admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-03-28T23:00:20.325052+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-03-28 23:03:50 +00:00
parent 2f367cb29d
commit f3eb928843
49 changed files with 1265 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2022/CVE-2022-453xx/CVE-2022-45320.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-45320",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-20T05:15:07.613",
"lastModified": "2025-03-25T20:15:16.163",
"lastModified": "2025-03-28T21:15:14.607",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

22
CVE-2023/CVE-2023-429xx/CVE-2023-42938.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42938",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-14T19:15:49.270",
"lastModified": "2024-12-09T14:48:51.917",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T21:15:14.797",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -42,19 +42,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
@ -69,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-457xx/CVE-2023-45705.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45705",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-03-28T15:15:45.590",
"lastModified": "2025-01-23T19:25:34.803",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T21:15:15.000",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "CWE-918"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-525xx/CVE-2023-52540.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52540",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-04-08T09:15:08.550",
"lastModified": "2024-12-09T14:12:49.007",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T21:15:15.150",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [

8
CVE-2023/CVE-2023-528xx/CVE-2023-52857.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52857",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T16:15:22.803",
"lastModified": "2025-02-03T16:13:27.567",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T22:15:15.260",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -92,6 +92,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a12bd675100531f9fb4508fd4430dd1632325a0e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b0b0d811eac6b4c52cb9ad632fa6384cf48869e7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

16
CVE-2024/CVE-2024-209xx/CVE-2024-20992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20992",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:12.280",
"lastModified": "2024-11-27T16:36:46.510",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T21:15:15.313",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

16
CVE-2024/CVE-2024-210xx/CVE-2024-21035.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21035",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:19.597",
"lastModified": "2024-11-27T16:30:11.690",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T21:15:15.470",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-232xx/CVE-2024-23284.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23284",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-08T02:15:49.883",
"lastModified": "2024-12-09T14:51:06.673",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T21:15:15.617",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"configurations": [

16
CVE-2024/CVE-2024-233xx/CVE-2024-23338.json Normal file
View File

@ -0,0 +1,16 @@
{
"id": "CVE-2024-23338",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-03-28T22:15:16.150",
"lastModified": "2025-03-28T22:15:16.150",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-53427. Reason: This candidate is a duplicate of CVE-2024-53427. Notes: All CVE users should reference CVE-2024-53427 instead of this candidate."
}
],
"metrics": {},
"references": []
}

21
CVE-2024/CVE-2024-242xx/CVE-2024-24292.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-24292",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T21:15:15.833",
"lastModified": "2025-03-28T21:15:15.833",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/tariqhawis/a8b2c936622c885558173c37df0a77d9",
"source": "cve@mitre.org"
}
]
}

34
CVE-2024/CVE-2024-254xx/CVE-2024-25468.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25468",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-17T06:15:54.487",
"lastModified": "2024-12-16T23:04:51.047",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T21:15:15.940",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [

8
CVE-2024/CVE-2024-266xx/CVE-2024-26656.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26656",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-02T07:15:42.760",
"lastModified": "2025-03-17T15:13:27.847",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T22:15:16.230",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -84,6 +84,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2e13f88e01ae7e28a7e831bf5c2409c4748e0a60",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/af054a5fb24a144f99895afce9519d709891894c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

10
CVE-2024/CVE-2024-270xx/CVE-2024-27056.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27056",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T13:15:50.360",
"lastModified": "2024-11-21T09:03:45.980",
"lastModified": "2025-03-28T22:15:16.373",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -17,6 +17,14 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/35afffaddbe8d310dc61659da0b1a337b0d0addc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4903303f25f48b5a1e34e6324c7fae9ccd6b959a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

14
CVE-2024/CVE-2024-279xx/CVE-2024-27982.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27982",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-05-07T17:15:07.663",
"lastModified": "2024-11-21T09:05:33.463",
"lastModified": "2025-03-28T21:15:16.227",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://hackerone.com/reports/2237099",

