diff --git a/mapping.csv b/mapping.csv index f7d3e2ef8c..ffd63431b1 100644 --- a/mapping.csv +++ b/mapping.csv @@ -267370,3 +267370,135 @@ vulnerability,CVE-2023-34406,vulnerability--e6c63f0e-0a61-449b-8cbb-869e06401021 vulnerability,CVE-2023-34398,vulnerability--e0921c73-afbe-468d-b487-f3c9cf9e6013 vulnerability,CVE-2023-34404,vulnerability--2268bd87-74a8-4639-a476-eeda6eb1a0a6 vulnerability,CVE-2023-34400,vulnerability--28011bdd-4920-4867-b335-c21139d5ce22 +vulnerability,CVE-2022-28693,vulnerability--437c2485-c6e1-48c0-927f-a1d04d420dee +vulnerability,CVE-2022-26083,vulnerability--2d1bc26c-53d7-463d-a309-fff40968f0bb +vulnerability,CVE-2024-5462,vulnerability--44a4e123-605e-45c7-a5b9-6d63167c8bab +vulnerability,CVE-2024-4282,vulnerability--a3861c63-f690-4c40-aea8-9b019a5de5ea +vulnerability,CVE-2024-3220,vulnerability--45ac016d-e7ca-4946-958b-c60922254356 +vulnerability,CVE-2024-10405,vulnerability--cbbf90c5-ed22-432c-9eba-a54aa66f5f31 +vulnerability,CVE-2024-10404,vulnerability--7505c647-716a-4832-95f4-9ec6ffd45966 +vulnerability,CVE-2024-9601,vulnerability--be31f0cd-0f8b-4a0e-a77a-675311086bd1 +vulnerability,CVE-2024-57969,vulnerability--d43ccdb7-0025-49b8-a541-0225240be52e +vulnerability,CVE-2024-57790,vulnerability--8666dbae-58d6-476f-8d76-6e32144c373d +vulnerability,CVE-2024-57725,vulnerability--674e44e3-d81c-42d5-9b01-aa4ac076e96f +vulnerability,CVE-2024-57778,vulnerability--bdad01cb-be98-434f-b697-2cfbe518ecfa +vulnerability,CVE-2024-12651,vulnerability--eb882e84-846a-4b08-a8cd-dc4d94c107c8 +vulnerability,CVE-2024-7052,vulnerability--0fb8e992-87ac-4faa-9f00-3b905f609084 +vulnerability,CVE-2024-31144,vulnerability--16cad242-1724-4ef3-bc82-fe6d62ab6cd4 +vulnerability,CVE-2024-2240,vulnerability--58b013b5-3461-4e1c-b8eb-cd019a05572d +vulnerability,CVE-2024-52500,vulnerability--a5394dc6-65be-4e20-846a-731f9ad4c3e3 +vulnerability,CVE-2024-52895,vulnerability--514b8b11-3617-4d6d-9fe4-a24aebeb4e5b +vulnerability,CVE-2024-52577,vulnerability--4df152b6-060c-4816-90a5-41202cab8e77 +vulnerability,CVE-2024-8893,vulnerability--efedd7b8-8083-4cbb-aa23-96808f00417d +vulnerability,CVE-2024-55904,vulnerability--a35830ba-8712-44a6-9d22-5d13fb989cac +vulnerability,CVE-2024-13692,vulnerability--ab91fa70-46f9-4a0d-b163-f80c8dde19ea +vulnerability,CVE-2024-13735,vulnerability--d907e7eb-d353-449a-86b9-5d3b9e3dbeb6 +vulnerability,CVE-2024-13791,vulnerability--30b659cb-19a9-4b51-b383-11ddc5223824 +vulnerability,CVE-2024-13641,vulnerability--50ece9ad-d2f0-4e29-8e93-da0791c724c5 +vulnerability,CVE-2024-13493,vulnerability--23e25ddb-859a-4d63-9837-9a8150a2d0b7 +vulnerability,CVE-2024-13152,vulnerability--77544255-aa3a-4f23-9554-ce3657c3971a +vulnerability,CVE-2024-56973,vulnerability--82d3a2f0-ae29-428e-9fc1-eeede2ab4f8a +vulnerability,CVE-2024-56477,vulnerability--e2e78d4c-e546-482d-b334-308365367d4a +vulnerability,CVE-2024-56463,vulnerability--f48d89b0-43ef-4802-8454-54284c368a92 +vulnerability,CVE-2024-56180,vulnerability--927b6971-7fb9-4279-ba15-dd79f212931e +vulnerability,CVE-2025-1239,vulnerability--e85c38ac-159f-4c51-ae57-5e13659c7454 +vulnerability,CVE-2025-1071,vulnerability--24758f5c-0b56-4f87-92b6-1961421625aa +vulnerability,CVE-2025-1053,vulnerability--99586b89-ff14-4677-9378-de85390818c5 +vulnerability,CVE-2025-1298,vulnerability--78b31515-4c23-427c-8d48-ca4882633dca +vulnerability,CVE-2025-21401,vulnerability--7428096e-03fb-4527-a814-c10dfea2082d +vulnerability,CVE-2025-26523,vulnerability--b4e6521d-07bd-4813-925d-7bc96105a5e6 +vulnerability,CVE-2025-26506,vulnerability--defdfecf-6be1-4b1d-950b-107ed285780f +vulnerability,CVE-2025-26507,vulnerability--33f79456-375b-46fa-971f-b8be3e3d920c +vulnerability,CVE-2025-26508,vulnerability--62ab8689-cbb8-4af4-bcd6-f865e5644da8 +vulnerability,CVE-2025-26519,vulnerability--b3cdbd2d-4f14-4d51-8396-949aaba435a1 +vulnerability,CVE-2025-26158,vulnerability--69dd065d-946a-4af5-8569-be4b2f8e73de +vulnerability,CVE-2025-26156,vulnerability--10968cd6-7c46-4a23-8251-44e6ba4ee620 +vulnerability,CVE-2025-26789,vulnerability--3995224f-73a4-404f-b704-dfd13f889a03 +vulnerability,CVE-2025-26157,vulnerability--8930b39b-59d9-4e3d-bd88-a2c9c88ccb87 +vulnerability,CVE-2025-26819,vulnerability--dce06cad-00b5-4114-a716-738bcf510d4f +vulnerability,CVE-2025-26788,vulnerability--f0598951-415f-468e-89d5-8a2523af9979 +vulnerability,CVE-2025-26522,vulnerability--05e3461c-2703-4635-8b28-e6302147a787 +vulnerability,CVE-2025-26524,vulnerability--744b5b84-5683-476f-b850-74785b671292 +vulnerability,CVE-2025-26791,vulnerability--2876e310-144b-4592-90d9-4f00defead97 +vulnerability,CVE-2025-22705,vulnerability--8bdad275-1a3c-4a46-9aff-0d510dcb0473 +vulnerability,CVE-2025-22702,vulnerability--114088cd-2436-45ad-89ea-0a20656c7f78 +vulnerability,CVE-2025-22698,vulnerability--f6d367c3-9ab3-4e61-bfef-42a513fd6082 +vulnerability,CVE-2025-22630,vulnerability--c0ec0606-fdf7-40aa-9475-a67447f0a228 +vulnerability,CVE-2025-24564,vulnerability--d053f03c-01f0-4c7d-9976-2abc55fefd8a +vulnerability,CVE-2025-24617,vulnerability--87c4e43c-1647-4e7c-aa13-9486bf99f549 +vulnerability,CVE-2025-24641,vulnerability--ded78117-1e19-4b1f-b407-526485f94f16 +vulnerability,CVE-2025-24566,vulnerability--68086ab3-00ce-43e6-97b6-a90cef4123a3 +vulnerability,CVE-2025-24565,vulnerability--719a39cc-052b-49eb-9fe4-37a5ca65fe1d +vulnerability,CVE-2025-24688,vulnerability--ac5db221-3baa-4254-b050-86ed2eae1ca3 +vulnerability,CVE-2025-24616,vulnerability--ffcc82c4-af74-4868-8c77-1289f4112c87 +vulnerability,CVE-2025-24567,vulnerability--a8eff212-1adc-49d1-b4a4-b80a42146230 +vulnerability,CVE-2025-24558,vulnerability--c5c113b9-1f49-47ab-ad31-32090cd1136d +vulnerability,CVE-2025-24700,vulnerability--21c70667-8b65-4ba6-850d-dc9e6dad1a24 +vulnerability,CVE-2025-24615,vulnerability--d8246401-b727-4e98-b1f2-96582712c3ea +vulnerability,CVE-2025-24692,vulnerability--096a711a-efaa-4875-8ad0-dcbe52f30717 +vulnerability,CVE-2025-24554,vulnerability--f9396cb9-18ef-4375-921b-a244f740ba3a +vulnerability,CVE-2025-24614,vulnerability--06c5d80a-6b6e-4a55-86ca-d694e13c6282 +vulnerability,CVE-2025-24699,vulnerability--e05c54b1-442d-44b5-8f6f-cbf4b1e9d2c9 +vulnerability,CVE-2025-24592,vulnerability--7fc36157-3c69-4d94-8ad5-8eb0d356f2d3 +vulnerability,CVE-2025-24607,vulnerability--781eeb43-3b56-4ffb-a1dd-0fda5e80a7e5 +vulnerability,CVE-2025-25206,vulnerability--f6512f75-778a-4739-91e6-18b9472ea524 +vulnerability,CVE-2025-25297,vulnerability--b2b51a22-2055-45ee-9406-cc2cdfb60fc2 +vulnerability,CVE-2025-25991,vulnerability--bfa70dc7-d754-455a-a874-778808934a34 +vulnerability,CVE-2025-25285,vulnerability--4a6c2d04-ff7a-4a71-9d08-7095b7ef002b +vulnerability,CVE-2025-25990,vulnerability--66c01200-26f9-4dbe-82cc-4bb723df59c2 +vulnerability,CVE-2025-25993,vulnerability--1f5623ab-f43b-442b-afdb-99f005ea781b +vulnerability,CVE-2025-25740,vulnerability--5d40e2b5-1dfd-4866-86e1-2af4187b5415 +vulnerability,CVE-2025-25992,vulnerability--78791f05-3d50-4166-95da-721c5e4d666f +vulnerability,CVE-2025-25745,vulnerability--a154a03b-9488-4987-944d-9df3177348f3 +vulnerability,CVE-2025-25290,vulnerability--29d80f68-87dc-41f4-bcd2-c23197f6852d +vulnerability,CVE-2025-25289,vulnerability--2ff10910-b760-44a7-82c6-d1e8bc95ec65 +vulnerability,CVE-2025-25204,vulnerability--34f0b418-6bd8-4027-9a48-a1cb38e85b5d +vulnerability,CVE-2025-25295,vulnerability--cab4f92c-4dec-49cb-ad7b-c20cc8fe29ec +vulnerability,CVE-2025-25994,vulnerability--e237cfb8-cd71-46ae-bcaa-09481fa51595 +vulnerability,CVE-2025-25988,vulnerability--7d543bf3-37bb-4892-a462-d2c1309fe2d3 +vulnerability,CVE-2025-25296,vulnerability--95d8d771-142c-4c8b-b6f5-d8b4a81c44ec +vulnerability,CVE-2025-25304,vulnerability--227ce9e7-3c1f-4c39-b0b8-b0b729cac974 +vulnerability,CVE-2025-25288,vulnerability--e2afa4eb-e71a-4da1-bb18-4b3ff3d8d7d7 +vulnerability,CVE-2025-25997,vulnerability--0a65d30b-232c-4f5b-8824-62e8d0274064 +vulnerability,CVE-2025-23658,vulnerability--3d31a410-e755-4004-b328-2d2c293d7245 +vulnerability,CVE-2025-23523,vulnerability--84ef2b2c-47aa-4fd9-9b98-dba057c79f58 +vulnerability,CVE-2025-23655,vulnerability--3b0122e5-7e80-45d2-839b-6bd15703d780 +vulnerability,CVE-2025-23406,vulnerability--5e60ad73-a36c-42c6-95b2-7a368d5802d7 +vulnerability,CVE-2025-23652,vulnerability--d8fa0da1-87fd-4256-8eae-3fc677a631c3 +vulnerability,CVE-2025-23428,vulnerability--046a4bac-4780-404e-b94c-dbb6ed1c34e9 +vulnerability,CVE-2025-23431,vulnerability--4ca4ba8a-6d59-41f1-9719-c23d18d84f5d +vulnerability,CVE-2025-23787,vulnerability--4ebedfe8-1080-4721-b3b4-bbc3f35c53de +vulnerability,CVE-2025-23789,vulnerability--baf48864-e84f-44cc-a8c0-aaf44aefd751 +vulnerability,CVE-2025-23657,vulnerability--657cdee8-7ce0-415a-bd55-18393c3bb5ea +vulnerability,CVE-2025-23492,vulnerability--ee020ad8-f35b-4c8e-b413-a11d98389eba +vulnerability,CVE-2025-23788,vulnerability--2ae6a702-a74b-4d87-b542-9226c71f0452 +vulnerability,CVE-2025-23650,vulnerability--3e476fa4-7e5b-4e65-8d20-d14a280fc696 +vulnerability,CVE-2025-23647,vulnerability--2f77e1bb-d6fa-4a88-b7b0-1dce53b47b23 +vulnerability,CVE-2025-23653,vulnerability--f833e746-8435-45cf-89b4-5d89f9697981 +vulnerability,CVE-2025-23474,vulnerability--ccf35a93-7709-4d9d-b205-f885f0a61904 +vulnerability,CVE-2025-23766,vulnerability--470d577e-9cbb-4ac3-abb0-b17c88fe9a98 +vulnerability,CVE-2025-23651,vulnerability--9b2004ca-7af2-407a-b445-7e897dc1a4b8 +vulnerability,CVE-2025-23771,vulnerability--be7a4872-48df-4899-8e77-4a5679144ea9 +vulnerability,CVE-2025-23751,vulnerability--b14b95fa-3fa2-4d58-98ed-3fa55599c43e +vulnerability,CVE-2025-23790,vulnerability--471c6bcb-d8be-4dfd-a8c9-c4985d420c0c +vulnerability,CVE-2025-23648,vulnerability--e441c8e2-0ad1-45bf-a991-060170a26586 +vulnerability,CVE-2025-23742,vulnerability--7bf323a6-67e4-4340-9663-c0f7ca7ceaf4 +vulnerability,CVE-2025-23750,vulnerability--b4adcefc-c8e0-4261-96aa-dcc97ba0016b +vulnerability,CVE-2025-23853,vulnerability--b4913ac2-e712-4d50-9efb-b501f1729fc9 +vulnerability,CVE-2025-23748,vulnerability--5f769ec3-4211-4052-aa3d-e29683be9c4d +vulnerability,CVE-2025-23646,vulnerability--aee77f92-dd3f-40e6-a2e1-ca36ab1fd9e9 +vulnerability,CVE-2025-23534,vulnerability--14881397-f098-4a1f-929b-54d45970445e +vulnerability,CVE-2025-23571,vulnerability--ed630253-d8ab-431e-a2d6-8aa3d85f314a +vulnerability,CVE-2025-23851,vulnerability--add033f7-bb59-4c0e-92bf-1729e956e3d2 +vulnerability,CVE-2025-23905,vulnerability--4a691169-8847-49cd-ab7f-31ca9fd2e10e +vulnerability,CVE-2025-23525,vulnerability--a782548c-f56e-4755-a610-bf1469a9f54b +vulnerability,CVE-2025-23786,vulnerability--e6743f74-2526-4d32-b406-72f736d0138d +vulnerability,CVE-2025-23568,vulnerability--989294ac-a40a-421f-94a1-a7bd166c527f +vulnerability,CVE-2025-23598,vulnerability--e88e398e-b2d0-454f-ab7b-2102f84d53d7 +vulnerability,CVE-2025-23857,vulnerability--5a48f5eb-9ddc-4058-8879-45fb47f3455b +vulnerability,CVE-2025-0503,vulnerability--4d82469c-f4fd-4d2d-834d-f3b05c8a86f7 +vulnerability,CVE-2025-0178,vulnerability--8c44d314-9a67-4e56-a9ac-3d735138f8e1 +vulnerability,CVE-2025-0821,vulnerability--c6a2372b-3598-44bb-bfdd-28b36d74ee20 +vulnerability,CVE-2025-0867,vulnerability--22690f13-1917-43bf-82c0-aedb1a17b20f +vulnerability,CVE-2025-0592,vulnerability--651ae83d-3e4b-4ea5-b566-c522c681cc13 +vulnerability,CVE-2025-0593,vulnerability--aeef325f-5129-4088-86ef-a638d455f7dd diff --git a/objects/vulnerability/vulnerability--046a4bac-4780-404e-b94c-dbb6ed1c34e9.json b/objects/vulnerability/vulnerability--046a4bac-4780-404e-b94c-dbb6ed1c34e9.json new file mode 100644 index 0000000000..62d4b9ffaf --- /dev/null +++ b/objects/vulnerability/vulnerability--046a4bac-4780-404e-b94c-dbb6ed1c34e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d5446e78-fdf8-4c8d-acae-8f7a099d07d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--046a4bac-4780-404e-b94c-dbb6ed1c34e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.770933Z", + "modified": "2025-02-15T00:20:51.770933Z", + "name": "CVE-2025-23428", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound QMean – WordPress Did You Mean allows Reflected XSS. This issue affects QMean – WordPress Did You Mean: from n/a through 2.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23428" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05e3461c-2703-4635-8b28-e6302147a787.json b/objects/vulnerability/vulnerability--05e3461c-2703-4635-8b28-e6302147a787.json new file mode 100644 index 0000000000..41e37fadad --- /dev/null +++ b/objects/vulnerability/vulnerability--05e3461c-2703-4635-8b28-e6302147a787.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5120dc62-87d3-4983-9c95-7e85af4592d0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05e3461c-2703-4635-8b28-e6302147a787", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.509629Z", + "modified": "2025-02-15T00:20:51.509629Z", + "name": "CVE-2025-26522", + "description": "This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses. \n\nSuccessful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26522" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06c5d80a-6b6e-4a55-86ca-d694e13c6282.json b/objects/vulnerability/vulnerability--06c5d80a-6b6e-4a55-86ca-d694e13c6282.json new file mode 100644 index 0000000000..657da007d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--06c5d80a-6b6e-4a55-86ca-d694e13c6282.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--025602ef-9a69-4b6c-ae7c-f7bb186423d0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06c5d80a-6b6e-4a55-86ca-d694e13c6282", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.68092Z", + "modified": "2025-02-15T00:20:51.68092Z", + "name": "CVE-2025-24614", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agileLogix Post Timeline allows Reflected XSS. This issue affects Post Timeline: from n/a through 2.3.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24614" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--096a711a-efaa-4875-8ad0-dcbe52f30717.json b/objects/vulnerability/vulnerability--096a711a-efaa-4875-8ad0-dcbe52f30717.json new file mode 100644 index 0000000000..0dc821ce69 --- /dev/null +++ b/objects/vulnerability/vulnerability--096a711a-efaa-4875-8ad0-dcbe52f30717.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c28487b3-fc7c-42f3-bd9d-dc18aa33f302", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--096a711a-efaa-4875-8ad0-dcbe52f30717", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.673909Z", + "modified": "2025-02-15T00:20:51.673909Z", + "name": "CVE-2025-24692", + "description": "Missing Authorization vulnerability in Michael Revellin-Clerc Bulk Menu Edit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Menu Edit: from n/a through 1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24692" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0a65d30b-232c-4f5b-8824-62e8d0274064.json b/objects/vulnerability/vulnerability--0a65d30b-232c-4f5b-8824-62e8d0274064.json new file mode 100644 index 0000000000..836058ae03 --- /dev/null +++ b/objects/vulnerability/vulnerability--0a65d30b-232c-4f5b-8824-62e8d0274064.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--554a9194-5fca-49ca-9a93-441a3d7c48e8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0a65d30b-232c-4f5b-8824-62e8d0274064", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.75566Z", + "modified": "2025-02-15T00:20:51.75566Z", + "name": "CVE-2025-25997", + "description": "Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25997" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0fb8e992-87ac-4faa-9f00-3b905f609084.json b/objects/vulnerability/vulnerability--0fb8e992-87ac-4faa-9f00-3b905f609084.json new file mode 100644 index 0000000000..5fb0c30bd8 --- /dev/null +++ b/objects/vulnerability/vulnerability--0fb8e992-87ac-4faa-9f00-3b905f609084.