From 5e6c809d345cb452e48955d300700254534c717b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 5 Feb 2025 00:21:18 +0000 Subject: [PATCH] generated content from 2025-02-05 --- mapping.csv | 148 ++++++++++++++++++ ...-00bb0e81-b4da-4a15-aa43-a6fca5d7f5fc.json | 22 +++ ...-0227aee3-b78c-4489-a55c-89c61e6fa0e4.json | 22 +++ ...-03137b31-6389-4766-8c01-04aa77fa9c83.json | 22 +++ ...-03d94b5c-6c30-44fb-adb7-65c532a5119b.json | 22 +++ ...-04f3a0e0-5e87-4ee1-85af-e99fb33c8314.json | 22 +++ ...-0569aacf-0c1b-4886-8b8f-124b8dcb19b3.json | 22 +++ ...-05f949ef-11b3-4a7b-94c3-75cb563cb5aa.json | 22 +++ ...-069a0c07-e7b6-4ecd-9a4c-75cc7635d703.json | 22 +++ ...-0738b68a-80b3-48af-84b5-a48e1255b0d8.json | 22 +++ ...-0787547c-b31c-428f-87c3-0eae9c8738c5.json | 22 +++ ...-0b8716b8-004f-4df2-882e-154473b7140a.json | 22 +++ ...-0f168f1b-8da6-4004-a58d-c04c1460aad8.json | 22 +++ ...-0fbff6ce-8f88-4ed6-840f-b7f22a5ee2c8.json | 22 +++ ...-1251b741-aa60-44e5-88eb-a0242047cfb6.json | 22 +++ ...-150c5554-aa3c-44e7-bd9a-df5a06ffdff1.json | 22 +++ ...-18e92fff-131c-43e1-88dd-4a91eb8c1e10.json | 22 +++ ...-1a5a30f7-e566-4cf4-ace3-279bb0017940.json | 22 +++ ...-1a71df5e-0ccd-40c7-abc7-e0fac64ca1e3.json | 22 +++ ...-1ae93297-3a65-4292-b7ce-95c2727c150f.json | 22 +++ ...-1b95b4c4-241f-48d0-9b12-2588e0ce99e6.json | 22 +++ ...-1d175fbd-1378-4e03-803d-4429449e7038.json | 22 +++ ...-1d4598e5-a7f4-40bd-baad-02a55d1bce11.json | 22 +++ ...-1d56c522-9999-4ae9-9806-fea90bbdc6c2.json | 22 +++ ...-1dce667a-f331-4629-966e-5a49158260e7.json | 22 +++ ...-1e460765-af64-494c-b5b9-1413cffef1e2.json | 22 +++ ...-1f3f61cb-46cd-432d-942c-e65cb9113a4f.json | 22 +++ ...-1fd2dc60-ff65-4cee-aa22-a232e8fe1f37.json | 22 +++ ...-202be86d-aa4f-422f-a4e0-bd8812c9d38c.json | 22 +++ ...-20e80b25-14a5-4845-a0fa-89e0fe2eae4a.json | 22 +++ ...-218a4da1-804d-4dec-bc49-0d635172f75a.json | 22 +++ ...-222bf8a1-5b91-4b66-bb94-8e0fc6eb2c4f.json | 22 +++ ...-22680167-c4bb-438d-94f3-7b0052b72840.json | 22 +++ ...-24ad104e-d32a-4896-add0-e157ced6c3aa.json | 22 +++ ...-2681c502-4282-4ea0-81c1-d50badacca44.json | 22 +++ ...-26b887a1-649a-4d83-a0a2-8b61116734f8.json | 22 +++ ...-26e341cb-fe0b-440b-a0d7-183a9d06dc9e.json | 22 +++ ...-26ea7dfe-803d-4008-9bea-f72abc5698a3.json | 22 +++ ...-28364809-f0e2-4214-b04e-a92eefc176a7.json | 22 +++ ...-2c6a9ba1-c722-42c8-9f9a-85e3aa137a7b.json | 22 +++ ...-2ddc1baf-a9b1-4e02-8bf4-4fe997fcebcd.json | 22 +++ ...-319ba3df-fe6d-4129-91e6-9786f8b62fec.json | 22 +++ ...-334c265e-ad0d-4a47-9d79-6db0361de80a.json | 22 +++ ...-33b87c1e-d157-43cc-81a8-d27893305995.json | 22 +++ ...-3502a4fe-048f-429f-9a7c-ca20a36bde87.json | 22 +++ ...-357cef1f-41de-4bfc-b3e8-7d9777c6ccae.json | 22 +++ ...-364e61f3-2870-42cc-ab90-b90d86d21a52.json | 22 +++ ...-38b842b2-b565-4b63-9ac3-9772d0e29e71.json | 22 +++ ...-38c02d20-c755-4f63-b998-7c902a118c33.json | 22 +++ ...-392a92f2-ac5b-4620-ba7e-8db9492fe168.json | 22 +++ ...-39557b4b-6309-4fd3-ae83-b8d54a25952b.json | 22 +++ ...-397b5526-0bdf-427c-98a6-60eb159a5482.json | 22 +++ ...-3b4a4835-2627-442a-953c-548fdff0aa54.json | 22 +++ ...-3b937449-b819-4c18-b14f-7f8027200b8c.json | 22 +++ ...-3c967312-1c79-41da-b780-8820ea55cf91.json | 22 +++ ...-460ab942-5e40-49f7-81c5-1c0789b44b6e.json | 22 +++ ...-4a4dd1fb-ec09-4f87-9cd9-0f30933419ae.json | 22 +++ ...-4e96a80f-ac8f-41d7-99e9-8e5a3229a47c.json | 22 +++ ...-4fbfda01-7a36-426c-bc80-3ec588a8dcce.json | 22 +++ ...-4ffd9cf2-0db1-4a66-ab0b-d2bfa5961929.json | 22 +++ ...-51776222-4c69-4e43-922e-88ab19718194.json | 22 +++ ...-578f25da-ec0f-400f-9d64-efddd2dbcefc.json | 22 +++ ...-59de3394-4a04-4b11-9558-09175f3cfe04.json | 22 +++ ...-5b14b9a0-e77c-43dc-9ee8-d56810aafc56.json | 22 +++ ...-5bbe361d-01c8-4919-8242-f008bcc67fc8.json | 22 +++ ...-5bc9bc60-6cf8-4335-80ed-b5fbaba91e99.json | 22 +++ ...-5c69cbb5-607a-4e7b-a81a-2aa592ea2b93.json | 22 +++ ...-5c9f52ac-d686-442b-9500-cdea0d82c824.json | 22 +++ ...-5d895256-bea1-49ee-bb9d-65f76cc72677.json | 22 +++ ...-6088e119-8675-4773-8c10-732e3741f9c6.json | 22 +++ ...-6224d435-daee-4865-aad6-45baa9d0af77.json | 22 +++ ...-63986e6f-6902-4203-87d1-4197934b16d6.json | 22 +++ ...-64565078-d76d-4515-9ad7-ad1a7704bf55.json | 22 +++ ...-65b530c2-9348-4742-916c-fcf1112fd7a6.json | 22 +++ ...-6af0b71d-1e5f-4777-bdf0-d2ade0be2e27.json | 22 +++ ...-6b21ff19-3e09-4476-9f00-b90147698dcb.json | 22 +++ ...-6c4b90bc-1513-4911-8ca3-ec5f1f3b61dd.json | 22 +++ ...-71436668-aca2-4ecf-b8a4-9fd7c610cbc9.json | 22 +++ ...-721ff9f4-3aa8-485f-9724-94252cd5ac8f.json | 22 +++ ...-725382d0-0a54-4615-b0b3-9fb7eeaf691e.json | 22 +++ ...-731c9fb7-b49d-4b05-9e53-7c5cb8fc1abc.json | 22 +++ ...-762e4c04-e002-46ef-afdf-39da77749013.json | 22 +++ ...-7942c820-4cfc-448a-a181-960d20d801c8.json | 22 +++ ...-79ec7f4a-9ffc-49b9-9990-20bf0f9945e4.json | 22 +++ ...-7ca15fa7-54c5-4fc6-a4cb-06bf7fe8ff64.json | 22 +++ ...-7ea9e408-3d1c-423e-b617-7d5c957f8fd9.json | 22 +++ ...-802c2904-76f5-4b41-9c81-3b72d8047825.json | 22 +++ ...-807545af-b1db-4828-bb35-f9707c7fdad1.json | 22 +++ ...-8392e42e-2f11-4fc5-97ca-2a8b6a3fb6cc.json | 22 +++ ...-86792f8f-2268-4343-8b31-4af4f7c05728.json | 22 +++ ...-89c838a0-b8da-40e0-b5ea-8c53f6485b08.json | 22 +++ ...-8ba05040-0f97-45de-99b2-c20cf989cd0a.json | 22 +++ ...-8bd6aad4-9591-49fa-bbc8-4d0706750914.json | 22 +++ ...-8cdbce1c-ba6e-4336-8054-5182d613fd95.json | 22 +++ ...-8fec9dd4-8732-41c2-905d-39d7ab746dba.json | 22 +++ ...-918e434a-3a53-4ccd-b85a-8cebb2c91db9.json | 22 +++ ...-92d21790-d05a-4cd6-8e88-ff5529dc4249.json | 22 +++ ...-93d5687b-33f8-4695-b13b-8c95b997dcd4.json | 22 +++ ...-95a06f06-ef3e-416a-a87c-8e562a7f2acf.json | 22 +++ ...-9630d9cf-4850-4b2d-9fdf-69f506ab1722.json | 22 +++ ...-9648532c-5bb1-44c8-9fd1-a119e855eca9.json | 22 +++ ...-9bc86c5a-8df0-4a4d-bb02-9eaaf78c42f7.json | 22 +++ ...-a0104cc8-1dff-4ed1-b573-2ef970a28fab.json | 22 +++ ...-a02424fe-9b82-4b32-b32b-d643a6ebd349.json | 22 +++ ...-a4528b86-27dc-4183-a220-caded21b6514.json | 22 +++ ...-a6f5f6cb-321b-49c4-9967-162b9718e6f4.json | 22 +++ ...-a75b62c1-b69f-4e55-8ba5-e78a9b150337.json | 22 +++ ...-aa349bc7-7429-425c-b508-dd2b08a618fb.json | 22 +++ ...-ae95f4d8-b9f4-4ebb-8549-dca1971381d6.json | 22 +++ ...-ae9b7501-e012-48ed-8def-e342f1ce391e.json | 22 +++ ...-afa9c429-c767-4857-8178-379a637e072d.json | 22 +++ ...-b11819c3-23c7-407f-ae8f-3b7bf9a7e284.json | 22 +++ ...-b1fa6a29-84ff-412c-ad80-637d4899a216.json | 22 +++ ...-b41d9b39-2d1e-4723-b883-60c53fa9268d.json | 22 +++ ...-bc315010-3d22-4f47-8c61-6e4b91ce522e.json | 22 +++ ...-bc622705-95fa-4b3c-99eb-7b1ea98e3931.json | 22 +++ ...-bcccdf5e-c8b0-4c63-be1b-e3928574969a.json | 22 +++ ...-bcdd935e-672b-498d-b4d9-5a253a6e7385.json | 22 +++ ...-c2a8fdc6-f25d-4875-8b1c-0d40ef547544.json | 22 +++ ...-c64e510e-850d-49e1-a823-343a575fd04b.json | 22 +++ ...-c730ad6b-402a-4ccf-a92a-39e7d5d933d6.json | 22 +++ ...-c9b1449d-3c69-4eb4-b051-d495c5e976c2.json | 22 +++ ...-cc44ed78-2728-4390-aad7-237609958b47.json | 22 +++ ...-cfba1a5a-b000-4bb1-8d34-042e9de64e70.json | 22 +++ ...-d238f2da-f001-44f4-b1df-dd83c5128f66.json | 22 +++ ...-d249ede4-12d2-4e83-8389-0c91b6cb20f5.json | 22 +++ ...-d7315b1c-9986-4916-9530-7fa58ad369da.json | 22 +++ ...-d82f5398-bb49-4bb9-bb30-19b685718c62.json | 22 +++ ...-da1df684-65fd-402a-aee6-0570a1de143e.json | 22 +++ ...-da3e3c48-e842-4c7b-8bdc-1adaa10cb30d.json | 22 +++ ...-de071fe9-b8ef-4098-9528-32dcd8af0f16.json | 22 +++ ...-de34c13e-9cc7-4c56-ae74-f8b3a5047596.json | 22 +++ ...-df394d10-31ca-4cf4-95e8-2297e211dfd4.json | 22 +++ ...-e159b384-b328-4419-ace9-5d063ade918f.json | 22 +++ ...-e2dc53ac-1634-440c-98ef-bcb479f934f1.json | 22 +++ ...-e5bfe735-5638-4d65-a541-6c9252d2b645.json | 22 +++ ...-e844d8ba-65fc-4bcc-aa17-31ca8fcc0c2e.json | 22 +++ ...-e9231f32-51c4-4b9a-94cf-487d6eb2b7b0.json | 22 +++ ...-e9c4a6dd-4b4b-4b47-920e-f19e5901019a.json | 22 +++ ...-eb10217f-9a90-4995-b86b-78daf8990c55.json | 22 +++ ...-ec713a8c-9c5f-4000-b878-eab9e64fc4c9.json | 22 +++ ...-edb26faf-1b89-4a3c-9b94-972c98bdc3a1.json | 22 +++ ...-ef7cb4de-3c0b-464d-b6c1-fb8e30093c59.json | 22 +++ ...-f0aa848d-195f-48eb-ba72-5bddd0ba499a.json | 22 +++ ...-f46625a0-94dd-4c02-85ee-f710ede55b81.json | 22 +++ ...-f8749a56-125d-4c32-825e-861236dc83f5.json | 22 +++ ...-fd4deda1-0201-4950-9d25-0769fdd3b2f3.json | 22 +++ ...-fdfb2f30-0503-40ff-89a3-32289507410c.json | 22 +++ ...-fe1a11fa-e241-47ea-830d-a49cbce783e1.json | 22 +++ 149 files changed, 3404 insertions(+) create mode 100644 objects/vulnerability/vulnerability--00bb0e81-b4da-4a15-aa43-a6fca5d7f5fc.json create mode 100644 objects/vulnerability/vulnerability--0227aee3-b78c-4489-a55c-89c61e6fa0e4.json create mode 100644 objects/vulnerability/vulnerability--03137b31-6389-4766-8c01-04aa77fa9c83.json create mode 100644 objects/vulnerability/vulnerability--03d94b5c-6c30-44fb-adb7-65c532a5119b.json create mode 100644 objects/vulnerability/vulnerability--04f3a0e0-5e87-4ee1-85af-e99fb33c8314.json create mode 100644 objects/vulnerability/vulnerability--0569aacf-0c1b-4886-8b8f-124b8dcb19b3.json create mode 100644 objects/vulnerability/vulnerability--05f949ef-11b3-4a7b-94c3-75cb563cb5aa.json create mode 100644 objects/vulnerability/vulnerability--069a0c07-e7b6-4ecd-9a4c-75cc7635d703.json create mode 100644 objects/vulnerability/vulnerability--0738b68a-80b3-48af-84b5-a48e1255b0d8.json create mode 100644 objects/vulnerability/vulnerability--0787547c-b31c-428f-87c3-0eae9c8738c5.json create mode 100644 objects/vulnerability/vulnerability--0b8716b8-004f-4df2-882e-154473b7140a.json create mode 100644 objects/vulnerability/vulnerability--0f168f1b-8da6-4004-a58d-c04c1460aad8.json create mode 100644 objects/vulnerability/vulnerability--0fbff6ce-8f88-4ed6-840f-b7f22a5ee2c8.json create mode 100644 objects/vulnerability/vulnerability--1251b741-aa60-44e5-88eb-a0242047cfb6.json create mode 100644 objects/vulnerability/vulnerability--150c5554-aa3c-44e7-bd9a-df5a06ffdff1.json create mode 100644 objects/vulnerability/vulnerability--18e92fff-131c-43e1-88dd-4a91eb8c1e10.json create mode 100644 objects/vulnerability/vulnerability--1a5a30f7-e566-4cf4-ace3-279bb0017940.json create mode 100644 objects/vulnerability/vulnerability--1a71df5e-0ccd-40c7-abc7-e0fac64ca1e3.json create mode 100644 objects/vulnerability/vulnerability--1ae93297-3a65-4292-b7ce-95c2727c150f.json create mode 100644 objects/vulnerability/vulnerability--1b95b4c4-241f-48d0-9b12-2588e0ce99e6.json create mode 100644 objects/vulnerability/vulnerability--1d175fbd-1378-4e03-803d-4429449e7038.json create mode 100644 objects/vulnerability/vulnerability--1d4598e5-a7f4-40bd-baad-02a55d1bce11.json create mode 100644 objects/vulnerability/vulnerability--1d56c522-9999-4ae9-9806-fea90bbdc6c2.json create mode 100644 objects/vulnerability/vulnerability--1dce667a-f331-4629-966e-5a49158260e7.json create mode 100644 objects/vulnerability/vulnerability--1e460765-af64-494c-b5b9-1413cffef1e2.json create mode 100644 objects/vulnerability/vulnerability--1f3f61cb-46cd-432d-942c-e65cb9113a4f.json create mode 100644 objects/vulnerability/vulnerability--1fd2dc60-ff65-4cee-aa22-a232e8fe1f37.json create mode 100644 objects/vulnerability/vulnerability--202be86d-aa4f-422f-a4e0-bd8812c9d38c.json create mode 100644 objects/vulnerability/vulnerability--20e80b25-14a5-4845-a0fa-89e0fe2eae4a.json create mode 100644 objects/vulnerability/vulnerability--218a4da1-804d-4dec-bc49-0d635172f75a.json create mode 100644 objects/vulnerability/vulnerability--222bf8a1-5b91-4b66-bb94-8e0fc6eb2c4f.json create mode 100644 objects/vulnerability/vulnerability--22680167-c4bb-438d-94f3-7b0052b72840.json create mode 100644 objects/vulnerability/vulnerability--24ad104e-d32a-4896-add0-e157ced6c3aa.json create mode 100644 objects/vulnerability/vulnerability--2681c502-4282-4ea0-81c1-d50badacca44.json create mode 100644 objects/vulnerability/vulnerability--26b887a1-649a-4d83-a0a2-8b61116734f8.json create mode 100644 objects/vulnerability/vulnerability--26e341cb-fe0b-440b-a0d7-183a9d06dc9e.json create mode 100644 objects/vulnerability/vulnerability--26ea7dfe-803d-4008-9bea-f72abc5698a3.json create mode 100644 objects/vulnerability/vulnerability--28364809-f0e2-4214-b04e-a92eefc176a7.json create mode 100644 objects/vulnerability/vulnerability--2c6a9ba1-c722-42c8-9f9a-85e3aa137a7b.json create mode 100644 objects/vulnerability/vulnerability--2ddc1baf-a9b1-4e02-8bf4-4fe997fcebcd.json create mode 100644 objects/vulnerability/vulnerability--319ba3df-fe6d-4129-91e6-9786f8b62fec.json create mode 100644 objects/vulnerability/vulnerability--334c265e-ad0d-4a47-9d79-6db0361de80a.json create mode 100644 objects/vulnerability/vulnerability--33b87c1e-d157-43cc-81a8-d27893305995.json create mode 100644 objects/vulnerability/vulnerability--3502a4fe-048f-429f-9a7c-ca20a36bde87.json create mode 100644 objects/vulnerability/vulnerability--357cef1f-41de-4bfc-b3e8-7d9777c6ccae.json create mode 100644 objects/vulnerability/vulnerability--364e61f3-2870-42cc-ab90-b90d86d21a52.json create mode 100644 objects/vulnerability/vulnerability--38b842b2-b565-4b63-9ac3-9772d0e29e71.json create mode 100644 objects/vulnerability/vulnerability--38c02d20-c755-4f63-b998-7c902a118c33.json create mode 100644 objects/vulnerability/vulnerability--392a92f2-ac5b-4620-ba7e-8db9492fe168.json create mode 100644 objects/vulnerability/vulnerability--39557b4b-6309-4fd3-ae83-b8d54a25952b.json create mode 100644 objects/vulnerability/vulnerability--397b5526-0bdf-427c-98a6-60eb159a5482.json create mode 100644 objects/vulnerability/vulnerability--3b4a4835-2627-442a-953c-548fdff0aa54.json create mode 100644 objects/vulnerability/vulnerability--3b937449-b819-4c18-b14f-7f8027200b8c.json create mode 100644 objects/vulnerability/vulnerability--3c967312-1c79-41da-b780-8820ea55cf91.json create mode 100644 