39
CVE-2024/CVE-2024-293xx/CVE-2024-29375.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29375",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-04T07:15:08.190",
"lastModified": "2024-11-21T09:07:58.267",
"lastModified": "2025-03-28T21:15:16.347",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n CSV en Addactis IBNRS v.3.10.3.107 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo .ibnrs manipulado en los par\u00e1metros Descripci\u00f3n del proyecto, Identificadores, Nombre del tri\u00e1ngulo personalizado (dentro de los Tri\u00e1ngulos de entrada) y Nombre de la curva de rendimiento."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"references": [
{
"url": "https://github.com/ismailcemunver/CVE-2024-29375",

34
CVE-2024/CVE-2024-294xx/CVE-2024-29477.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29477",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T12:15:13.353",
"lastModified": "2025-03-06T19:33:27.710",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T21:15:16.517",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,12 +36,42 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{

32
CVE-2024/CVE-2024-314xx/CVE-2024-31402.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31402",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-06-11T06:15:10.650",
"lastModified": "2024-11-21T09:13:27.833",
"lastModified": "2025-03-28T21:15:16.693",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-863"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

8
CVE-2024/CVE-2024-358xx/CVE-2024-35866.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35866",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-19T09:15:08.123",
"lastModified": "2024-12-30T17:35:00.177",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T22:15:16.503",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -108,6 +108,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f4a60d360d9114b5085701a3702a0102b0d6d846",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/10e17ca4000ec34737bde002a13435c38ace2682",
"source": "af854a3a-2127-422b-91ae-364da2661108",

6
CVE-2024/CVE-2024-359xx/CVE-2024-35949.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35949",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-20T10:15:10.413",
"lastModified": "2024-11-21T09:21:16.360",
"lastModified": "2025-03-28T22:15:16.637",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -17,6 +17,10 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/9dff3e36ea89e8003516841c27c45af562b6ef44",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e03418abde871314e1a3a550f4c8afb7b89cb273",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

25
CVE-2024/CVE-2024-389xx/CVE-2024-38985.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-38985",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T21:15:16.867",
"lastModified": "2025-03-28T21:15:16.867",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/32c0a48023036e51918f6a098f21953d",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/janryWang/depath/issues/11",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-389xx/CVE-2024-38988.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-38988",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T21:15:16.967",
"lastModified": "2025-03-28T21:15:16.967",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/4c5dfb66bea377889c44dd6c8af28713",
"source": "cve@mitre.org"
}
]
}

27
CVE-2024/CVE-2024-39xx/CVE-2024-3918.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3918",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-23T06:15:11.007",
"lastModified": "2024-11-21T09:30:41.897",
"lastModified": "2025-03-28T21:15:17.050",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento Pet Manager de WordPress hasta la versi\u00f3n 1.4 no sanitiza ni escapa a algunas de sus configuraciones de mascotas, lo que podr\u00eda permitir a usuarios con altos privilegios, como Contributor, realizar ataques de Cross-Site Scripting Almacenado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/2074d0f5-4165-4130-9391-37cb21e8aa1b/",

6
CVE-2024/CVE-2024-421xx/CVE-2024-42129.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-42129",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:04.977",
"lastModified": "2024-12-02T08:15:06.487",
"lastModified": "2025-03-28T22:15:16.783",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -25,6 +25,10 @@
"url": "https://git.kernel.org/stable/c/3b62888307ae44b68512d3f7735c26a4c8e45b51",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/618c6ce83471ab4f7ac744d27b9d03af173bc141",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/efc347b9efee1c2b081f5281d33be4559fa50a16",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

8
CVE-2024/CVE-2024-477xx/CVE-2024-47753.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47753",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:05.283",
"lastModified": "2024-10-22T16:10:40.380",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T22:15:16.913",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -99,6 +99,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4e0713c79cf5d0b549fa855e230ade1ff83c27d7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b113bc7c0e83b32f4dd2d291a2b6c4803e0a2c44",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