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dbd31aa4-29d2-4a55-9f3a-032ffe6d9f0d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0fb8e992-87ac-4faa-9f00-3b905f609084", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:46.619128Z", + "modified": "2025-02-15T00:20:46.619128Z", + "name": "CVE-2024-7052", + "description": "The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7052" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--10968cd6-7c46-4a23-8251-44e6ba4ee620.json b/objects/vulnerability/vulnerability--10968cd6-7c46-4a23-8251-44e6ba4ee620.json new file mode 100644 index 0000000000..b4b8bbcf75 --- /dev/null +++ b/objects/vulnerability/vulnerability--10968cd6-7c46-4a23-8251-44e6ba4ee620.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a4efa7b-b286-4c4f-bbb1-a931c2909a03", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--10968cd6-7c46-4a23-8251-44e6ba4ee620", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.493388Z", + "modified": "2025-02-15T00:20:51.493388Z", + "name": "CVE-2025-26156", + "description": "A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26156" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--114088cd-2436-45ad-89ea-0a20656c7f78.json b/objects/vulnerability/vulnerability--114088cd-2436-45ad-89ea-0a20656c7f78.json new file mode 100644 index 0000000000..92fcc16b42 --- /dev/null +++ b/objects/vulnerability/vulnerability--114088cd-2436-45ad-89ea-0a20656c7f78.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9367a46f-4ca5-4db2-919c-9513ec9171e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--114088cd-2436-45ad-89ea-0a20656c7f78", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.547588Z", + "modified": "2025-02-15T00:20:51.547588Z", + "name": "CVE-2025-22702", + "description": "Missing Authorization vulnerability in EPC Photography. This issue affects Photography: from n/a through 7.5.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22702" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14881397-f098-4a1f-929b-54d45970445e.json b/objects/vulnerability/vulnerability--14881397-f098-4a1f-929b-54d45970445e.json new file mode 100644 index 0000000000..d4114f8ba5 --- /dev/null +++ b/objects/vulnerability/vulnerability--14881397-f098-4a1f-929b-54d45970445e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cb97164b-d89d-45ed-a718-9fa2d96bcd59", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14881397-f098-4a1f-929b-54d45970445e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.820705Z", + "modified": "2025-02-15T00:20:51.820705Z", + "name": "CVE-2025-23534", + "description": "Missing Authorization vulnerability in Mark Winiarski WPLingo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPLingo: from n/a through 1.1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23534" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--16cad242-1724-4ef3-bc82-fe6d62ab6cd4.json b/objects/vulnerability/vulnerability--16cad242-1724-4ef3-bc82-fe6d62ab6cd4.json new file mode 100644 index 0000000000..edda08246b --- /dev/null +++ b/objects/vulnerability/vulnerability--16cad242-1724-4ef3-bc82-fe6d62ab6cd4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0131cc8-38d5-41e2-880b-5ae38c33e875", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--16cad242-1724-4ef3-bc82-fe6d62ab6cd4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:46.903413Z", + "modified": "2025-02-15T00:20:46.903413Z", + "name": "CVE-2024-31144", + "description": "For a brief summary of Xapi terminology, see:\n\n https://xapi-project.github.io/xen-api/overview.html#object-model-overview \n\nXapi contains functionality to backup and restore metadata about Virtual\nMachines and Storage Repositories (SRs).\n\nThe metadata itself is stored in a Virtual Disk Image (VDI) inside an\nSR. This is used for two purposes; a general backup of metadata\n(e.g. to recover from a host failure if the filer is still good), and\nPortable SRs (e.g. using an external hard drive to move VMs to another\nhost).\n\nMetadata is only restored as an explicit administrator action, but\noccurs in cases where the host has no information about the SR, and must\nlocate the metadata VDI in order to retrieve the metadata.\n\nThe metadata VDI is located by searching (in UUID alphanumeric order)\neach VDI, mounting it, and seeing if there is a suitable metadata file\npresent. The first matching VDI is deemed to be the metadata VDI, and\nis restored from.\n\nIn the general case, the content of VDIs are controlled by the VM owner,\nand should not be trusted by the host administrator.\n\nA malicious guest can manipulate its disk to appear to be a metadata\nbackup.\n\nA guest cannot choose the UUIDs of its VDIs, but a guest with one disk\nhas a 50% chance of sorting ahead of the legitimate metadata backup. A\nguest with two disks has a 75% chance, etc.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-31144" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1f5623ab-f43b-442b-afdb-99f005ea781b.json b/objects/vulnerability/vulnerability--1f5623ab-f43b-442b-afdb-99f005ea781b.json new file mode 100644 index 0000000000..122a20bd6a --- /dev/null +++ b/objects/vulnerability/vulnerability--1f5623ab-f43b-442b-afdb-99f005ea781b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--91586f47-9573-4c10-a9ff-3df03b7e1809", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1f5623ab-f43b-442b-afdb-99f005ea781b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.718944Z", + "modified": "2025-02-15T00:20:51.718944Z", + "name": "CVE-2025-25993", + "description": "SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameter \"itemid.\"", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25993" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--21c70667-8b65-4ba6-850d-dc9e6dad1a24.json b/objects/vulnerability/vulnerability--21c70667-8b65-4ba6-850d-dc9e6dad1a24.json new file mode 100644 index 0000000000..591765828c --- /dev/null +++ b/objects/vulnerability/vulnerability--21c70667-8b65-4ba6-850d-dc9e6dad1a24.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--35647046-8955-41f1-8de7-c004d0459a2a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--21c70667-8b65-4ba6-850d-dc9e6dad1a24", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.665412Z", + "modified": "2025-02-15T00:20:51.665412Z", + "name": "CVE-2025-24700", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Reflected XSS. This issue affects WP Event Aggregator: from n/a through 1.8.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24700" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22690f13-1917-43bf-82c0-aedb1a17b20f.json b/objects/vulnerability/vulnerability--22690f13-1917-43bf-82c0-aedb1a17b20f.json new file mode 100644 index 0000000000..f88dff4954 --- /dev/null +++ b/objects/vulnerability/vulnerability--22690f13-1917-43bf-82c0-aedb1a17b20f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--33e21bc0-a5f3-401f-9a80-082ce401a1f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22690f13-1917-43bf-82c0-aedb1a17b20f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.881745Z", + "modified": "2025-02-15T00:20:51.881745Z", + "name": "CVE-2025-0867", + "description": "The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0867" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--227ce9e7-3c1f-4c39-b0b8-b0b729cac974.json b/objects/vulnerability/vulnerability--227ce9e7-3c1f-4c39-b0b8-b0b729cac974.json new file mode 100644 index 0000000000..f0de27c9cf --- /dev/null +++ b/objects/vulnerability/vulnerability--227ce9e7-3c1f-4c39-b0b8-b0b729cac974.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27d4c2fc-c5e5-48c4-ae64-122e91a8d597", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--227ce9e7-3c1f-4c39-b0b8-b0b729cac974", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.744049Z", + "modified": "2025-02-15T00:20:51.744049Z", + "name": "CVE-2025-25304", + "description": "Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the `vlSelectionTuples` function can be used to call JavaScript functions, leading to cross-site scripting.`vlSelectionTuples` calls multiple functions that can be controlled by an attacker, including one call with an attacker-controlled argument. This can be used to call `Function()` with arbitrary JavaScript and the resulting function can be called with `vlSelectionTuples` or using a type coercion to call `toString` or `valueOf`. Version 5.26.0 of vega and 5.4.2 of vega-selections fix this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25304" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23e25ddb-859a-4d63-9837-9a8150a2d0b7.json b/objects/vulnerability/vulnerability--23e25ddb-859a-4d63-9837-9a8150a2d0b7.json new file mode 100644 index 0000000000..69f0c61a73 --- /dev/null +++ b/objects/vulnerability/vulnerability--23e25ddb-859a-4d63-9837-9a8150a2d0b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--31079cd0-4a48-40cd-bcce-9031d32314e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23e25ddb-859a-4d63-9837-9a8150a2d0b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:47.855066Z", + "modified": "2025-02-15T00:20:47.855066Z", + "name": "CVE-2024-13493", + "description": "The Sensly Online Presence WordPress plugin through 0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13493" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--24758f5c-0b56-4f87-92b6-1961421625aa.json b/objects/vulnerability/vulnerability--24758f5c-0b56-4f87-92b6-1961421625aa.json new file mode 100644 index 0000000000..4047d24575 --- /dev/null +++ b/objects/vulnerability/vulnerability--24758f5c-0b56-4f87-92b6-1961421625aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4021acfc-3117-4f13-b30e-718280409fbe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--24758f5c-0b56-4f87-92b6-1961421625aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.400663Z", + "modified": "2025-02-15T00:20:51.400663Z", + "name": "CVE-2025-1071", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1071" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2876e310-144b-4592-90d9-4f00defead97.json b/objects/vulnerability/vulnerability--2876e310-144b-4592-90d9-4f00defead97.json new file mode 100644 index 0000000000..6631ac896a --- /dev/null +++ b/objects/vulnerability/vulnerability--2876e310-144b-4592-90d9-4f00defead97.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--415406a4-edce-4e89-be2b-7ddf885553a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2876e310-144b-4592-90d9-4f00defead97", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.514049Z", + "modified": "2025-02-15T00:20:51.514049Z", + "name": "CVE-2025-26791", + "description": "DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26791" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--29d80f68-87dc-41f4-bcd2-c23197f6852d.json b/objects/vulnerability/vulnerability--29d80f68-87dc-41f4-bcd2-c23197f6852d.json new file mode 100644 index 0000000000..29b362c653 --- /dev/null +++ b/objects/vulnerability/vulnerability--29d80f68-87dc-41f4-bcd2-c23197f6852d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fdfe35be-c16b-466c-9e71-356310649e81", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--29d80f68-87dc-41f4-bcd2-c23197f6852d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.727144Z", + "modified": "2025-02-15T00:20:51.727144Z", + "name": "CVE-2025-25290", + "description": "@octokit/request sends parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to version 9.2.1, the regular expression `/<([^>]+)>; rel=\"deprecation\"/` used to match the `link` header in HTTP responses is vulnerable to a ReDoS (Regular Expression Denial of Service) attack. This vulnerability arises due to the unbounded nature of the regex's matching behavior, which can lead to catastrophic backtracking when processing specially crafted input. An attacker could exploit this flaw by sending a malicious `link` header, resulting in excessive CPU usage and potentially causing the server to become unresponsive, impacting service availability. Version 9.2.1 fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25290" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ae6a702-a74b-4d87-b542-9226c71f0452.json b/objects/vulnerability/vulnerability--2ae6a702-a74b-4d87-b542-9226c71f0452.json new file mode 100644 index 0000000000..83a2182c2d --- /dev/null +++ b/objects/vulnerability/vulnerability--2ae6a702-a74b-4d87-b542-9226c71f0452.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4d726fd9-a26e-42f9-944c-34636fa6aa86", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ae6a702-a74b-4d87-b542-9226c71f0452", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.782356Z", + "modified": "2025-02-15T00:20:51.782356Z", + "name": "CVE-2025-23788", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Filter allows Reflected XSS. This issue affects Easy Filter: from n/a through 1.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23788" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d1bc26c-53d7-463d-a309-fff40968f0bb.json b/objects/vulnerability/vulnerability--2d1bc26c-53d7-463d-a309-fff40968f0bb.json new file mode 100644 index 0000000000..f42cd7a3ed --- /dev/null +++ b/objects/vulnerability/vulnerability--2d1bc26c-53d7-463d-a309-fff40968f0bb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3c6af20-359d-4f4b-8d47-67efd4a9ec67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d1bc26c-53d7-463d-a309-fff40968f0bb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:44.790002Z", + "modified": "2025-02-15T00:20:44.790002Z", + "name": "CVE-2022-26083", + "description": "Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-26083" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2f77e1bb-d6fa-4a88-b7b0-1dce53b47b23.json b/objects/vulnerability/vulnerability--2f77e1bb-d6fa-4a88-b7b0-1dce53b47b23.json new file mode 100644 index 0000000000..f46bb67968 --- /dev/null +++ b/objects/vulnerability/vulnerability--2f77e1bb-d6fa-4a88-b7b0-1dce53b47b23.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90d87c9d-34a7-4117-b5d0-13cae9457fa0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2f77e1bb-d6fa-4a88-b7b0-1dce53b47b23", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.788556Z", + "modified": "2025-02-15T00:20:51.788556Z", + "name": "CVE-2025-23647", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ariagle WP-Clap allows Reflected XSS. This issue affects WP-Clap: from n/a through 1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23647" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ff10910-b760-44a7-82c6-d1e8bc95ec65.json b/objects/vulnerability/vulnerability--2ff10910-b760-44a7-82c6-d1e8bc95ec65.json new file mode 100644 index 0000000000..efbb2458f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--2ff10910-b760-44a7-82c6-d1e8bc95ec65.