objects/vulnerability/vulnerability--460ab942-5e40-49f7-81c5-1c0789b44b6e.json create mode 100644 objects/vulnerability/vulnerability--4a4dd1fb-ec09-4f87-9cd9-0f30933419ae.json create mode 100644 objects/vulnerability/vulnerability--4e96a80f-ac8f-41d7-99e9-8e5a3229a47c.json create mode 100644 objects/vulnerability/vulnerability--4fbfda01-7a36-426c-bc80-3ec588a8dcce.json create mode 100644 objects/vulnerability/vulnerability--4ffd9cf2-0db1-4a66-ab0b-d2bfa5961929.json create mode 100644 objects/vulnerability/vulnerability--51776222-4c69-4e43-922e-88ab19718194.json create mode 100644 objects/vulnerability/vulnerability--578f25da-ec0f-400f-9d64-efddd2dbcefc.json create mode 100644 objects/vulnerability/vulnerability--59de3394-4a04-4b11-9558-09175f3cfe04.json create mode 100644 objects/vulnerability/vulnerability--5b14b9a0-e77c-43dc-9ee8-d56810aafc56.json create mode 100644 objects/vulnerability/vulnerability--5bbe361d-01c8-4919-8242-f008bcc67fc8.json create mode 100644 objects/vulnerability/vulnerability--5bc9bc60-6cf8-4335-80ed-b5fbaba91e99.json create mode 100644 objects/vulnerability/vulnerability--5c69cbb5-607a-4e7b-a81a-2aa592ea2b93.json create mode 100644 objects/vulnerability/vulnerability--5c9f52ac-d686-442b-9500-cdea0d82c824.json create mode 100644 objects/vulnerability/vulnerability--5d895256-bea1-49ee-bb9d-65f76cc72677.json create mode 100644 objects/vulnerability/vulnerability--6088e119-8675-4773-8c10-732e3741f9c6.json create mode 100644 objects/vulnerability/vulnerability--6224d435-daee-4865-aad6-45baa9d0af77.json create mode 100644 objects/vulnerability/vulnerability--63986e6f-6902-4203-87d1-4197934b16d6.json create mode 100644 objects/vulnerability/vulnerability--64565078-d76d-4515-9ad7-ad1a7704bf55.json create mode 100644 objects/vulnerability/vulnerability--65b530c2-9348-4742-916c-fcf1112fd7a6.json create mode 100644 objects/vulnerability/vulnerability--6af0b71d-1e5f-4777-bdf0-d2ade0be2e27.json create mode 100644 objects/vulnerability/vulnerability--6b21ff19-3e09-4476-9f00-b90147698dcb.json create mode 100644 objects/vulnerability/vulnerability--6c4b90bc-1513-4911-8ca3-ec5f1f3b61dd.json create mode 100644 objects/vulnerability/vulnerability--71436668-aca2-4ecf-b8a4-9fd7c610cbc9.json create mode 100644 objects/vulnerability/vulnerability--721ff9f4-3aa8-485f-9724-94252cd5ac8f.json create mode 100644 objects/vulnerability/vulnerability--725382d0-0a54-4615-b0b3-9fb7eeaf691e.json create mode 100644 objects/vulnerability/vulnerability--731c9fb7-b49d-4b05-9e53-7c5cb8fc1abc.json create mode 100644 objects/vulnerability/vulnerability--762e4c04-e002-46ef-afdf-39da77749013.json create mode 100644 objects/vulnerability/vulnerability--7942c820-4cfc-448a-a181-960d20d801c8.json create mode 100644 objects/vulnerability/vulnerability--79ec7f4a-9ffc-49b9-9990-20bf0f9945e4.json create mode 100644 objects/vulnerability/vulnerability--7ca15fa7-54c5-4fc6-a4cb-06bf7fe8ff64.json create mode 100644 objects/vulnerability/vulnerability--7ea9e408-3d1c-423e-b617-7d5c957f8fd9.json create mode 100644 objects/vulnerability/vulnerability--802c2904-76f5-4b41-9c81-3b72d8047825.json create mode 100644 objects/vulnerability/vulnerability--807545af-b1db-4828-bb35-f9707c7fdad1.json create mode 100644 objects/vulnerability/vulnerability--8392e42e-2f11-4fc5-97ca-2a8b6a3fb6cc.json create mode 100644 objects/vulnerability/vulnerability--86792f8f-2268-4343-8b31-4af4f7c05728.json create mode 100644 objects/vulnerability/vulnerability--89c838a0-b8da-40e0-b5ea-8c53f6485b08.json create mode 100644 objects/vulnerability/vulnerability--8ba05040-0f97-45de-99b2-c20cf989cd0a.json create mode 100644 objects/vulnerability/vulnerability--8bd6aad4-9591-49fa-bbc8-4d0706750914.json create mode 100644 objects/vulnerability/vulnerability--8cdbce1c-ba6e-4336-8054-5182d613fd95.json create mode 100644 objects/vulnerability/vulnerability--8fec9dd4-8732-41c2-905d-39d7ab746dba.json create mode 100644 objects/vulnerability/vulnerability--918e434a-3a53-4ccd-b85a-8cebb2c91db9.json create mode 100644 objects/vulnerability/vulnerability--92d21790-d05a-4cd6-8e88-ff5529dc4249.json create mode 100644 objects/vulnerability/vulnerability--93d5687b-33f8-4695-b13b-8c95b997dcd4.json create mode 100644 objects/vulnerability/vulnerability--95a06f06-ef3e-416a-a87c-8e562a7f2acf.json create mode 100644 objects/vulnerability/vulnerability--9630d9cf-4850-4b2d-9fdf-69f506ab1722.json create mode 100644 objects/vulnerability/vulnerability--9648532c-5bb1-44c8-9fd1-a119e855eca9.json create mode 100644 objects/vulnerability/vulnerability--9bc86c5a-8df0-4a4d-bb02-9eaaf78c42f7.json create mode 100644 objects/vulnerability/vulnerability--a0104cc8-1dff-4ed1-b573-2ef970a28fab.json create mode 100644 objects/vulnerability/vulnerability--a02424fe-9b82-4b32-b32b-d643a6ebd349.json create mode 100644 objects/vulnerability/vulnerability--a4528b86-27dc-4183-a220-caded21b6514.json create mode 100644 objects/vulnerability/vulnerability--a6f5f6cb-321b-49c4-9967-162b9718e6f4.json create mode 100644 objects/vulnerability/vulnerability--a75b62c1-b69f-4e55-8ba5-e78a9b150337.json create mode 100644 objects/vulnerability/vulnerability--aa349bc7-7429-425c-b508-dd2b08a618fb.json create mode 100644 objects/vulnerability/vulnerability--ae95f4d8-b9f4-4ebb-8549-dca1971381d6.json create mode 100644 objects/vulnerability/vulnerability--ae9b7501-e012-48ed-8def-e342f1ce391e.json create mode 100644 objects/vulnerability/vulnerability--afa9c429-c767-4857-8178-379a637e072d.json create mode 100644 objects/vulnerability/vulnerability--b11819c3-23c7-407f-ae8f-3b7bf9a7e284.json create mode 100644 objects/vulnerability/vulnerability--b1fa6a29-84ff-412c-ad80-637d4899a216.json create mode 100644 objects/vulnerability/vulnerability--b41d9b39-2d1e-4723-b883-60c53fa9268d.json create mode 100644 objects/vulnerability/vulnerability--bc315010-3d22-4f47-8c61-6e4b91ce522e.json create mode 100644 objects/vulnerability/vulnerability--bc622705-95fa-4b3c-99eb-7b1ea98e3931.json create mode 100644 objects/vulnerability/vulnerability--bcccdf5e-c8b0-4c63-be1b-e3928574969a.json create mode 100644 objects/vulnerability/vulnerability--bcdd935e-672b-498d-b4d9-5a253a6e7385.json create mode 100644 objects/vulnerability/vulnerability--c2a8fdc6-f25d-4875-8b1c-0d40ef547544.json create mode 100644 objects/vulnerability/vulnerability--c64e510e-850d-49e1-a823-343a575fd04b.json create mode 100644 objects/vulnerability/vulnerability--c730ad6b-402a-4ccf-a92a-39e7d5d933d6.json create mode 100644 objects/vulnerability/vulnerability--c9b1449d-3c69-4eb4-b051-d495c5e976c2.json create mode 100644 objects/vulnerability/vulnerability--cc44ed78-2728-4390-aad7-237609958b47.json create mode 100644 objects/vulnerability/vulnerability--cfba1a5a-b000-4bb1-8d34-042e9de64e70.json create mode 100644 objects/vulnerability/vulnerability--d238f2da-f001-44f4-b1df-dd83c5128f66.json create mode 100644 objects/vulnerability/vulnerability--d249ede4-12d2-4e83-8389-0c91b6cb20f5.json create mode 100644 objects/vulnerability/vulnerability--d7315b1c-9986-4916-9530-7fa58ad369da.json create mode 100644 objects/vulnerability/vulnerability--d82f5398-bb49-4bb9-bb30-19b685718c62.json create mode 100644 objects/vulnerability/vulnerability--da1df684-65fd-402a-aee6-0570a1de143e.json create mode 100644 objects/vulnerability/vulnerability--da3e3c48-e842-4c7b-8bdc-1adaa10cb30d.json create mode 100644 objects/vulnerability/vulnerability--de071fe9-b8ef-4098-9528-32dcd8af0f16.json create mode 100644 objects/vulnerability/vulnerability--de34c13e-9cc7-4c56-ae74-f8b3a5047596.json create mode 100644 objects/vulnerability/vulnerability--df394d10-31ca-4cf4-95e8-2297e211dfd4.json create mode 100644 objects/vulnerability/vulnerability--e159b384-b328-4419-ace9-5d063ade918f.json create mode 100644 objects/vulnerability/vulnerability--e2dc53ac-1634-440c-98ef-bcb479f934f1.json create mode 100644 objects/vulnerability/vulnerability--e5bfe735-5638-4d65-a541-6c9252d2b645.json create mode 100644 objects/vulnerability/vulnerability--e844d8ba-65fc-4bcc-aa17-31ca8fcc0c2e.json create mode 100644 objects/vulnerability/vulnerability--e9231f32-51c4-4b9a-94cf-487d6eb2b7b0.json create mode 100644 objects/vulnerability/vulnerability--e9c4a6dd-4b4b-4b47-920e-f19e5901019a.json create mode 100644 objects/vulnerability/vulnerability--eb10217f-9a90-4995-b86b-78daf8990c55.json create mode 100644 objects/vulnerability/vulnerability--ec713a8c-9c5f-4000-b878-eab9e64fc4c9.json create mode 100644 objects/vulnerability/vulnerability--edb26faf-1b89-4a3c-9b94-972c98bdc3a1.json create mode 100644 objects/vulnerability/vulnerability--ef7cb4de-3c0b-464d-b6c1-fb8e30093c59.json create mode 100644 objects/vulnerability/vulnerability--f0aa848d-195f-48eb-ba72-5bddd0ba499a.json create mode 100644 objects/vulnerability/vulnerability--f46625a0-94dd-4c02-85ee-f710ede55b81.json create mode 100644 objects/vulnerability/vulnerability--f8749a56-125d-4c32-825e-861236dc83f5.json create mode 100644 objects/vulnerability/vulnerability--fd4deda1-0201-4950-9d25-0769fdd3b2f3.json create mode 100644 objects/vulnerability/vulnerability--fdfb2f30-0503-40ff-89a3-32289507410c.json create mode 100644 objects/vulnerability/vulnerability--fe1a11fa-e241-47ea-830d-a49cbce783e1.json diff --git a/mapping.csv b/mapping.csv index 7353100c4dd..7518101bf3f 100644 --- a/mapping.csv +++ b/mapping.csv @@ -266123,3 +266123,151 @@ vulnerability,CVE-2025-20641,vulnerability--1bbc3ddf-a1e1-4f36-ba9c-2023633834b3 vulnerability,CVE-2025-20634,vulnerability--a3aec767-e255-496d-9e5d-5b48052d5d54 vulnerability,CVE-2025-20636,vulnerability--3705e89f-4f68-4758-81b0-918310088ead vulnerability,CVE-2025-20643,vulnerability--8a0a3908-8bc5-44b4-a96a-1e98ee346830 +vulnerability,CVE-2024-12046,vulnerability--00bb0e81-b4da-4a15-aa43-a6fca5d7f5fc +vulnerability,CVE-2024-12597,vulnerability--cfba1a5a-b000-4bb1-8d34-042e9de64e70 +vulnerability,CVE-2024-45657,vulnerability--7ca15fa7-54c5-4fc6-a4cb-06bf7fe8ff64 +vulnerability,CVE-2024-45659,vulnerability--c64e510e-850d-49e1-a823-343a575fd04b +vulnerability,CVE-2024-45658,vulnerability--86792f8f-2268-4343-8b31-4af4f7c05728 +vulnerability,CVE-2024-27137,vulnerability--d82f5398-bb49-4bb9-bb30-19b685718c62 +vulnerability,CVE-2024-10239,vulnerability--069a0c07-e7b6-4ecd-9a4c-75cc7635d703 +vulnerability,CVE-2024-10238,vulnerability--1fd2dc60-ff65-4cee-aa22-a232e8fe1f37 +vulnerability,CVE-2024-10237,vulnerability--0738b68a-80b3-48af-84b5-a48e1255b0d8 +vulnerability,CVE-2024-35138,vulnerability--a6f5f6cb-321b-49c4-9967-162b9718e6f4 +vulnerability,CVE-2024-13607,vulnerability--1d56c522-9999-4ae9-9806-fea90bbdc6c2 +vulnerability,CVE-2024-13403,vulnerability--802c2904-76f5-4b41-9c81-3b72d8047825 +vulnerability,CVE-2024-13723,vulnerability--4e96a80f-ac8f-41d7-99e9-8e5a3229a47c +vulnerability,CVE-2024-13330,vulnerability--9648532c-5bb1-44c8-9fd1-a119e855eca9 +vulnerability,CVE-2024-13331,vulnerability--92d21790-d05a-4cd6-8e88-ff5529dc4249 +vulnerability,CVE-2024-13722,vulnerability--762e4c04-e002-46ef-afdf-39da77749013 +vulnerability,CVE-2024-13329,vulnerability--fe1a11fa-e241-47ea-830d-a49cbce783e1 +vulnerability,CVE-2024-13699,vulnerability--64565078-d76d-4515-9ad7-ad1a7704bf55 +vulnerability,CVE-2024-13114,vulnerability--1dce667a-f331-4629-966e-5a49158260e7 +vulnerability,CVE-2024-13529,vulnerability--2c6a9ba1-c722-42c8-9f9a-85e3aa137a7b +vulnerability,CVE-2024-13327,vulnerability--de34c13e-9cc7-4c56-ae74-f8b3a5047596 +vulnerability,CVE-2024-13733,vulnerability--f8749a56-125d-4c32-825e-861236dc83f5 +vulnerability,CVE-2024-13514,vulnerability--bc315010-3d22-4f47-8c61-6e4b91ce522e +vulnerability,CVE-2024-13332,vulnerability--edb26faf-1b89-4a3c-9b94-972c98bdc3a1 +vulnerability,CVE-2024-13325,vulnerability--38b842b2-b565-4b63-9ac3-9772d0e29e71 +vulnerability,CVE-2024-13115,vulnerability--1d175fbd-1378-4e03-803d-4429449e7038 +vulnerability,CVE-2024-13510,vulnerability--fd4deda1-0201-4950-9d25-0769fdd3b2f3 +vulnerability,CVE-2024-13356,vulnerability--0227aee3-b78c-4489-a55c-89c61e6fa0e4 +vulnerability,CVE-2024-13326,vulnerability--04f3a0e0-5e87-4ee1-85af-e99fb33c8314 +vulnerability,CVE-2024-13328,vulnerability--0b8716b8-004f-4df2-882e-154473b7140a +vulnerability,CVE-2024-53966,vulnerability--ae9b7501-e012-48ed-8def-e342f1ce391e +vulnerability,CVE-2024-53994,vulnerability--bcdd935e-672b-498d-b4d9-5a253a6e7385 +vulnerability,CVE-2024-53266,vulnerability--de071fe9-b8ef-4098-9528-32dcd8af0f16 +vulnerability,CVE-2024-53851,vulnerability--1ae93297-3a65-4292-b7ce-95c2727c150f +vulnerability,CVE-2024-53965,vulnerability--8392e42e-2f11-4fc5-97ca-2a8b6a3fb6cc +vulnerability,CVE-2024-53962,vulnerability--0787547c-b31c-428f-87c3-0eae9c8738c5 +vulnerability,CVE-2024-53964,vulnerability--1e460765-af64-494c-b5b9-1413cffef1e2 +vulnerability,CVE-2024-53963,vulnerability--bcccdf5e-c8b0-4c63-be1b-e3928574969a +vulnerability,CVE-2024-56197,vulnerability--8bd6aad4-9591-49fa-bbc8-4d0706750914 +vulnerability,CVE-2024-56328,vulnerability--51776222-4c69-4e43-922e-88ab19718194 +vulnerability,CVE-2024-9644,vulnerability--3502a4fe-048f-429f-9a7c-ca20a36bde87 +vulnerability,CVE-2024-9643,vulnerability--2681c502-4282-4ea0-81c1-d50badacca44 +vulnerability,CVE-2024-23690,vulnerability--0fbff6ce-8f88-4ed6-840f-b7f22a5ee2c8 +vulnerability,CVE-2024-40891,vulnerability--aa349bc7-7429-425c-b508-dd2b08a618fb +vulnerability,CVE-2024-40700,vulnerability--6af0b71d-1e5f-4777-bdf0-d2ade0be2e27 +vulnerability,CVE-2024-40890,vulnerability--460ab942-5e40-49f7-81c5-1c0789b44b6e +vulnerability,CVE-2024-55948,vulnerability--807545af-b1db-4828-bb35-f9707c7fdad1 +vulnerability,CVE-2024-48019,vulnerability--e159b384-b328-4419-ace9-5d063ade918f +vulnerability,CVE-2024-48445,vulnerability--bc622705-95fa-4b3c-99eb-7b1ea98e3931 +vulnerability,CVE-2024-8125,vulnerability--afa9c429-c767-4857-8178-379a637e072d +vulnerability,CVE-2024-11623,vulnerability--0f168f1b-8da6-4004-a58d-c04c1460aad8 +vulnerability,CVE-2024-11468,vulnerability--202be86d-aa4f-422f-a4e0-bd8812c9d38c +vulnerability,CVE-2024-11467,vulnerability--8ba05040-0f97-45de-99b2-c20cf989cd0a +vulnerability,CVE-2024-43187,vulnerability--26ea7dfe-803d-4008-9bea-f72abc5698a3 +vulnerability,CVE-2023-39943,vulnerability--71436668-aca2-4ecf-b8a4-9fd7c610cbc9 +vulnerability,CVE-2023-40222,vulnerability--4a4dd1fb-ec09-4f87-9cd9-0f30933419ae +vulnerability,CVE-2025-1019,vulnerability--731c9fb7-b49d-4b05-9e53-7c5cb8fc1abc +vulnerability,CVE-2025-1020,vulnerability--ae95f4d8-b9f4-4ebb-8549-dca1971381d6 +vulnerability,CVE-2025-1014,vulnerability--6c4b90bc-1513-4911-8ca3-ec5f1f3b61dd +vulnerability,CVE-2025-1015,vulnerability--d7315b1c-9986-4916-9530-7fa58ad369da +vulnerability,CVE-2025-1010,vulnerability--5bbe361d-01c8-4919-8242-f008bcc67fc8 +vulnerability,CVE-2025-1017,vulnerability--ec713a8c-9c5f-4000-b878-eab9e64fc4c9 +vulnerability,CVE-2025-1009,vulnerability--218a4da1-804d-4dec-bc49-0d635172f75a +vulnerability,CVE-2025-1013,vulnerability--b41d9b39-2d1e-4723-b883-60c53fa9268d +vulnerability,CVE-2025-1016,vulnerability--3b937449-b819-4c18-b14f-7f8027200b8c +vulnerability,CVE-2025-1011,vulnerability--03137b31-6389-4766-8c01-04aa77fa9c83 +vulnerability,CVE-2025-1012,vulnerability--150c5554-aa3c-44e7-bd9a-df5a06ffdff1 +vulnerability,CVE-2025-1018,vulnerability--e9231f32-51c4-4b9a-94cf-487d6eb2b7b0 +vulnerability,CVE-2025-22662,vulnerability--59de3394-4a04-4b11-9558-09175f3cfe04 +vulnerability,CVE-2025-22696,vulnerability--f0aa848d-195f-48eb-ba72-5bddd0ba499a +vulnerability,CVE-2025-22601,vulnerability--63986e6f-6902-4203-87d1-4197934b16d6 +vulnerability,CVE-2025-22664,vulnerability--397b5526-0bdf-427c-98a6-60eb159a5482 +vulnerability,CVE-2025-22204,vulnerability--5b14b9a0-e77c-43dc-9ee8-d56810aafc56 +vulnerability,CVE-2025-22730,vulnerability--6b21ff19-3e09-4476-9f00-b90147698dcb +vulnerability,CVE-2025-22602,vulnerability--93d5687b-33f8-4695-b13b-8c95b997dcd4 +vulnerability,CVE-2025-22794,vulnerability--1a71df5e-0ccd-40c7-abc7-e0fac64ca1e3 +vulnerability,CVE-2025-22700,vulnerability--2ddc1baf-a9b1-4e02-8bf4-4fe997fcebcd +vulnerability,CVE-2025-22699,vulnerability--918e434a-3a53-4ccd-b85a-8cebb2c91db9 +vulnerability,CVE-2025-22642,vulnerability--0569aacf-0c1b-4886-8b8f-124b8dcb19b3 +vulnerability,CVE-2025-22697,vulnerability--c730ad6b-402a-4ccf-a92a-39e7d5d933d6 +vulnerability,CVE-2025-22206,vulnerability--05f949ef-11b3-4a7b-94c3-75cb563cb5aa +vulnerability,CVE-2025-22653,vulnerability--334c265e-ad0d-4a47-9d79-6db0361de80a +vulnerability,CVE-2025-22641,vulnerability--6088e119-8675-4773-8c10-732e3741f9c6 +vulnerability,CVE-2025-22475,vulnerability--222bf8a1-5b91-4b66-bb94-8e0fc6eb2c4f +vulnerability,CVE-2025-22675,vulnerability--22680167-c4bb-438d-94f3-7b0052b72840 +vulnerability,CVE-2025-22643,vulnerability--da3e3c48-e842-4c7b-8bdc-1adaa10cb30d +vulnerability,CVE-2025-22205,vulnerability--c2a8fdc6-f25d-4875-8b1c-0d40ef547544 +vulnerability,CVE-2025-22674,vulnerability--5d895256-bea1-49ee-bb9d-65f76cc72677 +vulnerability,CVE-2025-23023,vulnerability--03d94b5c-6c30-44fb-adb7-65c532a5119b +vulnerability,CVE-2025-23059,vulnerability--f46625a0-94dd-4c02-85ee-f710ede55b81 +vulnerability,CVE-2025-23058,vulnerability--95a06f06-ef3e-416a-a87c-8e562a7f2acf +vulnerability,CVE-2025-23015,vulnerability--5c9f52ac-d686-442b-9500-cdea0d82c824 +vulnerability,CVE-2025-23645,vulnerability--cc44ed78-2728-4390-aad7-237609958b47 +vulnerability,CVE-2025-23060,vulnerability--26e341cb-fe0b-440b-a0d7-183a9d06dc9e +vulnerability,CVE-2025-25039,vulnerability--5c69cbb5-607a-4e7b-a81a-2aa592ea2b93 +vulnerability,CVE-2025-24964,vulnerability--8fec9dd4-8732-41c2-905d-39d7ab746dba +vulnerability,CVE-2025-24963,vulnerability--39557b4b-6309-4fd3-ae83-b8d54a25952b +vulnerability,CVE-2025-24966,vulnerability--fdfb2f30-0503-40ff-89a3-32289507410c +vulnerability,CVE-2025-24860,vulnerability--1f3f61cb-46cd-432d-942c-e65cb9113a4f +vulnerability,CVE-2025-24598,vulnerability--3b4a4835-2627-442a-953c-548fdff0aa54 +vulnerability,CVE-2025-24602,vulnerability--357cef1f-41de-4bfc-b3e8-7d9777c6ccae +vulnerability,CVE-2025-24967,vulnerability--28364809-f0e2-4214-b04e-a92eefc176a7 +vulnerability,CVE-2025-24373,vulnerability--65b530c2-9348-4742-916c-fcf1112fd7a6 +vulnerability,CVE-2025-24982,vulnerability--721ff9f4-3aa8-485f-9724-94252cd5ac8f +vulnerability,CVE-2025-24968,vulnerability--e844d8ba-65fc-4bcc-aa17-31ca8fcc0c2e +vulnerability,CVE-2025-24971,vulnerability--4fbfda01-7a36-426c-bc80-3ec588a8dcce +vulnerability,CVE-2025-24648,vulnerability--c9b1449d-3c69-4eb4-b051-d495c5e976c2 +vulnerability,CVE-2025-24599,vulnerability--7942c820-4cfc-448a-a181-960d20d801c8 +vulnerability,CVE-2025-24677,vulnerability--a75b62c1-b69f-4e55-8ba5-e78a9b150337 +vulnerability,CVE-2025-0630,vulnerability--3c967312-1c79-41da-b780-8820ea55cf91 +vulnerability,CVE-2025-0509,vulnerability--a02424fe-9b82-4b32-b32b-d643a6ebd349 +vulnerability,CVE-2025-0444,vulnerability--18e92fff-131c-43e1-88dd-4a91eb8c1e10 +vulnerability,CVE-2025-0413,vulnerability--1251b741-aa60-44e5-88eb-a0242047cfb6 +vulnerability,CVE-2025-0960,vulnerability--a4528b86-27dc-4183-a220-caded21b6514 +vulnerability,CVE-2025-0364,vulnerability--33b87c1e-d157-43cc-81a8-d27893305995 +vulnerability,CVE-2025-0445,vulnerability--38c02d20-c755-4f63-b998-7c902a118c33 +vulnerability,CVE-2025-0466,vulnerability--8cdbce1c-ba6e-4336-8054-5182d613fd95 +vulnerability,CVE-2025-0890,vulnerability--578f25da-ec0f-400f-9d64-efddd2dbcefc +vulnerability,CVE-2025-0451,vulnerability--df394d10-31ca-4cf4-95e8-2297e211dfd4 +vulnerability,CVE-2025-0368,vulnerability--725382d0-0a54-4615-b0b3-9fb7eeaf691e +vulnerability,CVE-2025-0825,vulnerability--a0104cc8-1dff-4ed1-b573-2ef970a28fab +vulnerability,CVE-2025-0510,vulnerability--b11819c3-23c7-407f-ae8f-3b7bf9a7e284 +vulnerability,CVE-2025-20902,vulnerability--24ad104e-d32a-4896-add0-e157ced6c3aa +vulnerability,CVE-2025-20886,vulnerability--9bc86c5a-8df0-4a4d-bb02-9eaaf78c42f7 +vulnerability,CVE-2025-20899,vulnerability--20e80b25-14a5-4845-a0fa-89e0fe2eae4a +vulnerability,CVE-2025-20905,vulnerability--d238f2da-f001-44f4-b1df-dd83c5128f66 +vulnerability,CVE-2025-20884,vulnerability--da1df684-65fd-402a-aee6-0570a1de143e +vulnerability,CVE-2025-20888,vulnerability--e9c4a6dd-4b4b-4b47-920e-f19e5901019a +vulnerability,CVE-2025-20893,vulnerability--26b887a1-649a-4d83-a0a2-8b61116734f8 +vulnerability,CVE-2025-20892,vulnerability--89c838a0-b8da-40e0-b5ea-8c53f6485b08 +vulnerability,CVE-2025-20895,vulnerability--4ffd9cf2-0db1-4a66-ab0b-d2bfa5961929 +vulnerability,CVE-2025-20898,vulnerability--6224d435-daee-4865-aad6-45baa9d0af77 +vulnerability,CVE-2025-20900,vulnerability--1d4598e5-a7f4-40bd-baad-02a55d1bce11 +vulnerability,CVE-2025-20881,vulnerability--1b95b4c4-241f-48d0-9b12-2588e0ce99e6 +vulnerability,CVE-2025-20907,vulnerability--79ec7f4a-9ffc-49b9-9990-20bf0f9945e4 +vulnerability,CVE-2025-20896,vulnerability--319ba3df-fe6d-4129-91e6-9786f8b62fec +vulnerability,CVE-2025-20891,vulnerability--7ea9e408-3d1c-423e-b617-7d5c957f8fd9 +vulnerability,CVE-2025-20885,vulnerability--d249ede4-12d2-4e83-8389-0c91b6cb20f5 +vulnerability,CVE-2025-20901,vulnerability--e5bfe735-5638-4d65-a541-6c9252d2b645 +vulnerability,CVE-2025-20894,vulnerability--9630d9cf-4850-4b2d-9fdf-69f506ab1722 +vulnerability,CVE-2025-20882,vulnerability--364e61f3-2870-42cc-ab90-b90d86d21a52 +vulnerability,CVE-2025-20883,vulnerability--b1fa6a29-84ff-412c-ad80-637d4899a216 +vulnerability,CVE-2025-20890,vulnerability--1a5a30f7-e566-4cf4-ace3-279bb0017940 +vulnerability,CVE-2025-20906,vulnerability--5bc9bc60-6cf8-4335-80ed-b5fbaba91e99 +vulnerability,CVE-2025-20889,vulnerability--ef7cb4de-3c0b-464d-b6c1-fb8e30093c59 +vulnerability,CVE-2025-20887,vulnerability--392a92f2-ac5b-4620-ba7e-8db9492fe168 +vulnerability,CVE-2025-20897,vulnerability--e2dc53ac-1634-440c-98ef-bcb479f934f1 +vulnerability,CVE-2025-20904,vulnerability--eb10217f-9a90-4995-b86b-78daf8990c55 diff --git a/objects/vulnerability/vulnerability--00bb0e81-b4da-4a15-aa43-a6fca5d7f5fc.json b/objects/vulnerability/vulnerability--00bb0e81-b4da-4a15-aa43-a6fca5d7f5fc.json new file mode 100644 index 00000000000..569e5593f49 --- /dev/null +++ b/objects/vulnerability/vulnerability--00bb0e81-b4da-4a15-aa43-a6fca5d7f5fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be09d700-91fa-42ce-b3b0-191083130af5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00bb0e81-b4da-4a15-aa43-a6fca5d7f5fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:49.281339Z", + "modified": "2025-02-05T00:20:49.281339Z", + "name": "CVE-2024-12046", + "description": "The Medical Addon for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.2 via the 'namedical_elementor_template' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of draft, pending, and private posts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12046" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0227aee3-b78c-4489-a55c-89c61e6fa0e4.json b/objects/vulnerability/vulnerability--0227aee3-b78c-4489-a55c-89c61e6fa0e4.json new file mode 100644 index 00000000000..d2515f8bc11 --- /dev/null +++ b/objects/vulnerability/vulnerability--0227aee3-b78c-4489-a55c-89c61e6fa0e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bdc87874-aada-4519-9c30-29497947629e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0227aee3-b78c-4489-a55c-89c61e6fa0e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.330963Z", + "modified": "2025-02-05T00:20:50.330963Z", + "name": "CVE-2024-13356", + "description": "The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the user_remove_form.php file. This makes it possible for unauthenticated attackers to delete admin user accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13356" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03137b31-6389-4766-8c01-04aa77fa9c83.json b/objects/vulnerability/vulnerability--03137b31-6389-4766-8c01-04aa77fa9c83.json new file mode 100644 index 00000000000..6a23760cc89 --- /dev/null +++ b/objects/vulnerability/vulnerability--03137b31-6389-4766-8c01-04aa77fa9c83.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--44e2f91c-6452-48b5-a9f3-e35394d20e85", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03137b31-6389-4766-8c01-04aa77fa9c83", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.061427Z", + "modified": "2025-02-05T00:21:00.061427Z", + "name": "CVE-2025-1011", + "description": "A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1011" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03d94b5c-6c30-44fb-adb7-65c532a5119b.json b/objects/vulnerability/vulnerability--03d94b5c-6c30-44fb-adb7-65c532a5119b.json new file mode 100644 index 00000000000..f0e277542e8 --- /dev/null +++ b/objects/vulnerability/vulnerability--03d94b5c-6c30-44fb-adb7-65c532a5119b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c517f604-b269-4977-acef-721372bbe678", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03d94b5c-6c30-44fb-adb7-65c532a5119b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.161129Z", + "modified": "2025-02-05T00:21:00.161129Z", + "name": "CVE-2025-23023", + "description": "Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade may disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23023" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04f3a0e0-5e87-4ee1-85af-e99fb33c8314.json b/objects/vulnerability/vulnerability--04f3a0e0-5e87-4ee1-85af-e99fb33c8314.json new file mode 100644 index 00000000000..c8acfbb0c38 --- /dev/null +++ b/objects/vulnerability/vulnerability--04f3a0e0-5e87-4ee1-85af-e99fb33c8314.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db1af4b6-b148-4a8d-893b-058b8a82858d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04f3a0e0-5e87-4ee1-85af-e99fb33c8314", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.335685Z", + "modified": "2025-02-05T00:20:50.335685Z", + "name": "CVE-2024-13326", + "description": "The iBuildApp WordPress plugin through 0.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13326" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0569aacf-0c1b-4886-8b8f-124b8dcb19b3.json b/objects/vulnerability/vulnerability--0569aacf-0c1b-4886-8b8f-124b8dcb19b3.json new file mode 100644 index 00000000000..2e5c9fcc522 --- /dev/null +++ b/objects/vulnerability/vulnerability--0569aacf-0c1b-4886-8b8f-124b8dcb19b3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e911fa7c-d039-4779-97d5-7eb2d69a703d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0569aacf-0c1b-4886-8b8f-124b8dcb19b3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.103634Z", + "modified": "2025-02-05T00:21:00.103634Z", + "name": "CVE-2025-22642", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RTO GmbH Dynamic Conditions allows Stored XSS. This issue affects Dynamic Conditions: from n/a through 1.7.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22642" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05f949ef-11b3-4a7b-94c3-75cb563cb5aa.json b/objects/vulnerability/vulnerability--05f949ef-11b3-4a7b-94c3-75cb563cb5aa.json new file mode 100644 index 00000000000..eb200703cc0 --- /dev/null +++ b/objects/vulnerability/vulnerability--05f949ef-11b3-4a7b-94c3-75cb563cb5aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b505c77c-82ee-42aa-a8aa-fc5cc24c16a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05f949ef-11b3-4a7b-94c3-75cb563cb5aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.10618Z", + "modified": "2025-02-05T00:21:00.10618Z", + "name": "CVE-2025-22206", + "description": "A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22206" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--069a0c07-e7b6-4ecd-9a4c-75cc7635d703.json b/objects/vulnerability/vulnerability--069a0c07-e7b6-4ecd-9a4c-75cc7635d703.json new file mode 100644 index 00000000000..485efd146e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--069a0c07-e7b6-4ecd-9a4c-75cc7635d703.