T20:44:56.343", "lastModified": "2025-04-15T22:15:25.260",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,6 +82,10 @@
"tags": [ "tags": [
"Vendor Advisory" "Vendor Advisory"
] ]
},
{
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html",
"source": "cve@mitre.org"
} }
] ]
} }

100
CVE-2025/CVE-2025-277xx/CVE-2025-27719.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-27719",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:25.427",
"lastModified": "2025-04-15T22:15:25.427",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated attackers can query an API endpoint and get device details."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

25
CVE-2025/CVE-2025-278xx/CVE-2025-27892.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-27892",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T22:15:25.577",
"lastModified": "2025-04-15T22:15:25.577",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/shopware/shopware/security/advisories/GHSA-8g35-7rmw-7f59",
"source": "cve@mitre.org"
},
{
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-001/",
"source": "cve@mitre.org"
}
]
}

100
CVE-2025/CVE-2025-279xx/CVE-2025-27927.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-27927",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:25.697",
"lastModified": "2025-04-15T22:15:25.697",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-279xx/CVE-2025-27929.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-27929",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:25.850",
"lastModified": "2025-04-15T22:15:25.850",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

29
CVE-2025/CVE-2025-294xx/CVE-2025-29471.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-29471",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-04-15T22:15:25.997",
"lastModified": "2025-04-15T22:15:25.997",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field."
}
],
"metrics": {},
"references": [
{
"url": "https://www.exploit-db.com/exploits/52117",
"source": "cve@mitre.org"
},
{
"url": "https://www.nagios.com/changelog/#log-server",
"source": "cve@mitre.org"
},
{
"url": "https://youtu.be/MvJuIkdTSQg",
"source": "cve@mitre.org"
}
]
}

100
CVE-2025/CVE-2025-302xx/CVE-2025-30257.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-30257",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:26.117",
"lastModified": "2025-04-15T22:15:26.117",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-305xx/CVE-2025-30510.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-30510",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:26.260",
"lastModified": "2025-04-15T22:15:26.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker can upload an arbitrary file instead of a plant image."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-351"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-305xx/CVE-2025-30512.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-30512",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:26.403",
"lastModified": "2025-04-15T22:15:26.403",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-15"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

56
CVE-2025/CVE-2025-309xx/CVE-2025-30966.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-30966",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:26.553",
"lastModified": "2025-04-15T22:15:26.553",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-35"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-path-traversal-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-309xx/CVE-2025-30967.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-30967",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:26.683",
"lastModified": "2025-04-15T22:15:26.683",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/wpjobboard/vulnerability/wordpress-wpjobboard-plugin-5-11-1-csrf-to-remote-code-execution-rce-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-309xx/CVE-2025-30970.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-30970",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:26.827",
"lastModified": "2025-04-15T22:15:26.827",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Contact allows Reflected XSS. This issue affects Easy Contact: from n/a through 0.1.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/easy-contact/vulnerability/wordpress-easy-contact-plugin-0-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-309xx/CVE-2025-30982.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-30982",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:26.957",
"lastModified": "2025-04-15T22:15:26.957",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookProgress by Stormhill Media allows Stored XSS. This issue affects MyBookProgress by Stormhill Media: from n/a through 1.0.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/mybookprogress/vulnerability/wordpress-mybookprogress-by-stormhill-media-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-309xx/CVE-2025-30984.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-30984",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:27.137",
"lastModified": "2025-04-15T22:15:27.137",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound SEO Tools allows Reflected XSS. This issue affects SEO Tools: from n/a through 4.0.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/seo-automatic-seo-tools/vulnerability/wordpress-seo-tools-plugin-4-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