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cb917005-5dce-456e-972e-0dfa11c3f440", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ff10910-b760-44a7-82c6-d1e8bc95ec65", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.73116Z", + "modified": "2025-02-15T00:20:51.73116Z", + "name": "CVE-2025-25289", + "description": "@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and \"@\", an attacker can exploit inefficient regular expression processing, leading to excessive resource consumption. This can significantly degrade server performance or cause a denial-of-service (DoS) condition, impacting availability. Version 6.1.7 contains a fix for the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25289" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--30b659cb-19a9-4b51-b383-11ddc5223824.json b/objects/vulnerability/vulnerability--30b659cb-19a9-4b51-b383-11ddc5223824.json new file mode 100644 index 0000000000..4d47cb9b38 --- /dev/null +++ b/objects/vulnerability/vulnerability--30b659cb-19a9-4b51-b383-11ddc5223824.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d474817b-5fb0-402e-90f3-ad3e12499725", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--30b659cb-19a9-4b51-b383-11ddc5223824", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:47.841726Z", + "modified": "2025-02-15T00:20:47.841726Z", + "name": "CVE-2024-13791", + "description": "Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13791" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--33f79456-375b-46fa-971f-b8be3e3d920c.json b/objects/vulnerability/vulnerability--33f79456-375b-46fa-971f-b8be3e3d920c.json new file mode 100644 index 0000000000..870bdf9d1d --- /dev/null +++ b/objects/vulnerability/vulnerability--33f79456-375b-46fa-971f-b8be3e3d920c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--67c36754-cbc1-4bed-aec0-b85d4c804a4a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--33f79456-375b-46fa-971f-b8be3e3d920c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.481418Z", + "modified": "2025-02-15T00:20:51.481418Z", + "name": "CVE-2025-26507", + "description": "Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26507" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--34f0b418-6bd8-4027-9a48-a1cb38e85b5d.json b/objects/vulnerability/vulnerability--34f0b418-6bd8-4027-9a48-a1cb38e85b5d.json new file mode 100644 index 0000000000..4a2eec304e --- /dev/null +++ b/objects/vulnerability/vulnerability--34f0b418-6bd8-4027-9a48-a1cb38e85b5d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6a9a93d-412b-4a22-8e40-4684b0b81bfc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--34f0b418-6bd8-4027-9a48-a1cb38e85b5d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.73225Z", + "modified": "2025-02-15T00:20:51.73225Z", + "name": "CVE-2025-25204", + "description": "`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no attestations are present. This behavior is incorrect: When no attestations are present, `gh attestation verify` should return a non-zero exit status code, thereby signaling verification failure. An attacker can abuse this flaw to, for example, deploy malicious artifacts in any system that uses `gh attestation verify`'s exit codes to gatekeep deployments. Users are advised to update `gh` to patched version `v2.67.0` as soon as possible.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25204" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3995224f-73a4-404f-b704-dfd13f889a03.json b/objects/vulnerability/vulnerability--3995224f-73a4-404f-b704-dfd13f889a03.json new file mode 100644 index 0000000000..5d45c2b19b --- /dev/null +++ b/objects/vulnerability/vulnerability--3995224f-73a4-404f-b704-dfd13f889a03.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f7f902e-28df-4326-a47c-0d7723e71b88", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3995224f-73a4-404f-b704-dfd13f889a03", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.495216Z", + "modified": "2025-02-15T00:20:51.495216Z", + "name": "CVE-2025-26789", + "description": "An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in a Logpoint deployment.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26789" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b0122e5-7e80-45d2-839b-6bd15703d780.json b/objects/vulnerability/vulnerability--3b0122e5-7e80-45d2-839b-6bd15703d780.json new file mode 100644 index 0000000000..5b72bae835 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b0122e5-7e80-45d2-839b-6bd15703d780.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3444b8d9-66b0-49c3-828a-f85a6d22d69e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b0122e5-7e80-45d2-839b-6bd15703d780", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.761122Z", + "modified": "2025-02-15T00:20:51.761122Z", + "name": "CVE-2025-23655", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Contact Form 7 – Paystack Add-on allows Reflected XSS. This issue affects Contact Form 7 – Paystack Add-on: from n/a through 1.2.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23655" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d31a410-e755-4004-b328-2d2c293d7245.json b/objects/vulnerability/vulnerability--3d31a410-e755-4004-b328-2d2c293d7245.json new file mode 100644 index 0000000000..8aa691c572 --- /dev/null +++ b/objects/vulnerability/vulnerability--3d31a410-e755-4004-b328-2d2c293d7245.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c518e0c-9ebb-4a10-bf36-ed3957489848", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d31a410-e755-4004-b328-2d2c293d7245", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.758953Z", + "modified": "2025-02-15T00:20:51.758953Z", + "name": "CVE-2025-23658", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form allows Reflected XSS. This issue affects Advanced Angular Contact Form: from n/a through 1.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e476fa4-7e5b-4e65-8d20-d14a280fc696.json b/objects/vulnerability/vulnerability--3e476fa4-7e5b-4e65-8d20-d14a280fc696.json new file mode 100644 index 0000000000..fdccc25887 --- /dev/null +++ b/objects/vulnerability/vulnerability--3e476fa4-7e5b-4e65-8d20-d14a280fc696.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d6fd7d3a-b9ae-45f5-8a02-2d6ba42ff45e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e476fa4-7e5b-4e65-8d20-d14a280fc696", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.78457Z", + "modified": "2025-02-15T00:20:51.78457Z", + "name": "CVE-2025-23650", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in razvypp Tidy.ro allows Reflected XSS. This issue affects Tidy.ro: from n/a through 1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23650" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--437c2485-c6e1-48c0-927f-a1d04d420dee.json b/objects/vulnerability/vulnerability--437c2485-c6e1-48c0-927f-a1d04d420dee.json new file mode 100644 index 0000000000..cb8afea6d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--437c2485-c6e1-48c0-927f-a1d04d420dee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3df51a89-fa53-4292-b558-5a7a37ed43c6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--437c2485-c6e1-48c0-927f-a1d04d420dee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:44.020078Z", + "modified": "2025-02-15T00:20:44.020078Z", + "name": "CVE-2022-28693", + "description": "Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-28693" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--44a4e123-605e-45c7-a5b9-6d63167c8bab.json b/objects/vulnerability/vulnerability--44a4e123-605e-45c7-a5b9-6d63167c8bab.json new file mode 100644 index 0000000000..4a8885b85a --- /dev/null +++ b/objects/vulnerability/vulnerability--44a4e123-605e-45c7-a5b9-6d63167c8bab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8cb8f348-593e-4046-a8c8-2fa141f32e4b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--44a4e123-605e-45c7-a5b9-6d63167c8bab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:45.716262Z", + "modified": "2025-02-15T00:20:45.716262Z", + "name": "CVE-2024-5462", + "description": "If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5462" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45ac016d-e7ca-4946-958b-c60922254356.json b/objects/vulnerability/vulnerability--45ac016d-e7ca-4946-958b-c60922254356.json new file mode 100644 index 0000000000..2186dbd5e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--45ac016d-e7ca-4946-958b-c60922254356.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0c6daa4-f48b-40dd-ba79-5d69c4db2379", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45ac016d-e7ca-4946-958b-c60922254356", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:45.785036Z", + "modified": "2025-02-15T00:20:45.785036Z", + "name": "CVE-2024-3220", + "description": "There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type.\n\nThis defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\\etc\\mime.types”).\n\nTo work-around this issue a user can call mimetypes.init() with an empty list (“[]”) on Windows platforms to avoid using the default list of known file locations.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-3220" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--470d577e-9cbb-4ac3-abb0-b17c88fe9a98.json b/objects/vulnerability/vulnerability--470d577e-9cbb-4ac3-abb0-b17c88fe9a98.json new file mode 100644 index 0000000000..3b883a1efa --- /dev/null +++ b/objects/vulnerability/vulnerability--470d577e-9cbb-4ac3-abb0-b17c88fe9a98.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad8fee82-4a46-4481-892c-19c55ad7f75d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--470d577e-9cbb-4ac3-abb0-b17c88fe9a98", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.795169Z", + "modified": "2025-02-15T00:20:51.795169Z", + "name": "CVE-2025-23766", + "description": "Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OPSI Israel Domestic Shipments: from n/a through 2.6.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23766" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--471c6bcb-d8be-4dfd-a8c9-c4985d420c0c.json b/objects/vulnerability/vulnerability--471c6bcb-d8be-4dfd-a8c9-c4985d420c0c.json new file mode 100644 index 0000000000..85641f9622 --- /dev/null +++ b/objects/vulnerability/vulnerability--471c6bcb-d8be-4dfd-a8c9-c4985d420c0c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dfc6c7e1-09cc-4c67-b5e4-067ec033d915", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--471c6bcb-d8be-4dfd-a8c9-c4985d420c0c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.801546Z", + "modified": "2025-02-15T00:20:51.801546Z", + "name": "CVE-2025-23790", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wassereimer Easy Code Placement allows Reflected XSS. This issue affects Easy Code Placement: from n/a through 18.11.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23790" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a691169-8847-49cd-ab7f-31ca9fd2e10e.json b/objects/vulnerability/vulnerability--4a691169-8847-49cd-ab7f-31ca9fd2e10e.json new file mode 100644 index 0000000000..25a458e4b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--4a691169-8847-49cd-ab7f-31ca9fd2e10e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f08e7dd2-20e8-4585-be65-eb7eef05066b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a691169-8847-49cd-ab7f-31ca9fd2e10e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.82911Z", + "modified": "2025-02-15T00:20:51.82911Z", + "name": "CVE-2025-23905", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johannes van Poelgeest Admin Options Pages allows Reflected XSS. This issue affects Admin Options Pages: from n/a through 0.9.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23905" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a6c2d04-ff7a-4a71-9d08-7095b7ef002b.json b/objects/vulnerability/vulnerability--4a6c2d04-ff7a-4a71-9d08-7095b7ef002b.json new file mode 100644 index 0000000000..9b19de2d20 --- /dev/null +++ b/objects/vulnerability/vulnerability--4a6c2d04-ff7a-4a71-9d08-7095b7ef002b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1ddaf8ef-02eb-430c-9d10-3ef6d7d3fc6c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a6c2d04-ff7a-4a71-9d08-7095b7ef002b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.714379Z", + "modified": "2025-02-15T00:20:51.714379Z", + "name": "CVE-2025-25285", + "description": "@octokit/endpoint turns REST API endpoints into generic request options. Starting in version 4.1.0 and prior to version 10.1.3, by crafting specific `options` parameters, the `endpoint.parse(options)` call can be triggered, leading to a regular expression denial-of-service (ReDoS) attack. This causes the program to hang and results in high CPU utilization. The issue occurs in the `parse` function within the `parse.ts` file of the npm package `@octokit/endpoint`. Version 10.1.3 contains a patch for the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25285" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ca4ba8a-6d59-41f1-9719-c23d18d84f5d.json b/objects/vulnerability/vulnerability--4ca4ba8a-6d59-41f1-9719-c23d18d84f5d.json new file mode 100644 index 0000000000..86f463e084 --- /dev/null +++ b/objects/vulnerability/vulnerability--4ca4ba8a-6d59-41f1-9719-c23d18d84f5d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9383bf1-136d-45ba-8e23-5679948ec226", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ca4ba8a-6d59-41f1-9719-c23d18d84f5d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.772565Z", + "modified": "2025-02-15T00:20:51.772565Z", + "name": "CVE-2025-23431", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Envato Affiliater allows Reflected XSS. This issue affects Envato Affiliater: from n/a through 1.2.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23431" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d82469c-f4fd-4d2d-834d-f3b05c8a86f7.json b/objects/vulnerability/vulnerability--4d82469c-f4fd-4d2d-834d-f3b05c8a86f7.json new file mode 100644 index 0000000000..23498c4e85 --- /dev/null +++ b/objects/vulnerability/vulnerability--4d82469c-f4fd-4d2d-834d-f3b05c8a86f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0bffe9f4-4051-4b98-9a0b-5fe543f03fc5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d82469c-f4fd-4d2d-834d-f3b05c8a86f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.847598Z", + "modified": "2025-02-15T00:20:51.847598Z", + "name": "CVE-2025-0503", + "description": "Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0503" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4df152b6-060c-4816-90a5-41202cab8e77.json b/objects/vulnerability/vulnerability--4df152b6-060c-4816-90a5-41202cab8e77.json new file mode 100644 index 0000000000..704563adfa --- /dev/null +++ b/objects/vulnerability/vulnerability--4df152b6-060c-4816-90a5-41202cab8e77.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7131be92-273f-41f7-939c-ac0284d1c9b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4df152b6-060c-4816-90a5-41202cab8e77", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:47.459782Z", + "modified": "2025-02-15T00:20:47.459782Z", + "name": "CVE-2024-52577", + "description": "In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52577" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ebedfe8-1080-4721-b3b4-bbc3f35c53de.json b/objects/vulnerability/vulnerability--4ebedfe8-1080-4721-b3b4-bbc3f35c53de.json new file mode 100644 index 0000000000..b1b42affe7 --- /dev/null +++ b/objects/vulnerability/vulnerability--4ebedfe8-1080-4721-b3b4-bbc3f35c53de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--80400b4d-3409-420d-a47e-e7d15051f000", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ebedfe8-1080-4721-b3b4-bbc3f35c53de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.775019Z", + "modified": "2025-02-15T00:20:51.775019Z", + "name": "CVE-2025-23787", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Bet allows Reflected XSS. This issue affects Easy Bet: from n/a through 1.0.