10
CVE-2024/CVE-2024-532xx/CVE-2024-53209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53209",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T14:15:28.793",
"lastModified": "2025-03-06T12:47:14.427",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-28T22:15:17.067",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -42,7 +42,7 @@
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",
@ -92,6 +92,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7f306c651feab2f3689185f60b94e72b573255db",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/84353386762a0a16dd444ead76c012e167d89b41",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

25
CVE-2024/CVE-2024-569xx/CVE-2024-56975.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-56975",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T21:15:17.207",
"lastModified": "2025-03-28T21:15:17.207",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/InvoicePlane/InvoicePlane/pull/1127",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/InvoicePlane/InvoicePlane/pull/1166",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-570xx/CVE-2024-57083.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-57083",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T21:15:17.307",
"lastModified": "2025-03-28T21:15:17.307",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Redocly/redoc/issues/2499",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-581xx/CVE-2024-58128.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-58128",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:17.197",
"lastModified": "2025-03-28T22:15:17.197",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/33a1eb66408e16a7535b2bae48303efd9501a26a",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/MISP/MISP/releases/tag/v2.4.193",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-581xx/CVE-2024-58129.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-58129",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:17.333",
"lastModified": "2025-03-28T22:15:17.333",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/09a43870e733f79ffa33753ddc7bce3cbb5a5647",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/MISP/MISP/releases/tag/v2.4.193",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-581xx/CVE-2024-58130.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-58130",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:17.463",
"lastModified": "2025-03-28T22:15:17.463",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/f08a2eaec25f0212c22b225c0b654bd60d089ef9",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/MISP/MISP/releases/tag/v2.4.193",
"source": "cve@mitre.org"
}
]
}

60
CVE-2024/CVE-2024-68xx/CVE-2024-6875.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-6875",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-03-28T21:15:17.400",
"lastModified": "2025-03-28T21:15:17.400",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-6875",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2298555",
"source": "secalert@redhat.com"
}
]
}

21
CVE-2025/CVE-2025-229xx/CVE-2025-22953.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-22953",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T21:15:17.617",
"lastModified": "2025-03-28T21:15:17.617",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability exists in the Epicor HCM 2021 1.9, specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can exploit this vulnerability by injecting malicious SQL payloads into the filter parameter, enabling the unauthorized execution of arbitrary SQL commands on the backend database. If certain features (like xp_cmdshell) are enabled, this may lead to remote code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://tinted-hollyhock-92d.notion.site/EPICOR-HCM-Unauthenticated-Blind-SQL-Injection-CVE-2025-22953-170f1fdee211803988d1c9255a8cb904?pvs=4",
"source": "cve@mitre.org"
}
]
}

25
CVE-2025/CVE-2025-255xx/CVE-2025-25579.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-25579",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:17.597",
"lastModified": "2025-03-28T22:15:17.597",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/regainer27/0abf6f56eae3fa2826d2551e22c2ace3",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/regainer27/totolink_A3002R_remote_command_exec",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-280xx/CVE-2025-28087.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-28087",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:17.717",
"lastModified": "2025-03-28T22:15:17.717",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php."
}
],
"metrics": {},
"references": [
{
"url": "https://www.yuque.com/morysummer/vx41bz/vxhdpdeavzvtvdqq",
"source": "cve@mitre.org"
}
]
}