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb9e0b74-ef71-4125-9a9b-b00a9307ea96", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--069a0c07-e7b6-4ecd-9a4c-75cc7635d703", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:49.87203Z", + "modified": "2025-02-05T00:20:49.87203Z", + "name": "CVE-2024-10239", + "description": "A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10239" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0738b68a-80b3-48af-84b5-a48e1255b0d8.json b/objects/vulnerability/vulnerability--0738b68a-80b3-48af-84b5-a48e1255b0d8.json new file mode 100644 index 00000000000..e2a71671902 --- /dev/null +++ b/objects/vulnerability/vulnerability--0738b68a-80b3-48af-84b5-a48e1255b0d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--93adeb8d-21c5-49f8-955f-da070628a99c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0738b68a-80b3-48af-84b5-a48e1255b0d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:49.917607Z", + "modified": "2025-02-05T00:20:49.917607Z", + "name": "CVE-2024-10237", + "description": "There is a vulnerability in the BMC firmware image authentication design \n\n at Supermicro MBD-X12DPG-OA6\n\n. An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10237" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0787547c-b31c-428f-87c3-0eae9c8738c5.json b/objects/vulnerability/vulnerability--0787547c-b31c-428f-87c3-0eae9c8738c5.json new file mode 100644 index 00000000000..764440cfc45 --- /dev/null +++ b/objects/vulnerability/vulnerability--0787547c-b31c-428f-87c3-0eae9c8738c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--312dc0ca-e846-46b8-aca2-b5aaa60c8237", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0787547c-b31c-428f-87c3-0eae9c8738c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.382503Z", + "modified": "2025-02-05T00:20:50.382503Z", + "name": "CVE-2024-53962", + "description": "Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53962" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0b8716b8-004f-4df2-882e-154473b7140a.json b/objects/vulnerability/vulnerability--0b8716b8-004f-4df2-882e-154473b7140a.json new file mode 100644 index 00000000000..916c39edfaa --- /dev/null +++ b/objects/vulnerability/vulnerability--0b8716b8-004f-4df2-882e-154473b7140a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47da6f8f-bb93-45b7-ac55-ed2a7e2ad138", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0b8716b8-004f-4df2-882e-154473b7140a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.338239Z", + "modified": "2025-02-05T00:20:50.338239Z", + "name": "CVE-2024-13328", + "description": "The Giga Messenger WordPress plugin through 2.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13328" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f168f1b-8da6-4004-a58d-c04c1460aad8.json b/objects/vulnerability/vulnerability--0f168f1b-8da6-4004-a58d-c04c1460aad8.json new file mode 100644 index 00000000000..8c800385b5d --- /dev/null +++ b/objects/vulnerability/vulnerability--0f168f1b-8da6-4004-a58d-c04c1460aad8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--42d55333-83c3-43ed-a0bf-4e30db37af67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f168f1b-8da6-4004-a58d-c04c1460aad8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:51.713268Z", + "modified": "2025-02-05T00:20:51.713268Z", + "name": "CVE-2024-11623", + "description": "Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. \nThis action could only be performed by an authenticated admin user.\nThe issue was fixed in 2024.10.4 release.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11623" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0fbff6ce-8f88-4ed6-840f-b7f22a5ee2c8.json b/objects/vulnerability/vulnerability--0fbff6ce-8f88-4ed6-840f-b7f22a5ee2c8.json new file mode 100644 index 00000000000..c23a8c94962 --- /dev/null +++ b/objects/vulnerability/vulnerability--0fbff6ce-8f88-4ed6-840f-b7f22a5ee2c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3f76b5d0-2c69-4e66-86d3-20cb6de2940f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0fbff6ce-8f88-4ed6-840f-b7f22a5ee2c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.928172Z", + "modified": "2025-02-05T00:20:50.928172Z", + "name": "CVE-2024-23690", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted \"util backup_configuration\" commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-23690" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1251b741-aa60-44e5-88eb-a0242047cfb6.json b/objects/vulnerability/vulnerability--1251b741-aa60-44e5-88eb-a0242047cfb6.json new file mode 100644 index 00000000000..17b0e06bbeb --- /dev/null +++ b/objects/vulnerability/vulnerability--1251b741-aa60-44e5-88eb-a0242047cfb6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d7ded5fe-04ef-49a6-a081-4064dd71c1dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1251b741-aa60-44e5-88eb-a0242047cfb6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.282174Z", + "modified": "2025-02-05T00:21:00.282174Z", + "name": "CVE-2025-0413", + "description": "Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. \nThis vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Technical Data Reporter component. By creating a symbolic link, an attacker can abuse the service to change the permissions of arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-25014.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0413" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--150c5554-aa3c-44e7-bd9a-df5a06ffdff1.json b/objects/vulnerability/vulnerability--150c5554-aa3c-44e7-bd9a-df5a06ffdff1.json new file mode 100644 index 00000000000..3bf2bfd46dd --- /dev/null +++ b/objects/vulnerability/vulnerability--150c5554-aa3c-44e7-bd9a-df5a06ffdff1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2bced21e-9420-433d-86ab-5b7d7ec3fffc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--150c5554-aa3c-44e7-bd9a-df5a06ffdff1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.062796Z", + "modified": "2025-02-05T00:21:00.062796Z", + "name": "CVE-2025-1012", + "description": "A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1012" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18e92fff-131c-43e1-88dd-4a91eb8c1e10.json b/objects/vulnerability/vulnerability--18e92fff-131c-43e1-88dd-4a91eb8c1e10.json new file mode 100644 index 00000000000..a57b9dc7e2a --- /dev/null +++ b/objects/vulnerability/vulnerability--18e92fff-131c-43e1-88dd-4a91eb8c1e10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f9c5fa4-9a0c-4e64-96c2-6af630feca94", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18e92fff-131c-43e1-88dd-4a91eb8c1e10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.27631Z", + "modified": "2025-02-05T00:21:00.27631Z", + "name": "CVE-2025-0444", + "description": "Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0444" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1a5a30f7-e566-4cf4-ace3-279bb0017940.json b/objects/vulnerability/vulnerability--1a5a30f7-e566-4cf4-ace3-279bb0017940.json new file mode 100644 index 00000000000..16931052647 --- /dev/null +++ b/objects/vulnerability/vulnerability--1a5a30f7-e566-4cf4-ace3-279bb0017940.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--37e34e68-e1c0-4240-9dc6-40caecc7d823", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1a5a30f7-e566-4cf4-ace3-279bb0017940", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.377953Z", + "modified": "2025-02-05T00:21:00.377953Z", + "name": "CVE-2025-20890", + "description": "Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20890" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1a71df5e-0ccd-40c7-abc7-e0fac64ca1e3.json b/objects/vulnerability/vulnerability--1a71df5e-0ccd-40c7-abc7-e0fac64ca1e3.json new file mode 100644 index 00000000000..094f3e4d7d5 --- /dev/null +++ b/objects/vulnerability/vulnerability--1a71df5e-0ccd-40c7-abc7-e0fac64ca1e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--832fe65a-b4e4-49f1-a24e-7e48d4600a55", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1a71df5e-0ccd-40c7-abc7-e0fac64ca1e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.090689Z", + "modified": "2025-02-05T00:21:00.090689Z", + "name": "CVE-2025-22794", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Landoweb Programador World Cup Predictor allows Reflected XSS. This issue affects World Cup Predictor: from n/a through 1.9.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22794" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1ae93297-3a65-4292-b7ce-95c2727c150f.json b/objects/vulnerability/vulnerability--1ae93297-3a65-4292-b7ce-95c2727c150f.json new file mode 100644 index 00000000000..71c89b71bc0 --- /dev/null +++ b/objects/vulnerability/vulnerability--1ae93297-3a65-4292-b7ce-95c2727c150f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--931c2d2d-15c9-44e8-a170-1c8afe7eab31", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1ae93297-3a65-4292-b7ce-95c2727c150f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.374523Z", + "modified": "2025-02-05T00:20:50.374523Z", + "name": "CVE-2024-53851", + "description": "Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This vulnerability is only exploitable by authenticated users. This issue has been patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade should turn off the `enable inline onebox on all domains` site setting and remove all entries from the `allowed inline onebox domains` site setting.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53851" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1b95b4c4-241f-48d0-9b12-2588e0ce99e6.json b/objects/vulnerability/vulnerability--1b95b4c4-241f-48d0-9b12-2588e0ce99e6.json new file mode 100644 index 00000000000..3c7033ff8a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--1b95b4c4-241f-48d0-9b12-2588e0ce99e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b538cc5-0bf6-4887-ad48-594b2643e795", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1b95b4c4-241f-48d0-9b12-2588e0ce99e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.357843Z", + "modified": "2025-02-05T00:21:00.357843Z", + "name": "CVE-2025-20881", + "description": "Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20881" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d175fbd-1378-4e03-803d-4429449e7038.json b/objects/vulnerability/vulnerability--1d175fbd-1378-4e03-803d-4429449e7038.json new file mode 100644 index 00000000000..04d3b195d0f --- /dev/null +++ b/objects/vulnerability/vulnerability--1d175fbd-1378-4e03-803d-4429449e7038.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be4d2906-8dd6-4572-992b-ddb269b548b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d175fbd-1378-4e03-803d-4429449e7038", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.324367Z", + "modified": "2025-02-05T00:20:50.324367Z", + "name": "CVE-2024-13115", + "description": "The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13115" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d4598e5-a7f4-40bd-baad-02a55d1bce11.json b/objects/vulnerability/vulnerability--1d4598e5-a7f4-40bd-baad-02a55d1bce11.json new file mode 100644 index 00000000000..00f32ef94bf --- /dev/null +++ b/objects/vulnerability/vulnerability--1d4598e5-a7f4-40bd-baad-02a55d1bce11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9c5835f9-845d-44e4-8e31-5a8de3c38219", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d4598e5-a7f4-40bd-baad-02a55d1bce11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.356843Z", + "modified": "2025-02-05T00:21:00.356843Z", + "name": "CVE-2025-20900", + "description": "Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20900" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1d56c522-9999-4ae9-9806-fea90bbdc6c2.json b/objects/vulnerability/vulnerability--1d56c522-9999-4ae9-9806-fea90bbdc6c2.json new file mode 100644 index 00000000000..4573bf0b2f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--1d56c522-9999-4ae9-9806-fea90bbdc6c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9fb952d6-2fcf-486f-a06b-fa1aeb7360af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1d56c522-9999-4ae9-9806-fea90bbdc6c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.285676Z", + "modified": "2025-02-05T00:20:50.285676Z", + "name": "CVE-2024-13607", + "description": "The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level permissions and above, to export ticket data for any user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13607" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1dce667a-f331-4629-966e-5a49158260e7.json b/objects/vulnerability/vulnerability--1dce667a-f331-4629-966e-5a49158260e7.json new file mode 100644 index 00000000000..5dc395eae95 --- /dev/null +++ b/objects/vulnerability/vulnerability--1dce667a-f331-4629-966e-5a49158260e7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--906b0d3c-c50f-4e9c-9563-80a840e269b7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1dce667a-f331-4629-966e-5a49158260e7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.304317Z", + "modified": "2025-02-05T00:20:50.304317Z", + "name": "CVE-2024-13114", + "description": "The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13114" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e460765-af64-494c-b5b9-1413cffef1e2.json b/objects/vulnerability/vulnerability--1e460765-af64-494c-b5b9-1413cffef1e2.json new file mode 100644 index 00000000000..cf1ee4207b5 --- /dev/null +++ b/objects/vulnerability/vulnerability--1e460765-af64-494c-b5b9-1413cffef1e2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--068ae336-728a-47c0-b468-8c89887c2804", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e460765-af64-494c-b5b9-1413cffef1e2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.387825Z", + "modified": "2025-02-05T00:20:50.387825Z", + "name": "CVE-2024-53964", + "description": "Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53964" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1f3f61cb-46cd-432d-942c-e65cb9113a4f.json b/objects/vulnerability/vulnerability--1f3f61cb-46cd-432d-942c-e65cb9113a4f.json new file mode 100644 index 00000000000..781a4b2582d --- /dev/null +++ b/objects/vulnerability/vulnerability--1f3f61cb-46cd-432d-942c-e65cb9113a4f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b29199f-0329-460f-9fc1-7f4a83f758de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1f3f61cb-46cd-432d-942c-e65cb9113a4f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.216381Z", + "modified": "2025-02-05T00:21:00.216381Z", + "name": "CVE-2025-24860", + "description": "Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer.\n\nUsers with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions.\n\n\n\n\nThis issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer.\n\n\n\n\nOperators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24860" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1fd2dc60-ff65-4cee-aa22-a232e8fe1f37.json b/objects/vulnerability/vulnerability--1fd2dc60-ff65-4cee-aa22-a232e8fe1f37.json new file mode 100644 index 00000000000..17933ca1788 --- /dev/null +++ b/objects/vulnerability/vulnerability--1fd2dc60-ff65-4cee-aa22-a232e8fe1f37.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bfc7b0de-b03a-4f94-81cb-44c5c91dda67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1fd2dc60-ff65-4cee-aa22-a232e8fe1f37", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:49.900937Z", + "modified": "2025-02-05T00:20:49.900937Z", + "name": "CVE-2024-10238", + "description": "A security issue in the firmware image verification implementation \n\n at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10238" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--202be86d-aa4f-422f-a4e0-bd8812c9d38c.json b/objects/vulnerability/vulnerability--202be86d-aa4f-422f-a4e0-bd8812c9d38c.json new file mode 100644 index 00000000000..745cb650e0d --- /dev/null +++ b/objects/vulnerability/vulnerability--202be86d-aa4f-422f-a4e0-bd8812c9d38c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e9bef4e-b134-4159-86ef-bb487268c5b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--202be86d-aa4f-422f-a4e0-bd8812c9d38c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:51.734866Z", + "modified": "2025-02-05T00:20:51.734866Z", + "name": "CVE-2024-11468", + "description": "Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11468" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--20e80b25-14a5-4845-a0fa-89e0fe2eae4a.json b/objects/vulnerability/vulnerability--20e80b25-14a5-4845-a0fa-89e0fe2eae4a.json new file mode 100644 index 00000000000..d4e8fc3d46d --- /dev/null +++ b/objects/vulnerability/vulnerability--20e80b25-14a5-4845-a0fa-89e0fe2eae4a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f32b52fe-6f4f-407e-9811-af7bab3eb59b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--20e80b25-14a5-4845-a0fa-89e0fe2eae4a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.340752Z", + "modified": "2025-02-05T00:21:00.340752Z", + "name": "CVE-2025-20899", + "description": "Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20899" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--218a4da1-804d-4dec-bc49-0d635172f75a.json b/objects/vulnerability/vulnerability--218a4da1-804d-4dec-bc49-0d635172f75a.json new file mode 100644 index 00000000000..ad3366928a8 --- /dev/null +++ b/objects/vulnerability/vulnerability--218a4da1-804d-4dec-bc49-0d635172f75a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--284beaae-94ba-4208-b837-fcc2a1798dd6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--218a4da1-804d-4dec-bc49-0d635172f75a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.057756Z", + "modified": "2025-02-05T00:21:00.057756Z", + "name": "CVE-2025-1009", + "description": "An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1009" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--222bf8a1-5b91-4b66-bb94-8e0fc6eb2c4f.json b/objects/vulnerability/vulnerability--222bf8a1-5b91-4b66-bb94-8e0fc6eb2c4f.json new file mode 100644 index 00000000000..e68ca0d3fdc --- /dev/null +++ b/objects/vulnerability/vulnerability--222bf8a1-5b91-4b66-bb94-8e0fc6eb2c4f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--610dd9db-04e9-4c7c-b04d-3266df45ad80", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--222bf8a1-5b91-4b66-bb94-8e0fc6eb2c4f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.113909Z", + "modified": "2025-02-05T00:21:00.113909Z", + "name": "CVE-2025-22475", + "description": "Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentially exploit this vulnerability, leading to Information tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22475" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--22680167-c4bb-438d-94f3-7b0052b72840.json b/objects/vulnerability/vulnerability--22680167-c4bb-438d-94f3-7b0052b72840.json new file mode 100644 index 00000000000..0253b4b46b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--22680167-c4bb-438d-94f3-7b0052b72840.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9b6c3d39-5ef2-4ada-903e-4c96c75a0d18", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--22680167-c4bb-438d-94f3-7b0052b72840", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.115576Z", + "modified": "2025-02-05T00:21:00.115576Z", + "name": "CVE-2025-22675", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Alert Box Block – Display notice/alerts in the front end allows Stored XSS. This issue affects Alert Box Block – Display notice/alerts in the front end: from n/a through 1.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22675" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--24ad104e-d32a-4896-add0-e157ced6c3aa.json b/objects/vulnerability/vulnerability--24ad104e-d32a-4896-add0-e157ced6c3aa.json new file mode 100644 index 00000000000..3a2a8d0a7f0 --- /dev/null +++ b/objects/vulnerability/vulnerability--24ad104e-d32a-4896-add0-e157ced6c3aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d4ab2b69-abf8-4ff4-863e-1af622e91c3c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--24ad104e-d32a-4896-add0-e157ced6c3aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.332869Z", + "modified": "2025-02-05T00:21:00.332869Z", + "name": "CVE-2025-20902", + "description": "Improper access control in Media Controller prior to version 1.0.24.5282 allows local attacker to launch activities in MediaController's privilege.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20902" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2681c502-4282-4ea0-81c1-d50badacca44.json b/objects/vulnerability/vulnerability--2681c502-4282-4ea0-81c1-d50badacca44.json new file mode 100644 index 00000000000..1c0dbfecbf5 --- /dev/null +++ b/objects/vulnerability/vulnerability--2681c502-4282-4ea0-81c1-d50badacca44.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7287d5bf-98b6-44e5-9930-5b8315ea5091", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2681c502-4282-4ea0-81c1-d50badacca44", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.747502Z", + "modified": "2025-02-05T00:20:50.747502Z", + "name": "CVE-2024-9643", + "description": "The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9643" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26b887a1-649a-4d83-a0a2-8b61116734f8.json b/objects/vulnerability/vulnerability--26b887a1-649a-4d83-a0a2-8b61116734f8.json new file mode 100644 index 00000000000..2ff267582fa --- /dev/null +++ b/objects/vulnerability/vulnerability--26b887a1-649a-4d83-a0a2-8b61116734f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0dd6484-eb9e-40ae-a829-6566d0da7948", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26b887a1-649a-4d83-a0a2-8b61116734f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.348896Z", + "modified": "2025-02-05T00:21:00.348896Z", + "name": "CVE-2025-20893", + "description": "Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20893" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26e341cb-fe0b-440b-a0d7-183a9d06dc9e.json b/objects/vulnerability/vulnerability--26e341cb-fe0b-440b-a0d7-183a9d06dc9e.json new file mode 100644 index 00000000000..f450caf2284 --- /dev/null +++ b/objects/vulnerability/vulnerability--26e341cb-fe0b-440b-a0d7-183a9d06dc9e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2b97c5c-ecd6-4a2c-a86c-4581b297aac8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26e341cb-fe0b-440b-a0d7-183a9d06dc9e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.192625Z", + "modified": "2025-02-05T00:21:00.192625Z", + "name": "CVE-2025-23060", + "description": "A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23060" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--26ea7dfe-803d-4008-9bea-f72abc5698a3.json b/objects/vulnerability/vulnerability--26ea7dfe-803d-4008-9bea-f72abc5698a3.json new file mode 100644 index 00000000000..2b156325154 --- /dev/null +++ b/objects/vulnerability/vulnerability--26ea7dfe-803d-4008-9bea-f72abc5698a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3c6587f-7ed6-4012-8360-2e1d1143028c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--26ea7dfe-803d-4008-9bea-f72abc5698a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:51.868001Z", + "modified": "2025-02-05T00:20:51.868001Z", + "name": "CVE-2024-43187", + "description": "IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43187" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28364809-f0e2-4214-b04e-a92eefc176a7.json b/objects/vulnerability/vulnerability--28364809-f0e2-4214-b04e-a92eefc176a7.json new file mode 100644 index 00000000000..338c87197a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--28364809-f0e2-4214-b04e-a92eefc176a7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bae52bc4-d645-4e00-996b-bc03c821fbcb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28364809-f0e2-4214-b04e-a92eefc176a7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.229623Z", + "modified": "2025-02-05T00:21:00.229623Z", + "name": "CVE-2025-24967", + "description": "reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This vulnerability allows unauthorized script execution whenever the admin views or interacts with the affected user entry, posing a significant risk to sensitive admin functionalities. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24967" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2c6a9ba1-c722-42c8-9f9a-85e3aa137a7b.json b/objects/vulnerability/vulnerability--2c6a9ba1-c722-42c8-9f9a-85e3aa137a7b.json new file mode 100644 index 00000000000..05a1f55b5f4 --- /dev/null +++ b/objects/vulnerability/vulnerability--2c6a9ba1-c722-42c8-9f9a-85e3aa137a7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--063399a9-02ce-4abd-9b2b-384634252297", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2c6a9ba1-c722-42c8-9f9a-85e3aa137a7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.306919Z", + "modified": "2025-02-05T00:20:50.306919Z", + "name": "CVE-2024-13529", + "description": "The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download arbitrary files from the target system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13529" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ddc1baf-a9b1-4e02-8bf4-4fe997fcebcd.json b/objects/vulnerability/vulnerability--2ddc1baf-a9b1-4e02-8bf4-4fe997fcebcd.json new file mode 100644 index 00000000000..83a93816c13 --- /dev/null +++ b/objects/vulnerability/vulnerability--2ddc1baf-a9b1-4e02-8bf4-4fe997fcebcd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c101551-52d9-4e98-b79c-81439f6696c3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ddc1baf-a9b1-4e02-8bf4-4fe997fcebcd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.099425Z", + "modified": "2025-02-05T00:21:00.099425Z", + "name": "CVE-2025-22700", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Traveler Code. This issue affects Traveler Code: from n/a through 3.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22700" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--319ba3df-fe6d-4129-91e6-9786f8b62fec.json b/objects/vulnerability/vulnerability--319ba3df-fe6d-4129-91e6-9786f8b62fec.json new file mode 100644 index 00000000000..eab47fbe207 --- /dev/null +++ b/objects/vulnerability/vulnerability--319ba3df-fe6d-4129-91e6-9786f8b62fec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--74467792-348f-4197-94f1-caef43e8d69f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--319ba3df-fe6d-4129-91e6-9786f8b62fec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.363416Z", + "modified": "2025-02-05T00:21:00.363416Z", + "name": "CVE-2025-20896", + "description": "Use of implicit intent for sensitive communication in EasySetup prior to version 11.1.18 allows local attackers to access sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20896" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--334c265e-ad0d-4a47-9d79-6db0361de80a.json b/objects/vulnerability/vulnerability--334c265e-ad0d-4a47-9d79-6db0361de80a.json new file mode 100644 index 00000000000..5bf9e1ff8db --- /dev/null +++ b/objects/vulnerability/vulnerability--334c265e-ad0d-4a47-9d79-6db0361de80a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5941809f-3bf9-46ca-b5a3-f3df3e8a3bda", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--334c265e-ad0d-4a47-9d79-6db0361de80a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.11096Z", + "modified": "2025-02-05T00:21:00.11096Z", + "name": "CVE-2025-22653", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in templaza Music Press Pro allows Stored XSS. This issue affects Music Press Pro: from n/a through 1.4.