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23787" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--50ece9ad-d2f0-4e29-8e93-da0791c724c5.json b/objects/vulnerability/vulnerability--50ece9ad-d2f0-4e29-8e93-da0791c724c5.json new file mode 100644 index 0000000000..2a4e85a74d --- /dev/null +++ b/objects/vulnerability/vulnerability--50ece9ad-d2f0-4e29-8e93-da0791c724c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6caed1a3-071c-4d15-9618-2d994fe88369", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--50ece9ad-d2f0-4e29-8e93-da0791c724c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:47.845103Z", + "modified": "2025-02-15T00:20:47.845103Z", + "name": "CVE-2024-13641", + "description": "The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/attachment directory which can contain file attachments for order refunds.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13641" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--514b8b11-3617-4d6d-9fe4-a24aebeb4e5b.json b/objects/vulnerability/vulnerability--514b8b11-3617-4d6d-9fe4-a24aebeb4e5b.json new file mode 100644 index 0000000000..a55cfbfe41 --- /dev/null +++ b/objects/vulnerability/vulnerability--514b8b11-3617-4d6d-9fe4-a24aebeb4e5b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19739f5e-862a-4aa7-adba-3319c3b59f3d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--514b8b11-3617-4d6d-9fe4-a24aebeb4e5b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:47.437705Z", + "modified": "2025-02-15T00:20:47.437705Z", + "name": "CVE-2024-52895", + "description": "IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52895" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--58b013b5-3461-4e1c-b8eb-cd019a05572d.json b/objects/vulnerability/vulnerability--58b013b5-3461-4e1c-b8eb-cd019a05572d.json new file mode 100644 index 0000000000..8585ede899 --- /dev/null +++ b/objects/vulnerability/vulnerability--58b013b5-3461-4e1c-b8eb-cd019a05572d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed1ba40c-819e-4f7e-93fa-e23f00cb6fd0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--58b013b5-3461-4e1c-b8eb-cd019a05572d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:47.385918Z", + "modified": "2025-02-15T00:20:47.385918Z", + "name": "CVE-2024-2240", + "description": "Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-2240" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5a48f5eb-9ddc-4058-8879-45fb47f3455b.json b/objects/vulnerability/vulnerability--5a48f5eb-9ddc-4058-8879-45fb47f3455b.json new file mode 100644 index 0000000000..140e4cca23 --- /dev/null +++ b/objects/vulnerability/vulnerability--5a48f5eb-9ddc-4058-8879-45fb47f3455b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--763135c5-dbd3-4c93-8782-7fd37e85a3be", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5a48f5eb-9ddc-4058-8879-45fb47f3455b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.839812Z", + "modified": "2025-02-15T00:20:51.839812Z", + "name": "CVE-2025-23857", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Essential WP Real Estate allows Reflected XSS. This issue affects Essential WP Real Estate: from n/a through 1.1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23857" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5d40e2b5-1dfd-4866-86e1-2af4187b5415.json b/objects/vulnerability/vulnerability--5d40e2b5-1dfd-4866-86e1-2af4187b5415.json new file mode 100644 index 0000000000..e80d20455f --- /dev/null +++ b/objects/vulnerability/vulnerability--5d40e2b5-1dfd-4866-86e1-2af4187b5415.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5a5af254-4b54-4426-aa21-9674994a2ae6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5d40e2b5-1dfd-4866-86e1-2af4187b5415", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.720418Z", + "modified": "2025-02-15T00:20:51.720418Z", + "name": "CVE-2025-25740", + "description": "D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25740" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e60ad73-a36c-42c6-95b2-7a368d5802d7.json b/objects/vulnerability/vulnerability--5e60ad73-a36c-42c6-95b2-7a368d5802d7.json new file mode 100644 index 0000000000..27f5783875 --- /dev/null +++ b/objects/vulnerability/vulnerability--5e60ad73-a36c-42c6-95b2-7a368d5802d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--60529b77-d98b-4815-9dc5-72974e2655c9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e60ad73-a36c-42c6-95b2-7a368d5802d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.763593Z", + "modified": "2025-02-15T00:20:51.763593Z", + "name": "CVE-2025-23406", + "description": "Out-of-bounds read vulnerability caused by improper checking of TCP MSS option values exists in Cente middleware TCP/IP Network Series, which may lead to processing a specially crafted packet to cause the affected product crashed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23406" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5f769ec3-4211-4052-aa3d-e29683be9c4d.json b/objects/vulnerability/vulnerability--5f769ec3-4211-4052-aa3d-e29683be9c4d.json new file mode 100644 index 0000000000..d90199b04c --- /dev/null +++ b/objects/vulnerability/vulnerability--5f769ec3-4211-4052-aa3d-e29683be9c4d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa36178c-9835-449e-a0ca-9fb98972e566", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5f769ec3-4211-4052-aa3d-e29683be9c4d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.814515Z", + "modified": "2025-02-15T00:20:51.814515Z", + "name": "CVE-2025-23748", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Singsys -Awesome Gallery allows Reflected XSS. This issue affects Singsys -Awesome Gallery: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23748" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62ab8689-cbb8-4af4-bcd6-f865e5644da8.json b/objects/vulnerability/vulnerability--62ab8689-cbb8-4af4-bcd6-f865e5644da8.json new file mode 100644 index 0000000000..957bc6ee7d --- /dev/null +++ b/objects/vulnerability/vulnerability--62ab8689-cbb8-4af4-bcd6-f865e5644da8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1a09f9e-bba5-4f2f-91f9-9ee1e7a910f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62ab8689-cbb8-4af4-bcd6-f865e5644da8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.482739Z", + "modified": "2025-02-15T00:20:51.482739Z", + "name": "CVE-2025-26508", + "description": "Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26508" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--651ae83d-3e4b-4ea5-b566-c522c681cc13.json b/objects/vulnerability/vulnerability--651ae83d-3e4b-4ea5-b566-c522c681cc13.json new file mode 100644 index 0000000000..49c2ac584e --- /dev/null +++ b/objects/vulnerability/vulnerability--651ae83d-3e4b-4ea5-b566-c522c681cc13.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--580a8114-9a45-47d6-9191-3ea703014b09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--651ae83d-3e4b-4ea5-b566-c522c681cc13", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.890961Z", + "modified": "2025-02-15T00:20:51.890961Z", + "name": "CVE-2025-0592", + "description": "The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0592" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--657cdee8-7ce0-415a-bd55-18393c3bb5ea.json b/objects/vulnerability/vulnerability--657cdee8-7ce0-415a-bd55-18393c3bb5ea.json new file mode 100644 index 0000000000..72aa6758a0 --- /dev/null +++ b/objects/vulnerability/vulnerability--657cdee8-7ce0-415a-bd55-18393c3bb5ea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e68ea1e4-f1f9-4434-b0ec-d74395168779", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--657cdee8-7ce0-415a-bd55-18393c3bb5ea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.779289Z", + "modified": "2025-02-15T00:20:51.779289Z", + "name": "CVE-2025-23657", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WordPress-to-candidate for Salesforce CRM allows Reflected XSS. This issue affects WordPress-to-candidate for Salesforce CRM: from n/a through 1.0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23657" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66c01200-26f9-4dbe-82cc-4bb723df59c2.json b/objects/vulnerability/vulnerability--66c01200-26f9-4dbe-82cc-4bb723df59c2.json new file mode 100644 index 0000000000..3ac7d79e07 --- /dev/null +++ b/objects/vulnerability/vulnerability--66c01200-26f9-4dbe-82cc-4bb723df59c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--644e4c40-d9be-496b-aeea-eb8d0cd0042a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66c01200-26f9-4dbe-82cc-4bb723df59c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.716015Z", + "modified": "2025-02-15T00:20:51.716015Z", + "name": "CVE-2025-25990", + "description": "Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25990" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--674e44e3-d81c-42d5-9b01-aa4ac076e96f.json b/objects/vulnerability/vulnerability--674e44e3-d81c-42d5-9b01-aa4ac076e96f.json new file mode 100644 index 0000000000..bf0ca35805 --- /dev/null +++ b/objects/vulnerability/vulnerability--674e44e3-d81c-42d5-9b01-aa4ac076e96f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c9071b6-5520-40a0-915f-1b545bb4cef0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--674e44e3-d81c-42d5-9b01-aa4ac076e96f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:46.32377Z", + "modified": "2025-02-15T00:20:46.32377Z", + "name": "CVE-2024-57725", + "description": "An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57725" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--68086ab3-00ce-43e6-97b6-a90cef4123a3.json b/objects/vulnerability/vulnerability--68086ab3-00ce-43e6-97b6-a90cef4123a3.json new file mode 100644 index 0000000000..7ecb96714b --- /dev/null +++ b/objects/vulnerability/vulnerability--68086ab3-00ce-43e6-97b6-a90cef4123a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3eaa051d-e608-4a36-960c-fed5c5917ebc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--68086ab3-00ce-43e6-97b6-a90cef4123a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.648494Z", + "modified": "2025-02-15T00:20:51.648494Z", + "name": "CVE-2025-24566", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomáš Groulík Intro Tour Tutorial DeepPresentation allows Reflected XSS. This issue affects Intro Tour Tutorial DeepPresentation: from n/a through 6.5.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24566" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--69dd065d-946a-4af5-8569-be4b2f8e73de.json b/objects/vulnerability/vulnerability--69dd065d-946a-4af5-8569-be4b2f8e73de.json new file mode 100644 index 0000000000..89759d60f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--69dd065d-946a-4af5-8569-be4b2f8e73de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b6fb2e1-aa66-43b8-8b78-e28d5f8b0b4f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--69dd065d-946a-4af5-8569-be4b2f8e73de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.489597Z", + "modified": "2025-02-15T00:20:51.489597Z", + "name": "CVE-2025-26158", + "description": "A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26158" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--719a39cc-052b-49eb-9fe4-37a5ca65fe1d.json b/objects/vulnerability/vulnerability--719a39cc-052b-49eb-9fe4-37a5ca65fe1d.json new file mode 100644 index 0000000000..1a78810bb5 --- /dev/null +++ b/objects/vulnerability/vulnerability--719a39cc-052b-49eb-9fe4-37a5ca65fe1d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2b978e5-cbbf-444c-aaa0-08273b1ede54", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--719a39cc-052b-49eb-9fe4-37a5ca65fe1d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.651738Z", + "modified": "2025-02-15T00:20:51.651738Z", + "name": "CVE-2025-24565", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team Tobias WP2LEADS allows Reflected XSS. This issue affects WP2LEADS: from n/a through 3.3.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24565" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7428096e-03fb-4527-a814-c10dfea2082d.json b/objects/vulnerability/vulnerability--7428096e-03fb-4527-a814-c10dfea2082d.json new file mode 100644 index 0000000000..1e96d8123c --- /dev/null +++ b/objects/vulnerability/vulnerability--7428096e-03fb-4527-a814-c10dfea2082d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f77c1843-6591-4cc9-ae46-481aa5789627", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7428096e-03fb-4527-a814-c10dfea2082d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.428279Z", + "modified": "2025-02-15T00:20:51.428279Z", + "name": "CVE-2025-21401", + "description": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-21401" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--744b5b84-5683-476f-b850-74785b671292.json b/objects/vulnerability/vulnerability--744b5b84-5683-476f-b850-74785b671292.json new file mode 100644 index 0000000000..ff8f91fc80 --- /dev/null +++ b/objects/vulnerability/vulnerability--744b5b84-5683-476f-b850-74785b671292.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27fc02b5-cdec-4f64-87c8-416d09da319c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--744b5b84-5683-476f-b850-74785b671292", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.511737Z", + "modified": "2025-02-15T00:20:51.511737Z", + "name": "CVE-2025-26524", + "description": "This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/ flooding on the targeted system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26524" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7505c647-716a-4832-95f4-9ec6ffd45966.json b/objects/vulnerability/vulnerability--7505c647-716a-4832-95f4-9ec6ffd45966.json new file mode 100644 index 0000000000..942fadccba --- /dev/null +++ b/objects/vulnerability/vulnerability--7505c647-716a-4832-95f4-9ec6ffd45966.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0eead82c-3b5f-430d-bb8b-65a593b900d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7505c647-716a-4832-95f4-9ec6ffd45966", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:45.863294Z", + "modified": "2025-02-15T00:20:45.863294Z", + "name": "CVE-2024-10404", + "description": "CalInvocationHandler in Brocade \nSANnav before 2.3.1b logs sensitive information in clear text. The \nvulnerability could allow an authenticated, local attacker to view \nBrocade Fabric OS switch sensitive information in clear text. An \nattacker with administrative privileges could retrieve sensitive \ninformation including passwords; SNMP responses that contain AuthSecret \nand PrivSecret after collecting a “supportsave” or getting access to an \nalready collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10404" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--77544255-aa3a-4f23-9554-ce3657c3971a.json b/objects/vulnerability/vulnerability--77544255-aa3a-4f23-9554-ce3657c3971a.json new file mode 100644 index 0000000000..463bc46e34 --- /dev/null +++ b/objects/vulnerability/vulnerability--77544255-aa3a-4f23-9554-ce3657c3971a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f683f12-eaac-4848-8f29-443eb2278b0a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--77544255-aa3a-4f23-9554-ce3657c3971a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:47.856358Z", + "modified": "2025-02-15T00:20:47.856358Z", + "name": "CVE-2024-13152", + "description": "Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13152" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--781eeb43-3b56-4ffb-a1dd-0fda5e80a7e5.json b/objects/vulnerability/vulnerability--781eeb43-3b56-4ffb-a1dd-0fda5e80a7e5.json new file mode 100644 index 0000000000..0ad7e8a63c --- /dev/null +++ b/objects/vulnerability/vulnerability--781eeb43-3b56-4ffb-a1dd-0fda5e80a7e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--257c9a16-c288-4fe0-9739-19c60d902ef6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--781eeb43-3b56-4ffb-a1dd-0fda5e80a7e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.691598Z", + "modified": "2025-02-15T00:20:51.691598Z", + "name": "CVE-2025-24607", + "description": "Missing Authorization vulnerability in Northern Beaches Websites IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IdeaPush: from n/a through 8.71.