25
CVE-2025/CVE-2025-280xx/CVE-2025-28089.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-28089",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:17.847",
"lastModified": "2025-03-28T22:15:17.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/magicblack/maccms10/releases/tag/v2025.1000.4047",
"source": "cve@mitre.org"
},
{
"url": "https://www.yuque.com/morysummer/vx41bz/wzer7qxh0vwrf6zq",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-280xx/CVE-2025-28090.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-28090",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:17.980",
"lastModified": "2025-03-28T22:15:17.980",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature."
}
],
"metrics": {},
"references": [
{
"url": "https://www.yuque.com/morysummer/vx41bz/xo5w1euakvtgenex",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-280xx/CVE-2025-28091.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-28091",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:18.107",
"lastModified": "2025-03-28T22:15:18.107",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article."
}
],
"metrics": {},
"references": [
{
"url": "https://www.yuque.com/morysummer/vx41bz/ax55rxv4u3our1ic",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-280xx/CVE-2025-28092.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-28092",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:18.237",
"lastModified": "2025-03-28T22:15:18.237",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function."
}
],
"metrics": {},
"references": [
{
"url": "https://www.yuque.com/morysummer/vx41bz/stggvmlxs9ewqlvu",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-280xx/CVE-2025-28093.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-28093",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:18.410",
"lastModified": "2025-03-28T22:15:18.410",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings."
}
],
"metrics": {},
"references": [
{
"url": "https://www.yuque.com/morysummer/vx41bz/he2hb8ic8an8h07f",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-280xx/CVE-2025-28094.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-28094",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:18.563",
"lastModified": "2025-03-28T22:15:18.563",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places."
}
],
"metrics": {},
"references": [
{
"url": "https://www.yuque.com/morysummer/vx41bz/echzollcdlmllgqo",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-280xx/CVE-2025-28096.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-28096",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:18.700",
"lastModified": "2025-03-28T22:15:18.700",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers."
}
],
"metrics": {},
"references": [
{
"url": "https://www.yuque.com/morysummer/vx41bz/oqi6pyv26gci6465",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-280xx/CVE-2025-28097.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-28097",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T22:15:18.827",
"lastModified": "2025-03-28T22:15:18.827",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers."
}
],
"metrics": {},
"references": [
{
"url": "https://www.yuque.com/morysummer/vx41bz/oqi6pyv26gci6465",
"source": "cve@mitre.org"
}
]
}

29
CVE-2025/CVE-2025-282xx/CVE-2025-28254.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-28254",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T21:15:17.710",
"lastModified": "2025-03-28T21:15:17.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions()."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Leantime/leantime/blob/0e7ddbbe3d582f657a1dddfef7b3419ae588cbf7/app/Domain/Notifications/Services/Notifications.php#L128",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Leantime/leantime/commit/ce1d2073e4601183e1bdd90f4b433d16aee46a50",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Leantime/leantime/security/advisories/GHSA-95j3-435g-vjcp",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-282xx/CVE-2025-28256.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-28256",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-28T21:15:17.810",
"lastModified": "2025-03-28T21:15:17.810",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ZackSecurity/VulnerReport/blob/cve/totolink/A3100R/1.md",
"source": "cve@mitre.org"
}
]
}

10
CVE-2025/CVE-2025-29xx/CVE-2025-2925.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-2925",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-28T20:15:26.440",
"lastModified": "2025-03-28T20:15:26.440",
"lastModified": "2025-03-28T21:15:17.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -59,7 +59,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +136,10 @@
{
"url": "https://vuldb.com/?submit.521193",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/HDFGroup/hdf5/issues/5383",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

10
CVE-2025/CVE-2025-29xx/CVE-2025-2926.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-2926",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-28T20:15:26.980",
"lastModified": "2025-03-28T20:15:26.980",
"lastModified": "2025-03-28T21:15:18.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -59,7 +59,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
@ -107,7 +107,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +136,10 @@
{
"url": "https://vuldb.com/?submit.521246",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/HDFGroup/hdf5/issues/5384",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

141
CVE-2025/CVE-2025-29xx/CVE-2025-2927.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-2927",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-28T21:15:18.150",
"lastModified": "2025-03-28T21:15:18.150",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/Rain1er/report/blob/main/CDG/Mg%3D%3D.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.301902",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.301902",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.521263",
"source": "cna@vuldb.com"
}
]
}