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22653" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--33b87c1e-d157-43cc-81a8-d27893305995.json b/objects/vulnerability/vulnerability--33b87c1e-d157-43cc-81a8-d27893305995.json new file mode 100644 index 00000000000..a38957f6f96 --- /dev/null +++ b/objects/vulnerability/vulnerability--33b87c1e-d157-43cc-81a8-d27893305995.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--87f6f223-060a-4db3-bb83-459244b52735", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--33b87c1e-d157-43cc-81a8-d27893305995", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.298837Z", + "modified": "2025-02-05T00:21:00.298837Z", + "name": "CVE-2025-0364", + "description": "BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the \"Cloud Storage Addin,\" leading to unauthenticated code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0364" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3502a4fe-048f-429f-9a7c-ca20a36bde87.json b/objects/vulnerability/vulnerability--3502a4fe-048f-429f-9a7c-ca20a36bde87.json new file mode 100644 index 00000000000..850e1fbde04 --- /dev/null +++ b/objects/vulnerability/vulnerability--3502a4fe-048f-429f-9a7c-ca20a36bde87.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6cf920c5-49a7-4084-8ac2-0da9ede2806a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3502a4fe-048f-429f-9a7c-ca20a36bde87", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.730594Z", + "modified": "2025-02-05T00:20:50.730594Z", + "name": "CVE-2024-9644", + "description": "The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an \nauthentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the \"bapply.cgi\" endpoint instead of the normal \"apply.cgi\" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9644" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--357cef1f-41de-4bfc-b3e8-7d9777c6ccae.json b/objects/vulnerability/vulnerability--357cef1f-41de-4bfc-b3e8-7d9777c6ccae.json new file mode 100644 index 00000000000..429ee386c5a --- /dev/null +++ b/objects/vulnerability/vulnerability--357cef1f-41de-4bfc-b3e8-7d9777c6ccae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b6bbee2-5f1b-4124-a36a-090e46a88009", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--357cef1f-41de-4bfc-b3e8-7d9777c6ccae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.228073Z", + "modified": "2025-02-05T00:21:00.228073Z", + "name": "CVE-2025-24602", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP24 WP24 Domain Check allows Reflected XSS. This issue affects WP24 Domain Check: from n/a through 1.10.14.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24602" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--364e61f3-2870-42cc-ab90-b90d86d21a52.json b/objects/vulnerability/vulnerability--364e61f3-2870-42cc-ab90-b90d86d21a52.json new file mode 100644 index 00000000000..3834a53452e --- /dev/null +++ b/objects/vulnerability/vulnerability--364e61f3-2870-42cc-ab90-b90d86d21a52.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6f385412-6783-4836-93bf-be9b3dadc816", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--364e61f3-2870-42cc-ab90-b90d86d21a52", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.372636Z", + "modified": "2025-02-05T00:21:00.372636Z", + "name": "CVE-2025-20882", + "description": "Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20882" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--38b842b2-b565-4b63-9ac3-9772d0e29e71.json b/objects/vulnerability/vulnerability--38b842b2-b565-4b63-9ac3-9772d0e29e71.json new file mode 100644 index 00000000000..53b24788637 --- /dev/null +++ b/objects/vulnerability/vulnerability--38b842b2-b565-4b63-9ac3-9772d0e29e71.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41c40b38-21ab-47b3-8e67-4fc08b83b294", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--38b842b2-b565-4b63-9ac3-9772d0e29e71", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.322963Z", + "modified": "2025-02-05T00:20:50.322963Z", + "name": "CVE-2024-13325", + "description": "The Glossy WordPress plugin through 2.3.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13325" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--38c02d20-c755-4f63-b998-7c902a118c33.json b/objects/vulnerability/vulnerability--38c02d20-c755-4f63-b998-7c902a118c33.json new file mode 100644 index 00000000000..95673cdf16a --- /dev/null +++ b/objects/vulnerability/vulnerability--38c02d20-c755-4f63-b998-7c902a118c33.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2e3bc943-b086-4e96-9a6a-29a86035e693", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--38c02d20-c755-4f63-b998-7c902a118c33", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.30138Z", + "modified": "2025-02-05T00:21:00.30138Z", + "name": "CVE-2025-0445", + "description": "Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0445" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--392a92f2-ac5b-4620-ba7e-8db9492fe168.json b/objects/vulnerability/vulnerability--392a92f2-ac5b-4620-ba7e-8db9492fe168.json new file mode 100644 index 00000000000..0c264db3e28 --- /dev/null +++ b/objects/vulnerability/vulnerability--392a92f2-ac5b-4620-ba7e-8db9492fe168.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e28db23-949d-4610-a784-a54420147a35", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--392a92f2-ac5b-4620-ba7e-8db9492fe168", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.388725Z", + "modified": "2025-02-05T00:21:00.388725Z", + "name": "CVE-2025-20887", + "description": "Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20887" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--39557b4b-6309-4fd3-ae83-b8d54a25952b.json b/objects/vulnerability/vulnerability--39557b4b-6309-4fd3-ae83-b8d54a25952b.json new file mode 100644 index 00000000000..a2d84b89be2 --- /dev/null +++ b/objects/vulnerability/vulnerability--39557b4b-6309-4fd3-ae83-b8d54a25952b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d9f9101-c2a9-4734-9987-03b96fc3d3f8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--39557b4b-6309-4fd3-ae83-b8d54a25952b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.209902Z", + "modified": "2025-02-05T00:21:00.209902Z", + "name": "CVE-2025-24963", + "description": "Vitest is a testing framework powered by Vite. The `__screenshot-error` handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by `browser.api.host: true`, an attacker can send a request to that handler from remote to get the content of arbitrary files.This `__screenshot-error` handler on the browser mode HTTP server responds any file on the file system. This code was added by commit `2d62051`. Users explicitly exposing the browser mode server to the network by `browser.api.host: true` may get any files exposed. This issue has been addressed in versions 2.1.9 and 3.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24963" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--397b5526-0bdf-427c-98a6-60eb159a5482.json b/objects/vulnerability/vulnerability--397b5526-0bdf-427c-98a6-60eb159a5482.json new file mode 100644 index 00000000000..0fd436be53c --- /dev/null +++ b/objects/vulnerability/vulnerability--397b5526-0bdf-427c-98a6-60eb159a5482.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3714311a-6cee-4ae3-b976-e5a4bf4744f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--397b5526-0bdf-427c-98a6-60eb159a5482", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.074489Z", + "modified": "2025-02-05T00:21:00.074489Z", + "name": "CVE-2025-22664", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS. This issue affects Survey Maker: from n/a through 5.1.3.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22664" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b4a4835-2627-442a-953c-548fdff0aa54.json b/objects/vulnerability/vulnerability--3b4a4835-2627-442a-953c-548fdff0aa54.json new file mode 100644 index 00000000000..60ae97333e0 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b4a4835-2627-442a-953c-548fdff0aa54.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f6dba64c-6f48-4514-95c1-91a3ec612f27", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b4a4835-2627-442a-953c-548fdff0aa54", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.21795Z", + "modified": "2025-02-05T00:21:00.21795Z", + "name": "CVE-2025-24598", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24598" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b937449-b819-4c18-b14f-7f8027200b8c.json b/objects/vulnerability/vulnerability--3b937449-b819-4c18-b14f-7f8027200b8c.json new file mode 100644 index 00000000000..c78cb6c4b13 --- /dev/null +++ b/objects/vulnerability/vulnerability--3b937449-b819-4c18-b14f-7f8027200b8c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a220e1a1-9cee-46dc-9965-0032cba4e1f1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b937449-b819-4c18-b14f-7f8027200b8c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.060226Z", + "modified": "2025-02-05T00:21:00.060226Z", + "name": "CVE-2025-1016", + "description": "Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1016" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c967312-1c79-41da-b780-8820ea55cf91.json b/objects/vulnerability/vulnerability--3c967312-1c79-41da-b780-8820ea55cf91.json new file mode 100644 index 00000000000..802f7550783 --- /dev/null +++ b/objects/vulnerability/vulnerability--3c967312-1c79-41da-b780-8820ea55cf91.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ac879b43-a1d7-4533-959a-2562a8fb1222", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c967312-1c79-41da-b780-8820ea55cf91", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.267641Z", + "modified": "2025-02-05T00:21:00.267641Z", + "name": "CVE-2025-0630", + "description": "Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local file inclusion attack (LFI), where any authenticated user has privileged access to files on the device's filesystem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0630" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--460ab942-5e40-49f7-81c5-1c0789b44b6e.json b/objects/vulnerability/vulnerability--460ab942-5e40-49f7-81c5-1c0789b44b6e.json new file mode 100644 index 00000000000..119e41fdf32 --- /dev/null +++ b/objects/vulnerability/vulnerability--460ab942-5e40-49f7-81c5-1c0789b44b6e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbf75e23-c4a1-4adc-9921-240b8ba37d15", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--460ab942-5e40-49f7-81c5-1c0789b44b6e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:51.009619Z", + "modified": "2025-02-05T00:20:51.009619Z", + "name": "CVE-2024-40890", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** **UNSUPPORTED WHEN ASSIGNED**\nA post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40890" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a4dd1fb-ec09-4f87-9cd9-0f30933419ae.json b/objects/vulnerability/vulnerability--4a4dd1fb-ec09-4f87-9cd9-0f30933419ae.json new file mode 100644 index 00000000000..5acef6e84b7 --- /dev/null +++ b/objects/vulnerability/vulnerability--4a4dd1fb-ec09-4f87-9cd9-0f30933419ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aa434e86-f929-498f-953e-8cb9e30d9e9e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a4dd1fb-ec09-4f87-9cd9-0f30933419ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:55.914058Z", + "modified": "2025-02-05T00:20:55.914058Z", + "name": "CVE-2023-40222", + "description": "In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-40222" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4e96a80f-ac8f-41d7-99e9-8e5a3229a47c.json b/objects/vulnerability/vulnerability--4e96a80f-ac8f-41d7-99e9-8e5a3229a47c.json new file mode 100644 index 00000000000..85f1ef65f77 --- /dev/null +++ b/objects/vulnerability/vulnerability--4e96a80f-ac8f-41d7-99e9-8e5a3229a47c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7718a9ff-2277-4f22-a467-b34871ae2018", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4e96a80f-ac8f-41d7-99e9-8e5a3229a47c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.290641Z", + "modified": "2025-02-05T00:20:50.290641Z", + "name": "CVE-2024-13723", + "description": "The \"NagVis\" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13723" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4fbfda01-7a36-426c-bc80-3ec588a8dcce.json b/objects/vulnerability/vulnerability--4fbfda01-7a36-426c-bc80-3ec588a8dcce.json new file mode 100644 index 00000000000..7ca188c32c3 --- /dev/null +++ b/objects/vulnerability/vulnerability--4fbfda01-7a36-426c-bc80-3ec588a8dcce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5620b375-222d-420c-824f-b13518a42bdf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4fbfda01-7a36-426c-bc80-3ec588a8dcce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.256177Z", + "modified": "2025-02-05T00:21:00.256177Z", + "name": "CVE-2025-24971", + "description": "DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely when the **Apprise Notification** enabled. This issue has been addressed in commit `4ff8469d` and all users are advised to patch. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24971" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ffd9cf2-0db1-4a66-ab0b-d2bfa5961929.json b/objects/vulnerability/vulnerability--4ffd9cf2-0db1-4a66-ab0b-d2bfa5961929.json new file mode 100644 index 00000000000..23bd84910e9 --- /dev/null +++ b/objects/vulnerability/vulnerability--4ffd9cf2-0db1-4a66-ab0b-d2bfa5961929.