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24607" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78791f05-3d50-4166-95da-721c5e4d666f.json b/objects/vulnerability/vulnerability--78791f05-3d50-4166-95da-721c5e4d666f.json new file mode 100644 index 0000000000..785daedfde --- /dev/null +++ b/objects/vulnerability/vulnerability--78791f05-3d50-4166-95da-721c5e4d666f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--809e5662-fdb2-4dd9-95c6-1c6f84e3a64c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78791f05-3d50-4166-95da-721c5e4d666f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.722194Z", + "modified": "2025-02-15T00:20:51.722194Z", + "name": "CVE-2025-25992", + "description": "SQL Injection vulnerability in FeMiner wms 1.0 allows a remote attacker to obtain sensitive information via the inquire_inout_item.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25992" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78b31515-4c23-427c-8d48-ca4882633dca.json b/objects/vulnerability/vulnerability--78b31515-4c23-427c-8d48-ca4882633dca.json new file mode 100644 index 0000000000..1f756cded2 --- /dev/null +++ b/objects/vulnerability/vulnerability--78b31515-4c23-427c-8d48-ca4882633dca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--baab1acc-c76e-445f-b61c-880a603220b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78b31515-4c23-427c-8d48-ca4882633dca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.41749Z", + "modified": "2025-02-15T00:20:51.41749Z", + "name": "CVE-2025-1298", + "description": "Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1298" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7bf323a6-67e4-4340-9663-c0f7ca7ceaf4.json b/objects/vulnerability/vulnerability--7bf323a6-67e4-4340-9663-c0f7ca7ceaf4.json new file mode 100644 index 0000000000..7ae614e42e --- /dev/null +++ b/objects/vulnerability/vulnerability--7bf323a6-67e4-4340-9663-c0f7ca7ceaf4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8529f3c4-18a8-49a2-a95d-7e481f0730ce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7bf323a6-67e4-4340-9663-c0f7ca7ceaf4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.809195Z", + "modified": "2025-02-15T00:20:51.809195Z", + "name": "CVE-2025-23742", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podamibe Nepal Podamibe Twilio Private Call allows Reflected XSS. This issue affects Podamibe Twilio Private Call: from n/a through 1.0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23742" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d543bf3-37bb-4892-a462-d2c1309fe2d3.json b/objects/vulnerability/vulnerability--7d543bf3-37bb-4892-a462-d2c1309fe2d3.json new file mode 100644 index 0000000000..577e53688b --- /dev/null +++ b/objects/vulnerability/vulnerability--7d543bf3-37bb-4892-a462-d2c1309fe2d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--60c51551-2d5a-4ef2-9c36-db812076c743", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d543bf3-37bb-4892-a462-d2c1309fe2d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.738304Z", + "modified": "2025-02-15T00:20:51.738304Z", + "name": "CVE-2025-25988", + "description": "Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25988" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7fc36157-3c69-4d94-8ad5-8eb0d356f2d3.json b/objects/vulnerability/vulnerability--7fc36157-3c69-4d94-8ad5-8eb0d356f2d3.json new file mode 100644 index 0000000000..3bd621a7db --- /dev/null +++ b/objects/vulnerability/vulnerability--7fc36157-3c69-4d94-8ad5-8eb0d356f2d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eff73f25-cebd-41e2-ad5e-b5758f71cab4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7fc36157-3c69-4d94-8ad5-8eb0d356f2d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.688593Z", + "modified": "2025-02-15T00:20:51.688593Z", + "name": "CVE-2025-24592", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SysBasics Customize My Account for WooCommerce allows Reflected XSS. This issue affects Customize My Account for WooCommerce: from n/a through 2.8.22.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24592" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--82d3a2f0-ae29-428e-9fc1-eeede2ab4f8a.json b/objects/vulnerability/vulnerability--82d3a2f0-ae29-428e-9fc1-eeede2ab4f8a.json new file mode 100644 index 0000000000..951e29a8da --- /dev/null +++ b/objects/vulnerability/vulnerability--82d3a2f0-ae29-428e-9fc1-eeede2ab4f8a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--839e8b47-78a4-440d-bd49-6146a81c6ab5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--82d3a2f0-ae29-428e-9fc1-eeede2ab4f8a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:48.118941Z", + "modified": "2025-02-15T00:20:48.118941Z", + "name": "CVE-2024-56973", + "description": "Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56973" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84ef2b2c-47aa-4fd9-9b98-dba057c79f58.json b/objects/vulnerability/vulnerability--84ef2b2c-47aa-4fd9-9b98-dba057c79f58.json new file mode 100644 index 0000000000..ed7a646cd1 --- /dev/null +++ b/objects/vulnerability/vulnerability--84ef2b2c-47aa-4fd9-9b98-dba057c79f58.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4402f5d0-27b0-4330-bc37-304404f14ac7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84ef2b2c-47aa-4fd9-9b98-dba057c79f58", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.759906Z", + "modified": "2025-02-15T00:20:51.759906Z", + "name": "CVE-2025-23523", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoststreamsell HSS Embed Streaming Video allows Reflected XSS. This issue affects HSS Embed Streaming Video: from n/a through 3.23.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23523" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8666dbae-58d6-476f-8d76-6e32144c373d.json b/objects/vulnerability/vulnerability--8666dbae-58d6-476f-8d76-6e32144c373d.json new file mode 100644 index 0000000000..2290f63082 --- /dev/null +++ b/objects/vulnerability/vulnerability--8666dbae-58d6-476f-8d76-6e32144c373d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f20e9b2-d59d-409a-ad04-08b7666b1e2d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8666dbae-58d6-476f-8d76-6e32144c373d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:46.322544Z", + "modified": "2025-02-15T00:20:46.322544Z", + "name": "CVE-2024-57790", + "description": "IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57790" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--87c4e43c-1647-4e7c-aa13-9486bf99f549.json b/objects/vulnerability/vulnerability--87c4e43c-1647-4e7c-aa13-9486bf99f549.json new file mode 100644 index 0000000000..5e8a69fdaf --- /dev/null +++ b/objects/vulnerability/vulnerability--87c4e43c-1647-4e7c-aa13-9486bf99f549.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13edeac5-a243-47b9-a0e3-5fbfbb373e8e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--87c4e43c-1647-4e7c-aa13-9486bf99f549", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.643704Z", + "modified": "2025-02-15T00:20:51.643704Z", + "name": "CVE-2025-24617", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter allows Reflected XSS. This issue affects AcyMailing SMTP Newsletter: from n/a through n/a.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24617" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8930b39b-59d9-4e3d-bd88-a2c9c88ccb87.json b/objects/vulnerability/vulnerability--8930b39b-59d9-4e3d-bd88-a2c9c88ccb87.json new file mode 100644 index 0000000000..460bc98978 --- /dev/null +++ b/objects/vulnerability/vulnerability--8930b39b-59d9-4e3d-bd88-a2c9c88ccb87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c5f78c1-afe6-4c31-9341-ab0e76960103", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8930b39b-59d9-4e3d-bd88-a2c9c88ccb87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.501695Z", + "modified": "2025-02-15T00:20:51.501695Z", + "name": "CVE-2025-26157", + "description": "A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST request parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26157" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8bdad275-1a3c-4a46-9aff-0d510dcb0473.json b/objects/vulnerability/vulnerability--8bdad275-1a3c-4a46-9aff-0d510dcb0473.json new file mode 100644 index 0000000000..fbc2990124 --- /dev/null +++ b/objects/vulnerability/vulnerability--8bdad275-1a3c-4a46-9aff-0d510dcb0473.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dfaeb592-b687-4b8c-ae08-7d28b9b923b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8bdad275-1a3c-4a46-9aff-0d510dcb0473", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.524048Z", + "modified": "2025-02-15T00:20:51.524048Z", + "name": "CVE-2025-22705", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in godthor Disqus Popular Posts allows Reflected XSS. This issue affects Disqus Popular Posts: from n/a through 2.1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22705" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c44d314-9a67-4e56-a9ac-3d735138f8e1.json b/objects/vulnerability/vulnerability--8c44d314-9a67-4e56-a9ac-3d735138f8e1.json new file mode 100644 index 0000000000..aac8889707 --- /dev/null +++ b/objects/vulnerability/vulnerability--8c44d314-9a67-4e56-a9ac-3d735138f8e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6981dd72-1e28-4dc7-ac5c-c5357042f844", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c44d314-9a67-4e56-a9ac-3d735138f8e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.849569Z", + "modified": "2025-02-15T00:20:51.849569Z", + "name": "CVE-2025-0178", + "description": "Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious JavaScript into responses sent by the Web UI.\nThis issue affects Fireware OS: from 12.0 up to and including 12.11.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0178" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--927b6971-7fb9-4279-ba15-dd79f212931e.json b/objects/vulnerability/vulnerability--927b6971-7fb9-4279-ba15-dd79f212931e.json new file mode 100644 index 0000000000..db569a9cfa --- /dev/null +++ b/objects/vulnerability/vulnerability--927b6971-7fb9-4279-ba15-dd79f212931e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e7337b0-087b-4237-9c0f-ac1a9f4e216d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--927b6971-7fb9-4279-ba15-dd79f212931e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:48.169281Z", + "modified": "2025-02-15T00:20:48.169281Z", + "name": "CVE-2024-56180", + "description": "CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\\linux\\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hessian deserialization rpc protocol. Users can use the code under the master branch in project repo or version 1.11.0 to fix this issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56180" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--95d8d771-142c-4c8b-b6f5-d8b4a81c44ec.json b/objects/vulnerability/vulnerability--95d8d771-142c-4c8b-b6f5-d8b4a81c44ec.json new file mode 100644 index 0000000000..80bdc01232 --- /dev/null +++ b/objects/vulnerability/vulnerability--95d8d771-142c-4c8b-b6f5-d8b4a81c44ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51dd2d03-2dbe-4521-831a-f049092e3d10", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--95d8d771-142c-4c8b-b6f5-d8b4a81c44ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.741074Z", + "modified": "2025-02-15T00:20:51.741074Z", + "name": "CVE-2025-25296", + "description": "Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution. The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims' browsers by getting them to visit a maliciously crafted URL. This is considered vulnerable because it enables attackers to execute JavaScript in victims' contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions. Version 1.16.0 contains a patch for the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25296" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--989294ac-a40a-421f-94a1-a7bd166c527f.json b/objects/vulnerability/vulnerability--989294ac-a40a-421f-94a1-a7bd166c527f.json new file mode 100644 index 0000000000..86bbdab5e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--989294ac-a40a-421f-94a1-a7bd166c527f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--854fa1e7-64fa-4143-8961-db3e4648a960", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--989294ac-a40a-421f-94a1-a7bd166c527f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.837486Z", + "modified": "2025-02-15T00:20:51.837486Z", + "name": "CVE-2025-23568", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fredsted WP Login Attempt Log allows Reflected XSS. This issue affects WP Login Attempt Log: from n/a through 1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23568" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99586b89-ff14-4677-9378-de85390818c5.json b/objects/vulnerability/vulnerability--99586b89-ff14-4677-9378-de85390818c5.json new file mode 100644 index 0000000000..c0178b72b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--99586b89-ff14-4677-9378-de85390818c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d343b2ac-f18f-4b98-904d-5ce02c11e67a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99586b89-ff14-4677-9378-de85390818c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.413546Z", + "modified": "2025-02-15T00:20:51.413546Z", + "name": "CVE-2025-1053", + "description": "Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1053" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9b2004ca-7af2-407a-b445-7e897dc1a4b8.json b/objects/vulnerability/vulnerability--9b2004ca-7af2-407a-b445-7e897dc1a4b8.json new file mode 100644 index 0000000000..d77c0a0f59 --- /dev/null +++ b/objects/vulnerability/vulnerability--9b2004ca-7af2-407a-b445-7e897dc1a4b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0da3ffd6-b2b2-44ca-a9b9-e043b9a946eb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9b2004ca-7af2-407a-b445-7e897dc1a4b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.797212Z", + "modified": "2025-02-15T00:20:51.797212Z", + "name": "CVE-2025-23651", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Scroll Top allows Reflected XSS. This issue affects Scroll Top: from n/a through 1.3.