100
CVE-2025/CVE-2025-311xx/CVE-2025-31147.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-31147",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:27.283",
"lastModified": "2025-04-15T22:15:27.283",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-313xx/CVE-2025-31360.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-31360",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:27.430",
"lastModified": "2025-04-15T22:15:27.430",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated attackers can trigger device actions associated with specific \"scenes\" of arbitrary users."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-316xx/CVE-2025-31654.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-31654",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:27.577",
"lastModified": "2025-04-15T22:15:27.577",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., \"rooms\")."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-319xx/CVE-2025-31945.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-31945",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:27.730",
"lastModified": "2025-04-15T22:15:27.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can obtain other users' charger information."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

100
CVE-2025/CVE-2025-319xx/CVE-2025-31950.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-31950",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2025-04-15T22:15:27.867",
"lastModified": "2025-04-15T22:15:27.867",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated attacker can obtain EV charger energy consumption information of other users."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

64
CVE-2025/CVE-2025-323xx/CVE-2025-32388.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-32388",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-15T23:15:42.843",
"lastModified": "2025-04-15T23:15:42.843",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can exploit it by crafting a malicious URL and getting a user to click a link with said URL. This vulnerability is fixed in 2.20.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/sveltejs/kit/commit/d3300c6a67908590266c363dba7b0835d9a194cf",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.20.6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/sveltejs/kit/security/advisories/GHSA-6q87-84jw-cjhp",
"source": "security-advisories@github.com"
}
]
}

68
CVE-2025/CVE-2025-324xx/CVE-2025-32435.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2025-32435",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-15T23:15:42.983",
"lastModified": "2025-04-15T23:15:42.983",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should not affect the signing keys, that are owned by the hydra-queue-runner and hydra-www users respectively."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 2.6,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-95"
}
]
}
],
"references": [
{
"url": "https://github.com/NixOS/hydra/commit/8d750265135b7e203520036a742afdf301b4013f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/NixOS/hydra/security/advisories/GHSA-j7w7-965w-vjxw",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/NixOS/nixpkgs/pull/397919",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nix-community/nix-eval-jobs/releases/tag/v2.28.1",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2025/CVE-2025-327xx/CVE-2025-32782.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-32782",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-15T22:15:28.027",
"lastModified": "2025-04-15T22:15:28.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools (e.g., Outlook, virus scanners, and email previewers) may automatically follow these links, unintentionally confirming the account. This allows an attacker to register an account using another user\u2019s email and potentially have it auto-confirmed by the victim\u2019s email client. This does not allow attackers to take over or access existing accounts or private data. It is limited to account confirmation of new accounts only. This vulnerability is fixed in 4.7.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://github.com/team-alembic/ash_authentication/commit/99ea38977fd4f421d2aaae0c2fb29f8e5f8f707d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/team-alembic/ash_authentication/security/advisories/GHSA-3988-q8q7-p787",
"source": "security-advisories@github.com"
}
]
}

82
CVE-2025/CVE-2025-327xx/CVE-2025-32784.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2025-32784",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-04-15T22:15:28.157",
"lastModified": "2025-04-15T22:15:28.157",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized as a Time-of-Check to Time-of-Use (TOCTOU) issue, can be exploited to introduce unauthorized modifications to build artifacts stored in the cf-staging Anaconda channel. Exploitation may result in the unauthorized publication of malicious artifacts to the production conda-forge channel. The core vulnerability results from the absence of atomicity between the hash validation and the artifact copy operation. This gap allows an attacker, with access to the cf-staging token, to overwrite the validated artifact with a malicious version immediately after hash verification, but before the copy action is executed. As the cf-staging channel permits artifact overwrites, such an operation can be carried out using the anaconda upload --force command. This vulnerability is fixed in 2025.4.10."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"references": [
{
"url": "https://github.com/conda-forge/conda-forge-webservices/commit/141ed27617068debd150956341551df3a5a3807d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/conda-forge/conda-forge-webservices/security/advisories/GHSA-28cx-74fp-g2g2",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2025/CVE-2025-329xx/CVE-2025-32923.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-32923",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-04-15T22:15:28.290",
"lastModified": "2025-04-15T22:15:28.290",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Tourmaster allows Reflected XSS. This issue affects Tourmaster: from n/a through n/a."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/tourmaster/vulnerability/wordpress-tourmaster-plugin-5-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