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b12c8e4b-17da-4816-9cf5-f4b878c0e0ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ffd9cf2-0db1-4a66-ab0b-d2bfa5961929", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.353947Z", + "modified": "2025-02-05T00:21:00.353947Z", + "name": "CVE-2025-20895", + "description": "Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20895" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--51776222-4c69-4e43-922e-88ab19718194.json b/objects/vulnerability/vulnerability--51776222-4c69-4e43-922e-88ab19718194.json new file mode 100644 index 00000000000..93c21ea8552 --- /dev/null +++ b/objects/vulnerability/vulnerability--51776222-4c69-4e43-922e-88ab19718194.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9786a8e-21d9-468d-9e6c-2673e3621f45", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--51776222-4c69-4e43-922e-88ab19718194", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.437271Z", + "modified": "2025-02-05T00:20:50.437271Z", + "name": "CVE-2024-56328", + "description": "Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP, disable inline Oneboxes globally, or allow specific domains for Oneboxing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56328" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--578f25da-ec0f-400f-9d64-efddd2dbcefc.json b/objects/vulnerability/vulnerability--578f25da-ec0f-400f-9d64-efddd2dbcefc.json new file mode 100644 index 00000000000..ceb4724e201 --- /dev/null +++ b/objects/vulnerability/vulnerability--578f25da-ec0f-400f-9d64-efddd2dbcefc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dbf6f35e-3033-49a9-a4c2-bafc0069370f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--578f25da-ec0f-400f-9d64-efddd2dbcefc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.307719Z", + "modified": "2025-02-05T00:21:00.307719Z", + "name": "CVE-2025-0890", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** **UNSUPPORTED WHEN ASSIGNED**\nInsecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0890" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59de3394-4a04-4b11-9558-09175f3cfe04.json b/objects/vulnerability/vulnerability--59de3394-4a04-4b11-9558-09175f3cfe04.json new file mode 100644 index 00000000000..e2f11a1c56a --- /dev/null +++ b/objects/vulnerability/vulnerability--59de3394-4a04-4b11-9558-09175f3cfe04.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cb1b11d3-c9d2-40cb-b04b-6aec2af269bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59de3394-4a04-4b11-9558-09175f3cfe04", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.066337Z", + "modified": "2025-02-05T00:21:00.066337Z", + "name": "CVE-2025-22662", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS. This issue affects SendPulse Email Marketing Newsletter: from n/a through 2.1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22662" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b14b9a0-e77c-43dc-9ee8-d56810aafc56.json b/objects/vulnerability/vulnerability--5b14b9a0-e77c-43dc-9ee8-d56810aafc56.json new file mode 100644 index 00000000000..939530eead1 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b14b9a0-e77c-43dc-9ee8-d56810aafc56.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4134b40a-e886-434e-9b1c-253dd017bdb9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b14b9a0-e77c-43dc-9ee8-d56810aafc56", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.079178Z", + "modified": "2025-02-05T00:21:00.079178Z", + "name": "CVE-2025-22204", + "description": "Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22204" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5bbe361d-01c8-4919-8242-f008bcc67fc8.json b/objects/vulnerability/vulnerability--5bbe361d-01c8-4919-8242-f008bcc67fc8.json new file mode 100644 index 00000000000..af8677cf3e7 --- /dev/null +++ b/objects/vulnerability/vulnerability--5bbe361d-01c8-4919-8242-f008bcc67fc8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1032ac6c-2e40-4263-a2eb-457165833d67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5bbe361d-01c8-4919-8242-f008bcc67fc8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.055688Z", + "modified": "2025-02-05T00:21:00.055688Z", + "name": "CVE-2025-1010", + "description": "An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1010" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5bc9bc60-6cf8-4335-80ed-b5fbaba91e99.json b/objects/vulnerability/vulnerability--5bc9bc60-6cf8-4335-80ed-b5fbaba91e99.json new file mode 100644 index 00000000000..8d535e193d5 --- /dev/null +++ b/objects/vulnerability/vulnerability--5bc9bc60-6cf8-4335-80ed-b5fbaba91e99.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dc850c3a-5be4-4a81-8b2d-ed206c8e1da9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5bc9bc60-6cf8-4335-80ed-b5fbaba91e99", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.379349Z", + "modified": "2025-02-05T00:21:00.379349Z", + "name": "CVE-2025-20906", + "description": "Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20906" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5c69cbb5-607a-4e7b-a81a-2aa592ea2b93.json b/objects/vulnerability/vulnerability--5c69cbb5-607a-4e7b-a81a-2aa592ea2b93.json new file mode 100644 index 00000000000..ea4abda6676 --- /dev/null +++ b/objects/vulnerability/vulnerability--5c69cbb5-607a-4e7b-a81a-2aa592ea2b93.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3243d6c1-ee11-49a3-b821-faa3b3b478a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5c69cbb5-607a-4e7b-a81a-2aa592ea2b93", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.199603Z", + "modified": "2025-02-05T00:21:00.199603Z", + "name": "CVE-2025-25039", + "description": "A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25039" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5c9f52ac-d686-442b-9500-cdea0d82c824.json b/objects/vulnerability/vulnerability--5c9f52ac-d686-442b-9500-cdea0d82c824.json new file mode 100644 index 00000000000..986228e96e6 --- /dev/null +++ b/objects/vulnerability/vulnerability--5c9f52ac-d686-442b-9500-cdea0d82c824.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4feef0b8-becc-4471-a47c-2c2136b5ead3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5c9f52ac-d686-442b-9500-cdea0d82c824", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.17311Z", + "modified": "2025-02-05T00:21:00.17311Z", + "name": "CVE-2025-23015", + "description": "Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches.\n\nThis issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2.\n\nUsers are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23015" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5d895256-bea1-49ee-bb9d-65f76cc72677.json b/objects/vulnerability/vulnerability--5d895256-bea1-49ee-bb9d-65f76cc72677.json new file mode 100644 index 00000000000..0886580376e --- /dev/null +++ b/objects/vulnerability/vulnerability--5d895256-bea1-49ee-bb9d-65f76cc72677.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5d115c9f-1a31-4932-be9d-cbbe249b1e43", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5d895256-bea1-49ee-bb9d-65f76cc72677", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.129389Z", + "modified": "2025-02-05T00:21:00.129389Z", + "name": "CVE-2025-22674", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Get Bowtied Product Blocks for WooCommerce allows Stored XSS. This issue affects Product Blocks for WooCommerce: from n/a through 1.9.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22674" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6088e119-8675-4773-8c10-732e3741f9c6.json b/objects/vulnerability/vulnerability--6088e119-8675-4773-8c10-732e3741f9c6.json new file mode 100644 index 00000000000..c68ef776596 --- /dev/null +++ b/objects/vulnerability/vulnerability--6088e119-8675-4773-8c10-732e3741f9c6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--594fef69-3131-431a-a3bb-66ee0f5be9a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6088e119-8675-4773-8c10-732e3741f9c6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.112025Z", + "modified": "2025-02-05T00:21:00.112025Z", + "name": "CVE-2025-22641", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prem Tiwari FM Notification Bar allows Stored XSS. This issue affects FM Notification Bar: from n/a through 1.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22641" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6224d435-daee-4865-aad6-45baa9d0af77.json b/objects/vulnerability/vulnerability--6224d435-daee-4865-aad6-45baa9d0af77.json new file mode 100644 index 00000000000..f765e9d3954 --- /dev/null +++ b/objects/vulnerability/vulnerability--6224d435-daee-4865-aad6-45baa9d0af77.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fc395f00-3ab9-4f3f-930d-82a8ca6b84c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6224d435-daee-4865-aad6-45baa9d0af77", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.354919Z", + "modified": "2025-02-05T00:21:00.354919Z", + "name": "CVE-2025-20898", + "description": "Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20898" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63986e6f-6902-4203-87d1-4197934b16d6.json b/objects/vulnerability/vulnerability--63986e6f-6902-4203-87d1-4197934b16d6.json new file mode 100644 index 00000000000..e5e7048fe73 --- /dev/null +++ b/objects/vulnerability/vulnerability--63986e6f-6902-4203-87d1-4197934b16d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--490b2ec2-37d7-4973-9e5c-fb80ee2014b9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63986e6f-6902-4203-87d1-4197934b16d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.069785Z", + "modified": "2025-02-05T00:21:00.069785Z", + "name": "CVE-2025-22601", + "description": "Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22601" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--64565078-d76d-4515-9ad7-ad1a7704bf55.json b/objects/vulnerability/vulnerability--64565078-d76d-4515-9ad7-ad1a7704bf55.json new file mode 100644 index 00000000000..c5f114273a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--64565078-d76d-4515-9ad7-ad1a7704bf55.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bfb01b55-5deb-4ce4-b797-3138dfa463de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--64565078-d76d-4515-9ad7-ad1a7704bf55", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.302732Z", + "modified": "2025-02-05T00:20:50.302732Z", + "name": "CVE-2024-13699", + "description": "The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor’ parameter in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in versions 1.8.5, 1.8.6, and 1.8.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13699" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--65b530c2-9348-4742-916c-fcf1112fd7a6.json b/objects/vulnerability/vulnerability--65b530c2-9348-4742-916c-fcf1112fd7a6.json new file mode 100644 index 00000000000..8e33a8c4922 --- /dev/null +++ b/objects/vulnerability/vulnerability--65b530c2-9348-4742-916c-fcf1112fd7a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d5e60479-fecb-4741-a704-139d5e256fc2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--65b530c2-9348-4742-916c-fcf1112fd7a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.23634Z", + "modified": "2025-02-05T00:21:00.23634Z", + "name": "CVE-2025-24373", + "description": "woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document link and 2. Replace the URL variable `my-account` with `bulk`. The issue occurs when: 1. The store's document access is set to \"guest.\" and 2. The user is logged out. This vulnerability compromises the confidentiality of sensitive documents, affecting all stores using the plugin with the guest access option enabled. This issue has been addressed in version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24373" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6af0b71d-1e5f-4777-bdf0-d2ade0be2e27.json b/objects/vulnerability/vulnerability--6af0b71d-1e5f-4777-bdf0-d2ade0be2e27.json new file mode 100644 index 00000000000..65458cde83a --- /dev/null +++ b/objects/vulnerability/vulnerability--6af0b71d-1e5f-4777-bdf0-d2ade0be2e27.