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23651" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a154a03b-9488-4987-944d-9df3177348f3.json b/objects/vulnerability/vulnerability--a154a03b-9488-4987-944d-9df3177348f3.json new file mode 100644 index 0000000000..0efab45a43 --- /dev/null +++ b/objects/vulnerability/vulnerability--a154a03b-9488-4987-944d-9df3177348f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0675f4e6-6eeb-4e05-b021-3bcfbd4e5738", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a154a03b-9488-4987-944d-9df3177348f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.724461Z", + "modified": "2025-02-15T00:20:51.724461Z", + "name": "CVE-2025-25745", + "description": "D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25745" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a35830ba-8712-44a6-9d22-5d13fb989cac.json b/objects/vulnerability/vulnerability--a35830ba-8712-44a6-9d22-5d13fb989cac.json new file mode 100644 index 0000000000..2db0137637 --- /dev/null +++ b/objects/vulnerability/vulnerability--a35830ba-8712-44a6-9d22-5d13fb989cac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9a51ed37-ef10-4e22-9dae-65a6f59964f8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a35830ba-8712-44a6-9d22-5d13fb989cac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:47.792758Z", + "modified": "2025-02-15T00:20:47.792758Z", + "name": "CVE-2024-55904", + "description": "IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55904" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3861c63-f690-4c40-aea8-9b019a5de5ea.json b/objects/vulnerability/vulnerability--a3861c63-f690-4c40-aea8-9b019a5de5ea.json new file mode 100644 index 0000000000..580885062d --- /dev/null +++ b/objects/vulnerability/vulnerability--a3861c63-f690-4c40-aea8-9b019a5de5ea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--102864e5-d9d9-4dac-92a6-4ea583b0b9f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3861c63-f690-4c40-aea8-9b019a5de5ea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:45.771656Z", + "modified": "2025-02-15T00:20:45.771656Z", + "name": "CVE-2024-4282", + "description": "Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-4282" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a5394dc6-65be-4e20-846a-731f9ad4c3e3.json b/objects/vulnerability/vulnerability--a5394dc6-65be-4e20-846a-731f9ad4c3e3.json new file mode 100644 index 0000000000..dae855d671 --- /dev/null +++ b/objects/vulnerability/vulnerability--a5394dc6-65be-4e20-846a-731f9ad4c3e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d5db1162-7d7e-461c-8582-9653c730d6c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a5394dc6-65be-4e20-846a-731f9ad4c3e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:47.431824Z", + "modified": "2025-02-15T00:20:47.431824Z", + "name": "CVE-2024-52500", + "description": "Missing Authorization vulnerability in monetagwp Monetag Official Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Monetag Official Plugin: from n/a through 1.1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52500" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a782548c-f56e-4755-a610-bf1469a9f54b.json b/objects/vulnerability/vulnerability--a782548c-f56e-4755-a610-bf1469a9f54b.json new file mode 100644 index 0000000000..31e8bc68fe --- /dev/null +++ b/objects/vulnerability/vulnerability--a782548c-f56e-4755-a610-bf1469a9f54b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b07c8254-3905-4704-914f-2406253c01c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a782548c-f56e-4755-a610-bf1469a9f54b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.834807Z", + "modified": "2025-02-15T00:20:51.834807Z", + "name": "CVE-2025-23525", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kvvaradha Kv Compose Email From Dashboard allows Reflected XSS. This issue affects Kv Compose Email From Dashboard: from n/a through 1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23525" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8eff212-1adc-49d1-b4a4-b80a42146230.json b/objects/vulnerability/vulnerability--a8eff212-1adc-49d1-b4a4-b80a42146230.json new file mode 100644 index 0000000000..a451033865 --- /dev/null +++ b/objects/vulnerability/vulnerability--a8eff212-1adc-49d1-b4a4-b80a42146230.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8cebf0d8-9c1e-48eb-b4de-515c15c6e8d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8eff212-1adc-49d1-b4a4-b80a42146230", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.658153Z", + "modified": "2025-02-15T00:20:51.658153Z", + "name": "CVE-2025-24567", + "description": "Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data. This issue affects WP Mailster: from n/a through 1.8.16.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24567" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab91fa70-46f9-4a0d-b163-f80c8dde19ea.json b/objects/vulnerability/vulnerability--ab91fa70-46f9-4a0d-b163-f80c8dde19ea.json new file mode 100644 index 0000000000..0083c3f869 --- /dev/null +++ b/objects/vulnerability/vulnerability--ab91fa70-46f9-4a0d-b163-f80c8dde19ea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9553dfb-f661-4f22-bef2-ec0460457bcc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab91fa70-46f9-4a0d-b163-f80c8dde19ea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:47.815332Z", + "modified": "2025-02-15T00:20:47.815332Z", + "name": "CVE-2024-13692", + "description": "The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to overwrite linked refund image attachments, overwrite refund request message, overwrite order messages, and read order messages of other users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13692" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ac5db221-3baa-4254-b050-86ed2eae1ca3.json b/objects/vulnerability/vulnerability--ac5db221-3baa-4254-b050-86ed2eae1ca3.json new file mode 100644 index 0000000000..9716b2233c --- /dev/null +++ b/objects/vulnerability/vulnerability--ac5db221-3baa-4254-b050-86ed2eae1ca3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--620487f3-1228-4e2d-8d37-d52254977634", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ac5db221-3baa-4254-b050-86ed2eae1ca3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.653197Z", + "modified": "2025-02-15T00:20:51.653197Z", + "name": "CVE-2025-24688", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.20.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24688" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--add033f7-bb59-4c0e-92bf-1729e956e3d2.json b/objects/vulnerability/vulnerability--add033f7-bb59-4c0e-92bf-1729e956e3d2.json new file mode 100644 index 0000000000..6fe651f13f --- /dev/null +++ b/objects/vulnerability/vulnerability--add033f7-bb59-4c0e-92bf-1729e956e3d2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--264f8103-8e00-4ad4-b74e-bb5d4de65167", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--add033f7-bb59-4c0e-92bf-1729e956e3d2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.82716Z", + "modified": "2025-02-15T00:20:51.82716Z", + "name": "CVE-2025-23851", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Coronavirus (COVID-19) Outbreak Data Widgets allows Reflected XSS. This issue affects Coronavirus (COVID-19) Outbreak Data Widgets: from n/a through 1.1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23851" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aee77f92-dd3f-40e6-a2e1-ca36ab1fd9e9.json b/objects/vulnerability/vulnerability--aee77f92-dd3f-40e6-a2e1-ca36ab1fd9e9.json new file mode 100644 index 0000000000..72e3a8497e --- /dev/null +++ b/objects/vulnerability/vulnerability--aee77f92-dd3f-40e6-a2e1-ca36ab1fd9e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--28ea96cd-8ef6-4918-9f06-4e0e6373f471", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aee77f92-dd3f-40e6-a2e1-ca36ab1fd9e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.819655Z", + "modified": "2025-02-15T00:20:51.819655Z", + "name": "CVE-2025-23646", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Brooks Library Instruction Recorder allows Reflected XSS. This issue affects Library Instruction Recorder: from n/a through 1.1.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23646" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aeef325f-5129-4088-86ef-a638d455f7dd.json b/objects/vulnerability/vulnerability--aeef325f-5129-4088-86ef-a638d455f7dd.json new file mode 100644 index 0000000000..085f8c1718 --- /dev/null +++ b/objects/vulnerability/vulnerability--aeef325f-5129-4088-86ef-a638d455f7dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ea4bb8df-db2a-4cdb-b59f-758e0ed585c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aeef325f-5129-4088-86ef-a638d455f7dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.892385Z", + "modified": "2025-02-15T00:20:51.892385Z", + "name": "CVE-2025-0593", + "description": "The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by using lower-level functions to interact with the device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0593" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b14b95fa-3fa2-4d58-98ed-3fa55599c43e.json b/objects/vulnerability/vulnerability--b14b95fa-3fa2-4d58-98ed-3fa55599c43e.json new file mode 100644 index 0000000000..d88dd776ff --- /dev/null +++ b/objects/vulnerability/vulnerability--b14b95fa-3fa2-4d58-98ed-3fa55599c43e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c8fff8cb-7bf8-4f64-b62f-6a5fcc82611e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b14b95fa-3fa2-4d58-98ed-3fa55599c43e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.800052Z", + "modified": "2025-02-15T00:20:51.800052Z", + "name": "CVE-2025-23751", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash allows Reflected XSS. This issue affects Data Dash: from n/a through 1.2.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23751" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2b51a22-2055-45ee-9406-cc2cdfb60fc2.json b/objects/vulnerability/vulnerability--b2b51a22-2055-45ee-9406-cc2cdfb60fc2.json new file mode 100644 index 0000000000..8ed37d6fcf --- /dev/null +++ b/objects/vulnerability/vulnerability--b2b51a22-2055-45ee-9406-cc2cdfb60fc2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b35377af-1565-473f-a85b-9891dc868455", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2b51a22-2055-45ee-9406-cc2cdfb60fc2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.706811Z", + "modified": "2025-02-15T00:20:51.706811Z", + "name": "CVE-2025-25297", + "description": "Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery (SSRF) vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a custom S3 endpoint URL via the s3_endpoint parameter. This endpoint URL is passed directly to the boto3 AWS SDK without proper validation or restrictions on the protocol or destination. The vulnerability allows an attacker to make the application send HTTP requests to arbitrary internal services by specifying them as the S3 endpoint. When the storage sync operation is triggered, the application attempts to make S3 API calls to the specified endpoint, effectively making HTTP requests to the target service and returning the response in error messages. This SSRF vulnerability enables attackers to bypass network segmentation and access internal services that should not be accessible from the external network. The vulnerability is particularly severe because error messages from failed requests contain the full response body, allowing data exfiltration from internal services. Version 1.16.0 contains a patch for the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25297" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b3cdbd2d-4f14-4d51-8396-949aaba435a1.json b/objects/vulnerability/vulnerability--b3cdbd2d-4f14-4d51-8396-949aaba435a1.json new file mode 100644 index 0000000000..110a669cc3 --- /dev/null +++ b/objects/vulnerability/vulnerability--b3cdbd2d-4f14-4d51-8396-949aaba435a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fdbeb21a-53b6-43eb-9086-24cfbf04763d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b3cdbd2d-4f14-4d51-8396-949aaba435a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.486049Z", + "modified": "2025-02-15T00:20:51.486049Z", + "name": "CVE-2025-26519", + "description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26519" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b4913ac2-e712-4d50-9efb-b501f1729fc9.json b/objects/vulnerability/vulnerability--b4913ac2-e712-4d50-9efb-b501f1729fc9.json new file mode 100644 index 0000000000..f75c3f46f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--b4913ac2-e712-4d50-9efb-b501f1729fc9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ec00fc9-ff8a-4038-bfc7-c86c7fe7c660", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b4913ac2-e712-4d50-9efb-b501f1729fc9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.812954Z", + "modified": "2025-02-15T00:20:51.812954Z", + "name": "CVE-2025-23853", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in michelem NoFollow Free allows Reflected XSS. This issue affects NoFollow Free: from n/a through 1.6.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23853" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b4adcefc-c8e0-4261-96aa-dcc97ba0016b.json b/objects/vulnerability/vulnerability--b4adcefc-c8e0-4261-96aa-dcc97ba0016b.json new file mode 100644 index 0000000000..380e3cae26 --- /dev/null +++ b/objects/vulnerability/vulnerability--b4adcefc-c8e0-4261-96aa-dcc97ba0016b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c8a550b3-0ec6-4e92-a671-93bb9beeca74", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b4adcefc-c8e0-4261-96aa-dcc97ba0016b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.81191Z", + "modified": "2025-02-15T00:20:51.81191Z", + "name": "CVE-2025-23750", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devbunchuk Custom Widget Creator allows Reflected XSS. This issue affects Custom Widget Creator: from n/a through 1.0.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23750" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b4e6521d-07bd-4813-925d-7bc96105a5e6.json b/objects/vulnerability/vulnerability--b4e6521d-07bd-4813-925d-7bc96105a5e6.json new file mode 100644 index 0000000000..b976d0d4b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--b4e6521d-07bd-4813-925d-7bc96105a5e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27ea96ea-16a8-4495-903f-e9faa2350ab9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b4e6521d-07bd-4813-925d-7bc96105a5e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.474243Z", + "modified": "2025-02-15T00:20:51.474243Z", + "name": "CVE-2025-26523", + "description": "This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vulnerability could allow an authenticated remote attacker to modify information belonging to other user accounts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26523" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--baf48864-e84f-44cc-a8c0-aaf44aefd751.json b/objects/vulnerability/vulnerability--baf48864-e84f-44cc-a8c0-aaf44aefd751.json new file mode 100644 index 0000000000..a7cddd2450 --- /dev/null +++ b/objects/vulnerability/vulnerability--baf48864-e84f-44cc-a8c0-aaf44aefd751.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2aebfb00-1e39-44cf-880b-33e6e9b7da72", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--baf48864-e84f-44cc-a8c0-aaf44aefd751", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.776575Z", + "modified": "2025-02-15T00:20:51.776575Z", + "name": "CVE-2025-23789", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tahminajannat URL Shortener | Conversion Tracking | AB Testing | WooCommerce allows Reflected XSS. This issue affects URL Shortener | Conversion Tracking | AB Testing | WooCommerce: from n/a through 9.