87
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-03-28T21:00:20.489361+00:00
2025-03-28T23:00:20.325052+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-03-28T20:56:10.790000+00:00
2025-03-28T22:15:18.827000+00:00
```
### Last Data Feed Release
@ -33,49 +33,66 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
287275
287299
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `24`
- [CVE-2025-2922](CVE-2025/CVE-2025-29xx/CVE-2025-2922.json) (`2025-03-28T19:15:23.063`)
- [CVE-2025-2923](CVE-2025/CVE-2025-29xx/CVE-2025-2923.json) (`2025-03-28T19:15:24.003`)
- [CVE-2025-2924](CVE-2025/CVE-2025-29xx/CVE-2025-2924.json) (`2025-03-28T20:15:26.147`)
- [CVE-2025-2925](CVE-2025/CVE-2025-29xx/CVE-2025-2925.json) (`2025-03-28T20:15:26.440`)
- [CVE-2025-2926](CVE-2025/CVE-2025-29xx/CVE-2025-2926.json) (`2025-03-28T20:15:26.980`)
- [CVE-2024-23338](CVE-2024/CVE-2024-233xx/CVE-2024-23338.json) (`2025-03-28T22:15:16.150`)
- [CVE-2024-24292](CVE-2024/CVE-2024-242xx/CVE-2024-24292.json) (`2025-03-28T21:15:15.833`)
- [CVE-2024-38985](CVE-2024/CVE-2024-389xx/CVE-2024-38985.json) (`2025-03-28T21:15:16.867`)
- [CVE-2024-38988](CVE-2024/CVE-2024-389xx/CVE-2024-38988.json) (`2025-03-28T21:15:16.967`)
- [CVE-2024-56975](CVE-2024/CVE-2024-569xx/CVE-2024-56975.json) (`2025-03-28T21:15:17.207`)
- [CVE-2024-57083](CVE-2024/CVE-2024-570xx/CVE-2024-57083.json) (`2025-03-28T21:15:17.307`)
- [CVE-2024-58128](CVE-2024/CVE-2024-581xx/CVE-2024-58128.json) (`2025-03-28T22:15:17.197`)
- [CVE-2024-58129](CVE-2024/CVE-2024-581xx/CVE-2024-58129.json) (`2025-03-28T22:15:17.333`)
- [CVE-2024-58130](CVE-2024/CVE-2024-581xx/CVE-2024-58130.json) (`2025-03-28T22:15:17.463`)
- [CVE-2024-6875](CVE-2024/CVE-2024-68xx/CVE-2024-6875.json) (`2025-03-28T21:15:17.400`)
- [CVE-2025-22953](CVE-2025/CVE-2025-229xx/CVE-2025-22953.json) (`2025-03-28T21:15:17.617`)
- [CVE-2025-25579](CVE-2025/CVE-2025-255xx/CVE-2025-25579.json) (`2025-03-28T22:15:17.597`)
- [CVE-2025-28087](CVE-2025/CVE-2025-280xx/CVE-2025-28087.json) (`2025-03-28T22:15:17.717`)
- [CVE-2025-28089](CVE-2025/CVE-2025-280xx/CVE-2025-28089.json) (`2025-03-28T22:15:17.847`)
- [CVE-2025-28090](CVE-2025/CVE-2025-280xx/CVE-2025-28090.json) (`2025-03-28T22:15:17.980`)
- [CVE-2025-28091](CVE-2025/CVE-2025-280xx/CVE-2025-28091.json) (`2025-03-28T22:15:18.107`)
- [CVE-2025-28092](CVE-2025/CVE-2025-280xx/CVE-2025-28092.json) (`2025-03-28T22:15:18.237`)
- [CVE-2025-28093](CVE-2025/CVE-2025-280xx/CVE-2025-28093.json) (`2025-03-28T22:15:18.410`)
- [CVE-2025-28094](CVE-2025/CVE-2025-280xx/CVE-2025-28094.json) (`2025-03-28T22:15:18.563`)