110
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2025-04-15T22:00:21.084397+00:00 2025-04-15T23:55:20.949550+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2025-04-15T21:16:04.847000+00:00 2025-04-15T23:15:42.983000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -33,69 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
290033 290092
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `104` Recently added CVEs: `59`
- [CVE-2025-30725](CVE-2025/CVE-2025-307xx/CVE-2025-30725.json) (`2025-04-15T21:16:02.217`) - [CVE-2025-27565](CVE-2025/CVE-2025-275xx/CVE-2025-27565.json) (`2025-04-15T22:15:19.867`)
- [CVE-2025-30726](CVE-2025/CVE-2025-307xx/CVE-2025-30726.json) (`2025-04-15T21:16:02.327`) - [CVE-2025-27575](CVE-2025/CVE-2025-275xx/CVE-2025-27575.json) (`2025-04-15T22:15:20.013`)
- [CVE-2025-30727](CVE-2025/CVE-2025-307xx/CVE-2025-30727.json) (`2025-04-15T21:16:02.457`) - [CVE-2025-27719](CVE-2025/CVE-2025-277xx/CVE-2025-27719.json) (`2025-04-15T22:15:25.427`)
- [CVE-2025-30728](CVE-2025/CVE-2025-307xx/CVE-2025-30728.json) (`2025-04-15T21:16:02.563`) - [CVE-2025-27892](CVE-2025/CVE-2025-278xx/CVE-2025-27892.json) (`2025-04-15T22:15:25.577`)
- [CVE-2025-30729](CVE-2025/CVE-2025-307xx/CVE-2025-30729.json) (`2025-04-15T21:16:02.677`) - [CVE-2025-27927](CVE-2025/CVE-2025-279xx/CVE-2025-27927.json) (`2025-04-15T22:15:25.697`)
- [CVE-2025-30730](CVE-2025/CVE-2025-307xx/CVE-2025-30730.json) (`2025-04-15T21:16:02.793`) - [CVE-2025-27929](CVE-2025/CVE-2025-279xx/CVE-2025-27929.json) (`2025-04-15T22:15:25.850`)
- [CVE-2025-30731](CVE-2025/CVE-2025-307xx/CVE-2025-30731.json) (`2025-04-15T21:16:02.907`) - [CVE-2025-29471](CVE-2025/CVE-2025-294xx/CVE-2025-29471.json) (`2025-04-15T22:15:25.997`)
- [CVE-2025-30732](CVE-2025/CVE-2025-307xx/CVE-2025-30732.json) (`2025-04-15T21:16:03.013`) - [CVE-2025-30257](CVE-2025/CVE-2025-302xx/CVE-2025-30257.json) (`2025-04-15T22:15:26.117`)
- [CVE-2025-30733](CVE-2025/CVE-2025-307xx/CVE-2025-30733.json) (`2025-04-15T21:16:03.133`) - [CVE-2025-30510](CVE-2025/CVE-2025-305xx/CVE-2025-30510.json) (`2025-04-15T22:15:26.260`)
- [CVE-2025-30735](CVE-2025/CVE-2025-307xx/CVE-2025-30735.json) (`2025-04-15T21:16:03.247`) - [CVE-2025-30512](CVE-2025/CVE-2025-305xx/CVE-2025-30512.json) (`2025-04-15T22:15:26.403`)
- [CVE-2025-30736](CVE-2025/CVE-2025-307xx/CVE-2025-30736.json) (`2025-04-15T21:16:03.360`) - [CVE-2025-30966](CVE-2025/CVE-2025-309xx/CVE-2025-30966.json) (`2025-04-15T22:15:26.553`)