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23789" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bdad01cb-be98-434f-b697-2cfbe518ecfa.json b/objects/vulnerability/vulnerability--bdad01cb-be98-434f-b697-2cfbe518ecfa.json new file mode 100644 index 0000000000..19fd4452c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--bdad01cb-be98-434f-b697-2cfbe518ecfa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a794b66e-cd22-481c-9bc3-ff97f2bbb043", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bdad01cb-be98-434f-b697-2cfbe518ecfa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:46.339498Z", + "modified": "2025-02-15T00:20:46.339498Z", + "name": "CVE-2024-57778", + "description": "An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57778" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be31f0cd-0f8b-4a0e-a77a-675311086bd1.json b/objects/vulnerability/vulnerability--be31f0cd-0f8b-4a0e-a77a-675311086bd1.json new file mode 100644 index 0000000000..64aeb3813a --- /dev/null +++ b/objects/vulnerability/vulnerability--be31f0cd-0f8b-4a0e-a77a-675311086bd1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ad54871-705b-420a-b0ca-3a36a9cf02fe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be31f0cd-0f8b-4a0e-a77a-675311086bd1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:46.013954Z", + "modified": "2025-02-15T00:20:46.013954Z", + "name": "CVE-2024-9601", + "description": "The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ and 'UniqueID' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9601" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be7a4872-48df-4899-8e77-4a5679144ea9.json b/objects/vulnerability/vulnerability--be7a4872-48df-4899-8e77-4a5679144ea9.json new file mode 100644 index 0000000000..a6ef4c1970 --- /dev/null +++ b/objects/vulnerability/vulnerability--be7a4872-48df-4899-8e77-4a5679144ea9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--daae2141-b5e5-4972-902e-6bdff9fdfa14", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be7a4872-48df-4899-8e77-4a5679144ea9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.798431Z", + "modified": "2025-02-15T00:20:51.798431Z", + "name": "CVE-2025-23771", + "description": "Missing Authorization vulnerability in Murali Push Notification for Post and BuddyPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push Notification for Post and BuddyPress: from n/a through 2.11.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23771" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bfa70dc7-d754-455a-a874-778808934a34.json b/objects/vulnerability/vulnerability--bfa70dc7-d754-455a-a874-778808934a34.json new file mode 100644 index 0000000000..4b62b8826f --- /dev/null +++ b/objects/vulnerability/vulnerability--bfa70dc7-d754-455a-a874-778808934a34.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1bd1b442-69d3-4a7f-9509-943b912cd698", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bfa70dc7-d754-455a-a874-778808934a34", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.712474Z", + "modified": "2025-02-15T00:20:51.712474Z", + "name": "CVE-2025-25991", + "description": "SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25991" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c0ec0606-fdf7-40aa-9475-a67447f0a228.json b/objects/vulnerability/vulnerability--c0ec0606-fdf7-40aa-9475-a67447f0a228.json new file mode 100644 index 0000000000..3f9d94f263 --- /dev/null +++ b/objects/vulnerability/vulnerability--c0ec0606-fdf7-40aa-9475-a67447f0a228.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ad88563-9a4f-4ca6-8f6c-84370be43337", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c0ec0606-fdf7-40aa-9475-a67447f0a228", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.575784Z", + "modified": "2025-02-15T00:20:51.575784Z", + "name": "CVE-2025-22630", + "description": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in MarketingFire Widget Options allows OS Command Injection.This issue affects Widget Options: from n/a through 4.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22630" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c5c113b9-1f49-47ab-ad31-32090cd1136d.json b/objects/vulnerability/vulnerability--c5c113b9-1f49-47ab-ad31-32090cd1136d.json new file mode 100644 index 0000000000..3a39806048 --- /dev/null +++ b/objects/vulnerability/vulnerability--c5c113b9-1f49-47ab-ad31-32090cd1136d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c06a78d-f591-4afb-a55a-696cc568b4ed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c5c113b9-1f49-47ab-ad31-32090cd1136d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.662345Z", + "modified": "2025-02-15T00:20:51.662345Z", + "name": "CVE-2025-24558", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks allows Reflected XSS. This issue affects CRM Perks: from n/a through 1.1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24558" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c6a2372b-3598-44bb-bfdd-28b36d74ee20.json b/objects/vulnerability/vulnerability--c6a2372b-3598-44bb-bfdd-28b36d74ee20.json new file mode 100644 index 0000000000..d535d243fb --- /dev/null +++ b/objects/vulnerability/vulnerability--c6a2372b-3598-44bb-bfdd-28b36d74ee20.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e18cacb6-7f52-47c2-a7ca-c0e21f8967f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c6a2372b-3598-44bb-bfdd-28b36d74ee20", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.870945Z", + "modified": "2025-02-15T00:20:51.870945Z", + "name": "CVE-2025-0821", + "description": "Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0821" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cab4f92c-4dec-49cb-ad7b-c20cc8fe29ec.json b/objects/vulnerability/vulnerability--cab4f92c-4dec-49cb-ad7b-c20cc8fe29ec.json new file mode 100644 index 0000000000..696078aec2 --- /dev/null +++ b/objects/vulnerability/vulnerability--cab4f92c-4dec-49cb-ad7b-c20cc8fe29ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ffbe1fd-1f7d-40a6-ae51-86b65511409f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cab4f92c-4dec-49cb-ad7b-c20cc8fe29ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.733784Z", + "modified": "2025-02-15T00:20:51.733784Z", + "name": "CVE-2025-25295", + "description": "Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a `download` function on the `label-studio-sdk` python package, which fails to validate file paths when processing image references during task exports. By creating tasks with path traversal sequences in the image field, an attacker can force the application to read files from arbitrary server filesystem locations when exporting projects in any of the mentioned formats. This is authentication-required vulnerability allowing arbitrary file reads from the server filesystem. It may lead to potential exposure of sensitive information like configuration files, credentials, and confidential data. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio version 1.13.2.dev0; therefore, Label Studio users should upgrade to 1.16.0 or newer to mitigate it.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25295" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cbbf90c5-ed22-432c-9eba-a54aa66f5f31.json b/objects/vulnerability/vulnerability--cbbf90c5-ed22-432c-9eba-a54aa66f5f31.json new file mode 100644 index 0000000000..247abb8380 --- /dev/null +++ b/objects/vulnerability/vulnerability--cbbf90c5-ed22-432c-9eba-a54aa66f5f31.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4acb7c7-77d0-4034-8474-04e4ed1ae9aa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cbbf90c5-ed22-432c-9eba-a54aa66f5f31", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:45.860764Z", + "modified": "2025-02-15T00:20:45.860764Z", + "name": "CVE-2024-10405", + "description": "Brocade SANnav before SANnav 2.3.1b \nenables weak TLS ciphers on ports 443 and 18082. In case of a successful\n exploit, an attacker can read Brocade SANnav data stream that includes \nmonitored Brocade Fabric OS switches performance data, port status, \nzoning information, WWNs, IP Addresses, but no customer data, no \npersonal data and no secrets or passwords, as it travels across the \nnetwork.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10405" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ccf35a93-7709-4d9d-b205-f885f0a61904.json b/objects/vulnerability/vulnerability--ccf35a93-7709-4d9d-b205-f885f0a61904.json new file mode 100644 index 0000000000..53f0b88985 --- /dev/null +++ b/objects/vulnerability/vulnerability--ccf35a93-7709-4d9d-b205-f885f0a61904.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55ee75a3-2511-468b-9961-9f98565b9a7d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ccf35a93-7709-4d9d-b205-f885f0a61904", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.792854Z", + "modified": "2025-02-15T00:20:51.792854Z", + "name": "CVE-2025-23474", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard allows Reflected XSS. This issue affects Live Dashboard: from n/a through 0.3.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23474" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d053f03c-01f0-4c7d-9976-2abc55fefd8a.json b/objects/vulnerability/vulnerability--d053f03c-01f0-4c7d-9976-2abc55fefd8a.json new file mode 100644 index 0000000000..360ec1d638 --- /dev/null +++ b/objects/vulnerability/vulnerability--d053f03c-01f0-4c7d-9976-2abc55fefd8a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ad4f75a8-3ad7-4296-ac70-35fec087779e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d053f03c-01f0-4c7d-9976-2abc55fefd8a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.633893Z", + "modified": "2025-02-15T00:20:51.633893Z", + "name": "CVE-2025-24564", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aviplugins.com Contact Form With Shortcode allows Reflected XSS. This issue affects Contact Form With Shortcode: from n/a through 4.2.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24564" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d43ccdb7-0025-49b8-a541-0225240be52e.json b/objects/vulnerability/vulnerability--d43ccdb7-0025-49b8-a541-0225240be52e.json new file mode 100644 index 0000000000..dca2de04ae --- /dev/null +++ b/objects/vulnerability/vulnerability--d43ccdb7-0025-49b8-a541-0225240be52e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--599d2a98-5ce0-4a76-ae7f-fc148f48d271", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d43ccdb7-0025-49b8-a541-0225240be52e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:46.307338Z", + "modified": "2025-02-15T00:20:46.307338Z", + "name": "CVE-2024-57969", + "description": "app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57969" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8246401-b727-4e98-b1f2-96582712c3ea.json b/objects/vulnerability/vulnerability--d8246401-b727-4e98-b1f2-96582712c3ea.json new file mode 100644 index 0000000000..0b5858b8af --- /dev/null +++ b/objects/vulnerability/vulnerability--d8246401-b727-4e98-b1f2-96582712c3ea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--386ade59-f5dc-40ae-b9c6-aed157b05a61", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8246401-b727-4e98-b1f2-96582712c3ea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.670035Z", + "modified": "2025-02-15T00:20:51.670035Z", + "name": "CVE-2025-24615", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fatcatapps Analytics Cat allows Reflected XSS. This issue affects Analytics Cat: from n/a through 1.1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24615" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8fa0da1-87fd-4256-8eae-3fc677a631c3.json b/objects/vulnerability/vulnerability--d8fa0da1-87fd-4256-8eae-3fc677a631c3.json new file mode 100644 index 0000000000..6a4660e2bc --- /dev/null +++ b/objects/vulnerability/vulnerability--d8fa0da1-87fd-4256-8eae-3fc677a631c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e6a14c83-dfab-4b73-bf0d-aa4eaf736c9e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8fa0da1-87fd-4256-8eae-3fc677a631c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.768687Z", + "modified": "2025-02-15T00:20:51.768687Z", + "name": "CVE-2025-23652", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Add custom content after post allows Reflected XSS. This issue affects Add custom content after post: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23652" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d907e7eb-d353-449a-86b9-5d3b9e3dbeb6.json b/objects/vulnerability/vulnerability--d907e7eb-d353-449a-86b9-5d3b9e3dbeb6.json new file mode 100644 index 0000000000..eb9b655e4c --- /dev/null +++ b/objects/vulnerability/vulnerability--d907e7eb-d353-449a-86b9-5d3b9e3dbeb6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--71f664c5-ace9-4e19-9766-d28667eb9ff6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d907e7eb-d353-449a-86b9-5d3b9e3dbeb6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:47.837043Z", + "modified": "2025-02-15T00:20:47.837043Z", + "name": "CVE-2024-13735", + "description": "The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13735" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dce06cad-00b5-4114-a716-738bcf510d4f.json b/objects/vulnerability/vulnerability--dce06cad-00b5-4114-a716-738bcf510d4f.json new file mode 100644 index 0000000000..efe3af54b2 --- /dev/null +++ b/objects/vulnerability/vulnerability--dce06cad-00b5-4114-a716-738bcf510d4f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e1c22242-36ca-4436-b1ae-058ab11c20f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dce06cad-00b5-4114-a716-738bcf510d4f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.503895Z", + "modified": "2025-02-15T00:20:51.503895Z", + "name": "CVE-2025-26819", + "description": "Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26819" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ded78117-1e19-4b1f-b407-526485f94f16.json b/objects/vulnerability/vulnerability--ded78117-1e19-4b1f-b407-526485f94f16.json new file mode 100644 index 0000000000..38a7753c87 --- /dev/null +++ b/objects/vulnerability/vulnerability--ded78117-1e19-4b1f-b407-526485f94f16.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d2c4d97-dec2-485a-b591-bba6e5cdd489", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ded78117-1e19-4b1f-b407-526485f94f16", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.647184Z", + "modified": "2025-02-15T00:20:51.647184Z", + "name": "CVE-2025-24641", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API allows Stored XSS. This issue affects Better WishList API: from n/a through 1.1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24641" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--defdfecf-6be1-4b1d-950b-107ed285780f.json b/objects/vulnerability/vulnerability--defdfecf-6be1-4b1d-950b-107ed285780f.json new file mode 100644 index 0000000000..29a6e47380 --- /dev/null +++ b/objects/vulnerability/vulnerability--defdfecf-6be1-4b1d-950b-107ed285780f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--888c20be-f3a9-42dc-8337-a6a66d4b743c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--defdfecf-6be1-4b1d-950b-107ed285780f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.476172Z", + "modified": "2025-02-15T00:20:51.476172Z", + "name": "CVE-2025-26506", + "description": "Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26506" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e05c54b1-442d-44b5-8f6f-cbf4b1e9d2c9.json b/objects/vulnerability/vulnerability--e05c54b1-442d-44b5-8f6f-cbf4b1e9d2c9.json new file mode 100644 index 0000000000..d8da639e62 --- /dev/null +++ b/objects/vulnerability/vulnerability--e05c54b1-442d-44b5-8f6f-cbf4b1e9d2c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f4613b1-fbaa-42c2-a37e-5761f57343fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e05c54b1-442d-44b5-8f6f-cbf4b1e9d2c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.687404Z", + "modified": "2025-02-15T00:20:51.687404Z", + "name": "CVE-2025-24699", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24699" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e237cfb8-cd71-46ae-bcaa-09481fa51595.json b/objects/vulnerability/vulnerability--e237cfb8-cd71-46ae-bcaa-09481fa51595.json new file mode 100644 index 0000000000..94019db0e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--e237cfb8-cd71-46ae-bcaa-09481fa51595.