- [CVE-2025-28096](CVE-2025/CVE-2025-280xx/CVE-2025-28096.json) (`2025-03-28T22:15:18.700`)
- [CVE-2025-28097](CVE-2025/CVE-2025-280xx/CVE-2025-28097.json) (`2025-03-28T22:15:18.827`)
- [CVE-2025-28254](CVE-2025/CVE-2025-282xx/CVE-2025-28254.json) (`2025-03-28T21:15:17.710`)
- [CVE-2025-28256](CVE-2025/CVE-2025-282xx/CVE-2025-28256.json) (`2025-03-28T21:15:17.810`)
- [CVE-2025-2927](CVE-2025/CVE-2025-29xx/CVE-2025-2927.json) (`2025-03-28T21:15:18.150`)
### CVEs modified in the last Commit
Recently modified CVEs: `106`
Recently modified CVEs: `23`
- [CVE-2025-1932](CVE-2025/CVE-2025-19xx/CVE-2025-1932.json) (`2025-03-28T20:09:58.490`)
- [CVE-2025-1941](CVE-2025/CVE-2025-19xx/CVE-2025-1941.json) (`2025-03-28T20:10:22.923`)
- [CVE-2025-1942](CVE-2025/CVE-2025-19xx/CVE-2025-1942.json) (`2025-03-28T20:10:49.257`)
- [CVE-2025-2163](CVE-2025/CVE-2025-21xx/CVE-2025-2163.json) (`2025-03-28T19:46:06.197`)
- [CVE-2025-23055](CVE-2025/CVE-2025-230xx/CVE-2025-23055.json) (`2025-03-28T19:00:17.160`)
- [CVE-2025-23056](CVE-2025/CVE-2025-230xx/CVE-2025-23056.json) (`2025-03-28T19:01:49.937`)
- [CVE-2025-23057](CVE-2025/CVE-2025-230xx/CVE-2025-23057.json) (`2025-03-28T19:03:27.317`)
- [CVE-2025-24746](CVE-2025/CVE-2025-247xx/CVE-2025-24746.json) (`2025-03-28T19:15:14.553`)
- [CVE-2025-25389](CVE-2025/CVE-2025-253xx/CVE-2025-25389.json) (`2025-03-28T19:04:10.523`)
- [CVE-2025-25462](CVE-2025/CVE-2025-254xx/CVE-2025-25462.json) (`2025-03-28T20:01:44.690`)
- [CVE-2025-25765](CVE-2025/CVE-2025-257xx/CVE-2025-25765.json) (`2025-03-28T19:10:06.070`)
- [CVE-2025-25769](CVE-2025/CVE-2025-257xx/CVE-2025-25769.json) (`2025-03-28T20:08:22.980`)
- [CVE-2025-25770](CVE-2025/CVE-2025-257xx/CVE-2025-25770.json) (`2025-03-28T20:07:33.183`)
- [CVE-2025-2639](CVE-2025/CVE-2025-26xx/CVE-2025-2639.json) (`2025-03-28T19:33:14.553`)
- [CVE-2025-26622](CVE-2025/CVE-2025-266xx/CVE-2025-26622.json) (`2025-03-28T20:06:00.130`)
- [CVE-2025-27103](CVE-2025/CVE-2025-271xx/CVE-2025-27103.json) (`2025-03-28T19:55:11.007`)
- [CVE-2025-27104](CVE-2025/CVE-2025-271xx/CVE-2025-27104.json) (`2025-03-28T20:05:35.357`)
- [CVE-2025-27105](CVE-2025/CVE-2025-271xx/CVE-2025-27105.json) (`2025-03-28T20:02:28.310`)
- [CVE-2025-27424](CVE-2025/CVE-2025-274xx/CVE-2025-27424.json) (`2025-03-28T20:11:15.007`)
- [CVE-2025-28011](CVE-2025/CVE-2025-280xx/CVE-2025-28011.json) (`2025-03-28T20:00:36.220`)
- [CVE-2025-28015](CVE-2025/CVE-2025-280xx/CVE-2025-28015.json) (`2025-03-28T19:49:16.520`)