- [CVE-2025-30737](CVE-2025/CVE-2025-307xx/CVE-2025-30737.json) (`2025-04-15T21:16:03.473`) - [CVE-2025-30967](CVE-2025/CVE-2025-309xx/CVE-2025-30967.json) (`2025-04-15T22:15:26.683`)
- [CVE-2025-30740](CVE-2025/CVE-2025-307xx/CVE-2025-30740.json) (`2025-04-15T21:16:03.597`) - [CVE-2025-30970](CVE-2025/CVE-2025-309xx/CVE-2025-30970.json) (`2025-04-15T22:15:26.827`)
- [CVE-2025-31357](CVE-2025/CVE-2025-313xx/CVE-2025-31357.json) (`2025-04-15T21:16:03.737`) - [CVE-2025-30982](CVE-2025/CVE-2025-309xx/CVE-2025-30982.json) (`2025-04-15T22:15:26.957`)
- [CVE-2025-31497](CVE-2025/CVE-2025-314xx/CVE-2025-31497.json) (`2025-04-15T20:15:39.270`) - [CVE-2025-30984](CVE-2025/CVE-2025-309xx/CVE-2025-30984.json) (`2025-04-15T22:15:27.137`)
- [CVE-2025-31499](CVE-2025/CVE-2025-314xx/CVE-2025-31499.json) (`2025-04-15T21:16:03.937`) - [CVE-2025-31147](CVE-2025/CVE-2025-311xx/CVE-2025-31147.json) (`2025-04-15T22:15:27.283`)
- [CVE-2025-31933](CVE-2025/CVE-2025-319xx/CVE-2025-31933.json) (`2025-04-15T21:16:04.063`) - [CVE-2025-31360](CVE-2025/CVE-2025-313xx/CVE-2025-31360.json) (`2025-04-15T22:15:27.430`)
- [CVE-2025-31941](CVE-2025/CVE-2025-319xx/CVE-2025-31941.json) (`2025-04-15T21:16:04.200`) - [CVE-2025-31654](CVE-2025/CVE-2025-316xx/CVE-2025-31654.json) (`2025-04-15T22:15:27.577`)
- [CVE-2025-31949](CVE-2025/CVE-2025-319xx/CVE-2025-31949.json) (`2025-04-15T21:16:04.337`) - [CVE-2025-31945](CVE-2025/CVE-2025-319xx/CVE-2025-31945.json) (`2025-04-15T22:15:27.730`)
- [CVE-2025-32012](CVE-2025/CVE-2025-320xx/CVE-2025-32012.json) (`2025-04-15T20:15:39.400`) - [CVE-2025-31950](CVE-2025/CVE-2025-319xx/CVE-2025-31950.json) (`2025-04-15T22:15:27.867`)
- [CVE-2025-32021](CVE-2025/CVE-2025-320xx/CVE-2025-32021.json) (`2025-04-15T21:16:04.523`) - [CVE-2025-32388](CVE-2025/CVE-2025-323xx/CVE-2025-32388.json) (`2025-04-15T23:15:42.843`)
- [CVE-2025-32438](CVE-2025/CVE-2025-324xx/CVE-2025-32438.json) (`2025-04-15T20:15:39.533`) - [CVE-2025-32435](CVE-2025/CVE-2025-324xx/CVE-2025-32435.json) (`2025-04-15T23:15:42.983`)
- [CVE-2025-32439](CVE-2025/CVE-2025-324xx/CVE-2025-32439.json) (`2025-04-15T20:15:39.677`) - [CVE-2025-32782](CVE-2025/CVE-2025-327xx/CVE-2025-32782.json) (`2025-04-15T22:15:28.027`)
- [CVE-2025-32445](CVE-2025/CVE-2025-324xx/CVE-2025-32445.json) (`2025-04-15T20:15:39.807`) - [CVE-2025-32784](CVE-2025/CVE-2025-327xx/CVE-2025-32784.json) (`2025-04-15T22:15:28.157`)