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1ff85f2c-b4e7-470f-a49f-6b7d18d3afe0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e237cfb8-cd71-46ae-bcaa-09481fa51595", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.735058Z", + "modified": "2025-02-15T00:20:51.735058Z", + "name": "CVE-2025-25994", + "description": "SQL Injection vulnerability in FeMiner wms wms 1.0 allows a remote attacker to obtain sensitive information via the parameters date1, date2, id.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25994" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e2afa4eb-e71a-4da1-bb18-4b3ff3d8d7d7.json b/objects/vulnerability/vulnerability--e2afa4eb-e71a-4da1-bb18-4b3ff3d8d7d7.json new file mode 100644 index 0000000000..e855f54985 --- /dev/null +++ b/objects/vulnerability/vulnerability--e2afa4eb-e71a-4da1-bb18-4b3ff3d8d7d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--05d97912-defe-419f-b2d7-61a180ca89bb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e2afa4eb-e71a-4da1-bb18-4b3ff3d8d7d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.751249Z", + "modified": "2025-02-15T00:20:51.751249Z", + "name": "CVE-2025-25288", + "description": "@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package `@octokit/plugin-paginate-rest`, when calling `octokit.paginate.iterator()`, a specially crafted `octokit` instance—particularly with a malicious `link` parameter in the `headers` section of the `request`—can trigger a ReDoS attack. Version 11.4.1 contains a fix for the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25288" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e2e78d4c-e546-482d-b334-308365367d4a.json b/objects/vulnerability/vulnerability--e2e78d4c-e546-482d-b334-308365367d4a.json new file mode 100644 index 0000000000..755881615a --- /dev/null +++ b/objects/vulnerability/vulnerability--e2e78d4c-e546-482d-b334-308365367d4a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--11d86df3-602a-4d61-a2f4-b48c659ef3fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e2e78d4c-e546-482d-b334-308365367d4a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:48.134495Z", + "modified": "2025-02-15T00:20:48.134495Z", + "name": "CVE-2024-56477", + "description": "IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56477" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e441c8e2-0ad1-45bf-a991-060170a26586.json b/objects/vulnerability/vulnerability--e441c8e2-0ad1-45bf-a991-060170a26586.json new file mode 100644 index 0000000000..3e59cac0bf --- /dev/null +++ b/objects/vulnerability/vulnerability--e441c8e2-0ad1-45bf-a991-060170a26586.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6c5b649-07cb-477e-a649-dd3a1e1112d1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e441c8e2-0ad1-45bf-a991-060170a26586", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.806964Z", + "modified": "2025-02-15T00:20:51.806964Z", + "name": "CVE-2025-23648", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wjharil AdsMiddle allows Reflected XSS. This issue affects AdsMiddle: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23648" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6743f74-2526-4d32-b406-72f736d0138d.json b/objects/vulnerability/vulnerability--e6743f74-2526-4d32-b406-72f736d0138d.json new file mode 100644 index 0000000000..aa11bebc0f --- /dev/null +++ b/objects/vulnerability/vulnerability--e6743f74-2526-4d32-b406-72f736d0138d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ec99d8e2-66e4-4112-8047-17a989333082", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6743f74-2526-4d32-b406-72f736d0138d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.836401Z", + "modified": "2025-02-15T00:20:51.836401Z", + "name": "CVE-2025-23786", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Email to Download allows Reflected XSS. This issue affects Email to Download: from n/a through 3.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23786" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e85c38ac-159f-4c51-ae57-5e13659c7454.json b/objects/vulnerability/vulnerability--e85c38ac-159f-4c51-ae57-5e13659c7454.json new file mode 100644 index 0000000000..b71909efb3 --- /dev/null +++ b/objects/vulnerability/vulnerability--e85c38ac-159f-4c51-ae57-5e13659c7454.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--abbfe0b8-eaa1-4f8f-9475-9cfb7ce3a52c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e85c38ac-159f-4c51-ae57-5e13659c7454", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.395641Z", + "modified": "2025-02-15T00:20:51.395641Z", + "name": "CVE-2025-1239", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the Blocked Sites list. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1239" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e88e398e-b2d0-454f-ab7b-2102f84d53d7.json b/objects/vulnerability/vulnerability--e88e398e-b2d0-454f-ab7b-2102f84d53d7.json new file mode 100644 index 0000000000..fef6865259 --- /dev/null +++ b/objects/vulnerability/vulnerability--e88e398e-b2d0-454f-ab7b-2102f84d53d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c02abd6-8aba-4309-9b29-5cbe05d5fbaf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e88e398e-b2d0-454f-ab7b-2102f84d53d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.838607Z", + "modified": "2025-02-15T00:20:51.838607Z", + "name": "CVE-2025-23598", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in craig.edmunds@gmail.com Recip.ly allows Reflected XSS. This issue affects Recip.ly: from n/a through 1.1.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23598" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb882e84-846a-4b08-a8cd-dc4d94c107c8.json b/objects/vulnerability/vulnerability--eb882e84-846a-4b08-a8cd-dc4d94c107c8.json new file mode 100644 index 0000000000..8e5753590e --- /dev/null +++ b/objects/vulnerability/vulnerability--eb882e84-846a-4b08-a8cd-dc4d94c107c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7e57a0e-ef09-4412-9d72-21919d9c83ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb882e84-846a-4b08-a8cd-dc4d94c107c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:46.373505Z", + "modified": "2025-02-15T00:20:46.373505Z", + "name": "CVE-2024-12651", + "description": "Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12651" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ed630253-d8ab-431e-a2d6-8aa3d85f314a.json b/objects/vulnerability/vulnerability--ed630253-d8ab-431e-a2d6-8aa3d85f314a.json new file mode 100644 index 0000000000..8b91bff930 --- /dev/null +++ b/objects/vulnerability/vulnerability--ed630253-d8ab-431e-a2d6-8aa3d85f314a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--de0ef3a5-3a40-4cb2-abb9-c72176b1e37f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ed630253-d8ab-431e-a2d6-8aa3d85f314a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.823804Z", + "modified": "2025-02-15T00:20:51.823804Z", + "name": "CVE-2025-23571", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Internal Links Generator allows Reflected XSS. This issue affects Internal Links Generator: from n/a through 3.51.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23571" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ee020ad8-f35b-4c8e-b413-a11d98389eba.json b/objects/vulnerability/vulnerability--ee020ad8-f35b-4c8e-b413-a11d98389eba.json new file mode 100644 index 0000000000..edf4ba82a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--ee020ad8-f35b-4c8e-b413-a11d98389eba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d6eec168-c715-496a-b0ef-455475e05a39", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ee020ad8-f35b-4c8e-b413-a11d98389eba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.780406Z", + "modified": "2025-02-15T00:20:51.780406Z", + "name": "CVE-2025-23492", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo WordPress 淘宝客插件 allows Reflected XSS. This issue affects WordPress 淘宝客插件: from n/a through 1.1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23492" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--efedd7b8-8083-4cbb-aa23-96808f00417d.json b/objects/vulnerability/vulnerability--efedd7b8-8083-4cbb-aa23-96808f00417d.json new file mode 100644 index 0000000000..a32b01328f --- /dev/null +++ b/objects/vulnerability/vulnerability--efedd7b8-8083-4cbb-aa23-96808f00417d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99b86d58-e5b9-44f3-90e0-fbe986900783", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--efedd7b8-8083-4cbb-aa23-96808f00417d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:47.643047Z", + "modified": "2025-02-15T00:20:47.643047Z", + "name": "CVE-2024-8893", + "description": "Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi.This issue affects GW1500‑XS: 1.1.2.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8893" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0598951-415f-468e-89d5-8a2523af9979.json b/objects/vulnerability/vulnerability--f0598951-415f-468e-89d5-8a2523af9979.json new file mode 100644 index 0000000000..8e6c77dba2 --- /dev/null +++ b/objects/vulnerability/vulnerability--f0598951-415f-468e-89d5-8a2523af9979.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5373c6ee-dae0-4711-b36b-079850b4aebb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0598951-415f-468e-89d5-8a2523af9979", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.507972Z", + "modified": "2025-02-15T00:20:51.507972Z", + "name": "CVE-2025-26788", + "description": "StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-26788" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f48d89b0-43ef-4802-8454-54284c368a92.json b/objects/vulnerability/vulnerability--f48d89b0-43ef-4802-8454-54284c368a92.json new file mode 100644 index 0000000000..bbc5a0a438 --- /dev/null +++ b/objects/vulnerability/vulnerability--f48d89b0-43ef-4802-8454-54284c368a92.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a59318f7-64b1-4911-9e13-318747a98045", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f48d89b0-43ef-4802-8454-54284c368a92", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:48.147436Z", + "modified": "2025-02-15T00:20:48.147436Z", + "name": "CVE-2024-56463", + "description": "IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56463" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f6512f75-778a-4739-91e6-18b9472ea524.json b/objects/vulnerability/vulnerability--f6512f75-778a-4739-91e6-18b9472ea524.json new file mode 100644 index 0000000000..3fd68b08ff --- /dev/null +++ b/objects/vulnerability/vulnerability--f6512f75-778a-4739-91e6-18b9472ea524.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e638e265-1c54-4f60-97c0-f7d84dcc89a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f6512f75-778a-4739-91e6-18b9472ea524", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.703552Z", + "modified": "2025-02-15T00:20:51.703552Z", + "name": "CVE-2025-25206", + "description": "eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if cookies are enabled (default setting). Users must upgrade to eLabFTW version 5.1.15 to receive a fix. No known workarounds are available.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25206" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f6d367c3-9ab3-4e61-bfef-42a513fd6082.json b/objects/vulnerability/vulnerability--f6d367c3-9ab3-4e61-bfef-42a513fd6082.json new file mode 100644 index 0000000000..928b53140c --- /dev/null +++ b/objects/vulnerability/vulnerability--f6d367c3-9ab3-4e61-bfef-42a513fd6082.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dfeb21b5-f9ae-4194-b670-64e467cce009", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f6d367c3-9ab3-4e61-bfef-42a513fd6082", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.574216Z", + "modified": "2025-02-15T00:20:51.574216Z", + "name": "CVE-2025-22698", + "description": "Missing Authorization vulnerability in Ability, Inc Accessibility Suite by Online ADA allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Suite by Online ADA: from n/a through 4.16.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22698" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f833e746-8435-45cf-89b4-5d89f9697981.json b/objects/vulnerability/vulnerability--f833e746-8435-45cf-89b4-5d89f9697981.json new file mode 100644 index 0000000000..c9d95d8297 --- /dev/null +++ b/objects/vulnerability/vulnerability--f833e746-8435-45cf-89b4-5d89f9697981.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fe575ac2-5d68-40c2-8c78-f056ae3b77ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f833e746-8435-45cf-89b4-5d89f9697981", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.790448Z", + "modified": "2025-02-15T00:20:51.790448Z", + "name": "CVE-2025-23653", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Form To Online Booking allows Reflected XSS. This issue affects Form To Online Booking: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23653" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f9396cb9-18ef-4375-921b-a244f740ba3a.json b/objects/vulnerability/vulnerability--f9396cb9-18ef-4375-921b-a244f740ba3a.json new file mode 100644 index 0000000000..c1623b7cc7 --- /dev/null +++ b/objects/vulnerability/vulnerability--f9396cb9-18ef-4375-921b-a244f740ba3a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36fca1af-9590-4dbb-85d9-efa36918ee9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f9396cb9-18ef-4375-921b-a244f740ba3a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.675076Z", + "modified": "2025-02-15T00:20:51.675076Z", + "name": "CVE-2025-24554", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in awcode AWcode Toolkit allows Reflected XSS. This issue affects AWcode Toolkit: from n/a through 1.0.14.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24554" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ffcc82c4-af74-4868-8c77-1289f4112c87.json b/objects/vulnerability/vulnerability--ffcc82c4-af74-4868-8c77-1289f4112c87.json new file mode 100644 index 0000000000..78bdc1fe86 --- /dev/null +++ b/objects/vulnerability/vulnerability--ffcc82c4-af74-4868-8c77-1289f4112c87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--df3fbd5b-2522-42db-a7ba-28e54a1b841b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ffcc82c4-af74-4868-8c77-1289f4112c87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-15T00:20:51.654346Z", + "modified": "2025-02-15T00:20:51.654346Z", + "name": "CVE-2025-24616", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UIUX Lab Uix Page Builder allows Reflected XSS. This issue affects Uix Page Builder: from n/a through 1.7.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24616" + } + ] + } + ] +} \ No newline at end of file