- [CVE-2025-29121](CVE-2025/CVE-2025-291xx/CVE-2025-29121.json) (`2025-03-28T19:34:42.127`)
- [CVE-2025-2921](CVE-2025/CVE-2025-29xx/CVE-2025-2921.json) (`2025-03-28T20:15:25.773`)
- [CVE-2025-29411](CVE-2025/CVE-2025-294xx/CVE-2025-29411.json) (`2025-03-28T19:38:32.533`)
- [CVE-2025-29427](CVE-2025/CVE-2025-294xx/CVE-2025-29427.json) (`2025-03-28T19:40:31.597`)
- [CVE-2022-45320](CVE-2022/CVE-2022-453xx/CVE-2022-45320.json) (`2025-03-28T21:15:14.607`)
- [CVE-2023-42938](CVE-2023/CVE-2023-429xx/CVE-2023-42938.json) (`2025-03-28T21:15:14.797`)
- [CVE-2023-45705](CVE-2023/CVE-2023-457xx/CVE-2023-45705.json) (`2025-03-28T21:15:15.000`)
- [CVE-2023-52540](CVE-2023/CVE-2023-525xx/CVE-2023-52540.json) (`2025-03-28T21:15:15.150`)
- [CVE-2023-52857](CVE-2023/CVE-2023-528xx/CVE-2023-52857.json) (`2025-03-28T22:15:15.260`)
- [CVE-2024-20992](CVE-2024/CVE-2024-209xx/CVE-2024-20992.json) (`2025-03-28T21:15:15.313`)
- [CVE-2024-21035](CVE-2024/CVE-2024-210xx/CVE-2024-21035.json) (`2025-03-28T21:15:15.470`)
- [CVE-2024-23284](CVE-2024/CVE-2024-232xx/CVE-2024-23284.json) (`2025-03-28T21:15:15.617`)
- [CVE-2024-25468](CVE-2024/CVE-2024-254xx/CVE-2024-25468.json) (`2025-03-28T21:15:15.940`)
- [CVE-2024-26656](CVE-2024/CVE-2024-266xx/CVE-2024-26656.json) (`2025-03-28T22:15:16.230`)
- [CVE-2024-27056](CVE-2024/CVE-2024-270xx/CVE-2024-27056.json) (`2025-03-28T22:15:16.373`)
- [CVE-2024-27982](CVE-2024/CVE-2024-279xx/CVE-2024-27982.json) (`2025-03-28T21:15:16.227`)
- [CVE-2024-29375](CVE-2024/CVE-2024-293xx/CVE-2024-29375.json) (`2025-03-28T21:15:16.347`)
- [CVE-2024-29477](CVE-2024/CVE-2024-294xx/CVE-2024-29477.json) (`2025-03-28T21:15:16.517`)
- [CVE-2024-31402](CVE-2024/CVE-2024-314xx/CVE-2024-31402.json) (`2025-03-28T21:15:16.693`)
- [CVE-2024-35866](CVE-2024/CVE-2024-358xx/CVE-2024-35866.json) (`2025-03-28T22:15:16.503`)
- [CVE-2024-35949](CVE-2024/CVE-2024-359xx/CVE-2024-35949.json) (`2025-03-28T22:15:16.637`)
- [CVE-2024-3918](CVE-2024/CVE-2024-39xx/CVE-2024-3918.json) (`2025-03-28T21:15:17.050`)
- [CVE-2024-42129](CVE-2024/CVE-2024-421xx/CVE-2024-42129.json) (`2025-03-28T22:15:16.783`)
- [CVE-2024-47753](CVE-2024/CVE-2024-477xx/CVE-2024-47753.json) (`2025-03-28T22:15:16.913`)
- [CVE-2024-53209](CVE-2024/CVE-2024-532xx/CVE-2024-53209.json) (`2025-03-28T22:15:17.067`)
- [CVE-2025-2925](CVE-2025/CVE-2025-29xx/CVE-2025-2925.json) (`2025-03-28T21:15:17.913`)
- [CVE-2025-2926](CVE-2025/CVE-2025-29xx/CVE-2025-2926.json) (`2025-03-28T21:15:18.030`)
## Download and Usage

288
_state.csv
View File

File diff suppressed because it is too large Load Diff