- [CVE-2025-32778](CVE-2025/CVE-2025-327xx/CVE-2025-32778.json) (`2025-04-15T21:16:04.710`) - [CVE-2025-32923](CVE-2025/CVE-2025-329xx/CVE-2025-32923.json) (`2025-04-15T22:15:28.290`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `53` Recently modified CVEs: `38`
- [CVE-2024-35166](CVE-2024/CVE-2024-351xx/CVE-2024-35166.json) (`2025-04-15T20:56:04.463`) - [CVE-2025-27645](CVE-2025/CVE-2025-276xx/CVE-2025-27645.json) (`2025-04-15T22:15:21.337`)
- [CVE-2024-36842](CVE-2024/CVE-2024-368xx/CVE-2024-36842.json) (`2025-04-15T20:15:38.160`) - [CVE-2025-27646](CVE-2025/CVE-2025-276xx/CVE-2025-27646.json) (`2025-04-15T22:15:21.500`)
- [CVE-2024-53481](CVE-2024/CVE-2024-534xx/CVE-2024-53481.json) (`2025-04-15T20:35:16.203`) - [CVE-2025-27647](CVE-2025/CVE-2025-276xx/CVE-2025-27647.json) (`2025-04-15T22:15:21.663`)
- [CVE-2024-53825](CVE-2024/CVE-2024-538xx/CVE-2024-53825.json) (`2025-04-15T20:55:02.877`) - [CVE-2025-27648](CVE-2025/CVE-2025-276xx/CVE-2025-27648.json) (`2025-04-15T22:15:21.840`)
- [CVE-2024-54211](CVE-2024/CVE-2024-542xx/CVE-2024-54211.json) (`2025-04-15T20:35:50.483`) - [CVE-2025-27649](CVE-2025/CVE-2025-276xx/CVE-2025-27649.json) (`2025-04-15T22:15:22.007`)
- [CVE-2024-57159](CVE-2024/CVE-2024-571xx/CVE-2024-57159.json) (`2025-04-15T20:09:13.510`) - [CVE-2025-27650](CVE-2025/CVE-2025-276xx/CVE-2025-27650.json) (`2025-04-15T22:15:22.163`)
- [CVE-2024-57611](CVE-2024/CVE-2024-576xx/CVE-2024-57611.json) (`2025-04-15T20:09:27.233`) - [CVE-2025-27651](CVE-2025/CVE-2025-276xx/CVE-2025-27651.json) (`2025-04-15T22:15:22.327`)
- [CVE-2025-0539](CVE-2025/CVE-2025-05xx/CVE-2025-0539.json) (`2025-04-15T21:15:46.847`) - [CVE-2025-27652](CVE-2025/CVE-2025-276xx/CVE-2025-27652.json) (`2025-04-15T22:15:22.490`)
- [CVE-2025-21601](CVE-2025/CVE-2025-216xx/CVE-2025-21601.json) (`2025-04-15T21:15:54.560`) - [CVE-2025-27653](CVE-2025/CVE-2025-276xx/CVE-2025-27653.json) (`2025-04-15T22:15:22.653`)
- [CVE-2025-24948](CVE-2025/CVE-2025-249xx/CVE-2025-24948.json) (`2025-04-15T20:15:38.547`) - [CVE-2025-27654](CVE-2025/CVE-2025-276xx/CVE-2025-27654.json) (`2025-04-15T22:15:22.810`)
- [CVE-2025-24949](CVE-2025/CVE-2025-249xx/CVE-2025-24949.json) (`2025-04-15T20:15:38.690`) - [CVE-2025-27655](CVE-2025/CVE-2025-276xx/CVE-2025-27655.json) (`2025-04-15T22:15:22.980`)
- [CVE-2025-25379](CVE-2025/CVE-2025-253xx/CVE-2025-25379.json) (`2025-04-15T20:10:40.157`) - [CVE-2025-27656](CVE-2025/CVE-2025-276xx/CVE-2025-27656.json) (`2025-04-15T22:15:23.140`)
- [CVE-2025-25456](CVE-2025/CVE-2025-254xx/CVE-2025-25456.json) (`2025-04-15T21:15:54.877`) - [CVE-2025-27657](CVE-2025/CVE-2025-276xx/CVE-2025-27657.json) (`2025-04-15T22:15:23.297`)
- [CVE-2025-26977](CVE-2025/CVE-2025-269xx/CVE-2025-26977.json) (`2025-04-15T20:15:04.003`) - [CVE-2025-27674](CVE-2025/CVE-2025-276xx/CVE-2025-27674.json) (`2025-04-15T22:15:23.460`)
- [CVE-2025-27410](CVE-2025/CVE-2025-274xx/CVE-2025-27410.json) (`2025-04-15T20:19:49.100`) - [CVE-2025-27675](CVE-2025/CVE-2025-276xx/CVE-2025-27675.json) (`2025-04-15T22:15:23.627`)
- [CVE-2025-27413](CVE-2025/CVE-2025-274xx/CVE-2025-27413.json) (`2025-04-15T20:27:24.010`) - [CVE-2025-27676](CVE-2025/CVE-2025-276xx/CVE-2025-27676.json) (`2025-04-15T22:15:23.780`)
- [CVE-2025-27980](CVE-2025/CVE-2025-279xx/CVE-2025-27980.json) (`2025-04-15T21:15:55.583`) - [CVE-2025-27677](CVE-2025/CVE-2025-276xx/CVE-2025-27677.json) (`2025-04-15T22:15:23.943`)
- [CVE-2025-28136](CVE-2025/CVE-2025-281xx/CVE-2025-28136.json) (`2025-04-15T21:15:55.767`) - [CVE-2025-27678](CVE-2025/CVE-2025-276xx/CVE-2025-27678.json) (`2025-04-15T22:15:24.107`)
- [CVE-2025-28142](CVE-2025/CVE-2025-281xx/CVE-2025-28142.json) (`2025-04-15T21:15:55.927`) - [CVE-2025-27679](CVE-2025/CVE-2025-276xx/CVE-2025-27679.json) (`2025-04-15T22:15:24.280`)
- [CVE-2025-28143](CVE-2025/CVE-2025-281xx/CVE-2025-28143.json) (`2025-04-15T21:15:56.123`) - [CVE-2025-27680](CVE-2025/CVE-2025-276xx/CVE-2025-27680.json) (`2025-04-15T22:15:24.447`)
- [CVE-2025-28144](CVE-2025/CVE-2025-281xx/CVE-2025-28144.json) (`2025-04-15T21:15:56.283`) - [CVE-2025-27681](CVE-2025/CVE-2025-276xx/CVE-2025-27681.json) (`2025-04-15T22:15:24.613`)
- [CVE-2025-28145](CVE-2025/CVE-2025-281xx/CVE-2025-28145.json) (`2025-04-15T21:15:56.457`) - [CVE-2025-27682](CVE-2025/CVE-2025-276xx/CVE-2025-27682.json) (`2025-04-15T22:15:24.773`)
- [CVE-2025-28198](CVE-2025/CVE-2025-281xx/CVE-2025-28198.json) (`2025-04-15T20:15:38.833`) - [CVE-2025-27683](CVE-2025/CVE-2025-276xx/CVE-2025-27683.json) (`2025-04-15T22:15:24.933`)
- [CVE-2025-30285](CVE-2025/CVE-2025-302xx/CVE-2025-30285.json) (`2025-04-15T20:02:19.560`) - [CVE-2025-27684](CVE-2025/CVE-2025-276xx/CVE-2025-27684.json) (`2025-04-15T22:15:25.100`)
- [CVE-2025-3114](CVE-2025/CVE-2025-31xx/CVE-2025-3114.json) (`2025-04-15T21:16:04.847`) - [CVE-2025-27685](CVE-2025/CVE-2025-276xx/CVE-2025-27685.json) (`2025-04-15T22:15:25.260`)
## Download and Usage ## Download and Usage

449
_state.csv
View File

File diff suppressed because it is too large Load Diff