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fe4f4ad0-f843-4aa4-8c4e-00db29fa2c76", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6af0b71d-1e5f-4777-bdf0-d2ade0be2e27", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:51.002251Z", + "modified": "2025-02-05T00:20:51.002251Z", + "name": "CVE-2024-40700", + "description": "IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40700" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6b21ff19-3e09-4476-9f00-b90147698dcb.json b/objects/vulnerability/vulnerability--6b21ff19-3e09-4476-9f00-b90147698dcb.json new file mode 100644 index 00000000000..3f8edea5599 --- /dev/null +++ b/objects/vulnerability/vulnerability--6b21ff19-3e09-4476-9f00-b90147698dcb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--27643010-37df-4973-86c8-647106e30724", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6b21ff19-3e09-4476-9f00-b90147698dcb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.083148Z", + "modified": "2025-02-05T00:21:00.083148Z", + "name": "CVE-2025-22730", + "description": "Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ksher: from n/a through 1.1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22730" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c4b90bc-1513-4911-8ca3-ec5f1f3b61dd.json b/objects/vulnerability/vulnerability--6c4b90bc-1513-4911-8ca3-ec5f1f3b61dd.json new file mode 100644 index 00000000000..8cc5972b139 --- /dev/null +++ b/objects/vulnerability/vulnerability--6c4b90bc-1513-4911-8ca3-ec5f1f3b61dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ced941d0-2b4b-4990-80f0-db4e5a03de15", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c4b90bc-1513-4911-8ca3-ec5f1f3b61dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.05346Z", + "modified": "2025-02-05T00:21:00.05346Z", + "name": "CVE-2025-1014", + "description": "Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1014" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--71436668-aca2-4ecf-b8a4-9fd7c610cbc9.json b/objects/vulnerability/vulnerability--71436668-aca2-4ecf-b8a4-9fd7c610cbc9.json new file mode 100644 index 00000000000..54e94166561 --- /dev/null +++ b/objects/vulnerability/vulnerability--71436668-aca2-4ecf-b8a4-9fd7c610cbc9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--89898018-0db1-41d4-95c7-cb894c2f53ee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--71436668-aca2-4ecf-b8a4-9fd7c610cbc9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:55.736955Z", + "modified": "2025-02-05T00:20:55.736955Z", + "name": "CVE-2023-39943", + "description": "In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-39943" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--721ff9f4-3aa8-485f-9724-94252cd5ac8f.json b/objects/vulnerability/vulnerability--721ff9f4-3aa8-485f-9724-94252cd5ac8f.json new file mode 100644 index 00000000000..b0a9a7acb65 --- /dev/null +++ b/objects/vulnerability/vulnerability--721ff9f4-3aa8-485f-9724-94252cd5ac8f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--172eadfe-3260-47f5-a581-29d6f59f1261", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--721ff9f4-3aa8-485f-9724-94252cd5ac8f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.242668Z", + "modified": "2025-02-05T00:21:00.242668Z", + "name": "CVE-2025-24982", + "description": "Cross-site request forgery vulnerability exists in Activity Log WinterLock versions prior to 1.2.5. If a user views a malicious page while logged in, the log data may be deleted.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24982" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--725382d0-0a54-4615-b0b3-9fb7eeaf691e.json b/objects/vulnerability/vulnerability--725382d0-0a54-4615-b0b3-9fb7eeaf691e.json new file mode 100644 index 00000000000..e862ab74af2 --- /dev/null +++ b/objects/vulnerability/vulnerability--725382d0-0a54-4615-b0b3-9fb7eeaf691e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0f1411cf-4329-4303-848b-ab27768d9294", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--725382d0-0a54-4615-b0b3-9fb7eeaf691e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.315053Z", + "modified": "2025-02-05T00:21:00.315053Z", + "name": "CVE-2025-0368", + "description": "The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0368" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--731c9fb7-b49d-4b05-9e53-7c5cb8fc1abc.json b/objects/vulnerability/vulnerability--731c9fb7-b49d-4b05-9e53-7c5cb8fc1abc.json new file mode 100644 index 00000000000..ad676f56ed7 --- /dev/null +++ b/objects/vulnerability/vulnerability--731c9fb7-b49d-4b05-9e53-7c5cb8fc1abc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--25baf7f0-36e7-466c-bab0-7acb2f6029bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--731c9fb7-b49d-4b05-9e53-7c5cb8fc1abc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.042555Z", + "modified": "2025-02-05T00:21:00.042555Z", + "name": "CVE-2025-1019", + "description": "The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1019" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--762e4c04-e002-46ef-afdf-39da77749013.json b/objects/vulnerability/vulnerability--762e4c04-e002-46ef-afdf-39da77749013.json new file mode 100644 index 00000000000..2b9f006ff59 --- /dev/null +++ b/objects/vulnerability/vulnerability--762e4c04-e002-46ef-afdf-39da77749013.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d93a20b3-3169-4269-9cc5-87edce3071d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--762e4c04-e002-46ef-afdf-39da77749013", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.300022Z", + "modified": "2025-02-05T00:20:50.300022Z", + "name": "CVE-2024-13722", + "description": "The \"NagVis\" component within Checkmk is vulnerable to reflected cross-site scripting. An attacker can craft a malicious link that will execute arbitrary JavaScript in the context of the browser once clicked. The attack can be performed on both authenticated and unauthenticated users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13722" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7942c820-4cfc-448a-a181-960d20d801c8.json b/objects/vulnerability/vulnerability--7942c820-4cfc-448a-a181-960d20d801c8.json new file mode 100644 index 00000000000..6e20d502660 --- /dev/null +++ b/objects/vulnerability/vulnerability--7942c820-4cfc-448a-a181-960d20d801c8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e935882c-e194-4bd4-a0c7-7736cdaa9825", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7942c820-4cfc-448a-a181-960d20d801c8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.25855Z", + "modified": "2025-02-05T00:21:00.25855Z", + "name": "CVE-2025-24599", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24599" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--79ec7f4a-9ffc-49b9-9990-20bf0f9945e4.json b/objects/vulnerability/vulnerability--79ec7f4a-9ffc-49b9-9990-20bf0f9945e4.json new file mode 100644 index 00000000000..4ace0cd656b --- /dev/null +++ b/objects/vulnerability/vulnerability--79ec7f4a-9ffc-49b9-9990-20bf0f9945e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--323c718e-c483-4aeb-861c-b04c6b8b1b8a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--79ec7f4a-9ffc-49b9-9990-20bf0f9945e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.361294Z", + "modified": "2025-02-05T00:21:00.361294Z", + "name": "CVE-2025-20907", + "description": "Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20907" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ca15fa7-54c5-4fc6-a4cb-06bf7fe8ff64.json b/objects/vulnerability/vulnerability--7ca15fa7-54c5-4fc6-a4cb-06bf7fe8ff64.json new file mode 100644 index 00000000000..a7cce5ac41d --- /dev/null +++ b/objects/vulnerability/vulnerability--7ca15fa7-54c5-4fc6-a4cb-06bf7fe8ff64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cfae4e16-64e0-4c91-a105-e1eace1f8418", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ca15fa7-54c5-4fc6-a4cb-06bf7fe8ff64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:49.524022Z", + "modified": "2025-02-05T00:20:49.524022Z", + "name": "CVE-2024-45657", + "description": "IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45657" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ea9e408-3d1c-423e-b617-7d5c957f8fd9.json b/objects/vulnerability/vulnerability--7ea9e408-3d1c-423e-b617-7d5c957f8fd9.json new file mode 100644 index 00000000000..48a4c661ec4 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ea9e408-3d1c-423e-b617-7d5c957f8fd9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aba92dd3-35bf-4eab-84ba-d26f2d5fa2d5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ea9e408-3d1c-423e-b617-7d5c957f8fd9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.366234Z", + "modified": "2025-02-05T00:21:00.366234Z", + "name": "CVE-2025-20891", + "description": "Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20891" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--802c2904-76f5-4b41-9c81-3b72d8047825.json b/objects/vulnerability/vulnerability--802c2904-76f5-4b41-9c81-3b72d8047825.json new file mode 100644 index 00000000000..9a42458cb5f --- /dev/null +++ b/objects/vulnerability/vulnerability--802c2904-76f5-4b41-9c81-3b72d8047825.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5dc48d8c-8528-4e89-99b5-04af962a934b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--802c2904-76f5-4b41-9c81-3b72d8047825", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.288032Z", + "modified": "2025-02-05T00:20:50.288032Z", + "name": "CVE-2024-13403", + "description": "The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fieldHTML’ parameter in all versions up to, and including, 1.9.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13403" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--807545af-b1db-4828-bb35-f9707c7fdad1.json b/objects/vulnerability/vulnerability--807545af-b1db-4828-bb35-f9707c7fdad1.json new file mode 100644 index 00000000000..79a38559b76 --- /dev/null +++ b/objects/vulnerability/vulnerability--807545af-b1db-4828-bb35-f9707c7fdad1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--757222eb-2297-48b3-b4f6-c320b76a9c18", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--807545af-b1db-4828-bb35-f9707c7fdad1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:51.162445Z", + "modified": "2025-02-05T00:20:51.162445Z", + "name": "CVE-2024-55948", + "description": "Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55948" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8392e42e-2f11-4fc5-97ca-2a8b6a3fb6cc.json b/objects/vulnerability/vulnerability--8392e42e-2f11-4fc5-97ca-2a8b6a3fb6cc.json new file mode 100644 index 00000000000..50b36d0bbb4 --- /dev/null +++ b/objects/vulnerability/vulnerability--8392e42e-2f11-4fc5-97ca-2a8b6a3fb6cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b2ce937-f4ad-4fc5-ab59-ee29a6a931f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8392e42e-2f11-4fc5-97ca-2a8b6a3fb6cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.377474Z", + "modified": "2025-02-05T00:20:50.377474Z", + "name": "CVE-2024-53965", + "description": "Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated link or input data into a vulnerable page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53965" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--86792f8f-2268-4343-8b31-4af4f7c05728.json b/objects/vulnerability/vulnerability--86792f8f-2268-4343-8b31-4af4f7c05728.json new file mode 100644 index 00000000000..86d97401701 --- /dev/null +++ b/objects/vulnerability/vulnerability--86792f8f-2268-4343-8b31-4af4f7c05728.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--360f7e5e-0e7f-47d2-b73b-464454349d06", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--86792f8f-2268-4343-8b31-4af4f7c05728", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:49.549039Z", + "modified": "2025-02-05T00:20:49.549039Z", + "name": "CVE-2024-45658", + "description": "IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45658" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--89c838a0-b8da-40e0-b5ea-8c53f6485b08.json b/objects/vulnerability/vulnerability--89c838a0-b8da-40e0-b5ea-8c53f6485b08.json new file mode 100644 index 00000000000..69846a02917 --- /dev/null +++ b/objects/vulnerability/vulnerability--89c838a0-b8da-40e0-b5ea-8c53f6485b08.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1fa9cdaf-d995-43b5-bc4f-0ddff11ac59a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--89c838a0-b8da-40e0-b5ea-8c53f6485b08", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.352057Z", + "modified": "2025-02-05T00:21:00.352057Z", + "name": "CVE-2025-20892", + "description": "Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20892" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ba05040-0f97-45de-99b2-c20cf989cd0a.json b/objects/vulnerability/vulnerability--8ba05040-0f97-45de-99b2-c20cf989cd0a.json new file mode 100644 index 00000000000..d6533d9a1d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--8ba05040-0f97-45de-99b2-c20cf989cd0a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5d19f81-4bbd-4163-9c22-9d065d01cfe4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ba05040-0f97-45de-99b2-c20cf989cd0a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:51.739601Z", + "modified": "2025-02-05T00:20:51.739601Z", + "name": "CVE-2024-11467", + "description": "Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11467" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8bd6aad4-9591-49fa-bbc8-4d0706750914.json b/objects/vulnerability/vulnerability--8bd6aad4-9591-49fa-bbc8-4d0706750914.json new file mode 100644 index 00000000000..c38ab4fe8f5 --- /dev/null +++ b/objects/vulnerability/vulnerability--8bd6aad4-9591-49fa-bbc8-4d0706750914.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--76f2d590-0881-4b0e-82e2-386c48996984", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8bd6aad4-9591-49fa-bbc8-4d0706750914", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.418238Z", + "modified": "2025-02-05T00:20:50.418238Z", + "name": "CVE-2024-56197", + "description": "Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the \"PM tags allowed for groups\" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. Users are advised to upgrade. Users unable to upgrade should remove all groups from the the \"PM tags allowed for groups\" option.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56197" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8cdbce1c-ba6e-4336-8054-5182d613fd95.json b/objects/vulnerability/vulnerability--8cdbce1c-ba6e-4336-8054-5182d613fd95.json new file mode 100644 index 00000000000..54ea031cca1 --- /dev/null +++ b/objects/vulnerability/vulnerability--8cdbce1c-ba6e-4336-8054-5182d613fd95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--317b9685-00d9-4bd8-99f1-88dc02006bb8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8cdbce1c-ba6e-4336-8054-5182d613fd95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.30551Z", + "modified": "2025-02-05T00:21:00.30551Z", + "name": "CVE-2025-0466", + "description": "The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0466" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8fec9dd4-8732-41c2-905d-39d7ab746dba.json b/objects/vulnerability/vulnerability--8fec9dd4-8732-41c2-905d-39d7ab746dba.json new file mode 100644 index 00000000000..43f9b2758d8 --- /dev/null +++ b/objects/vulnerability/vulnerability--8fec9dd4-8732-41c2-905d-39d7ab746dba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--63f12f4e-abc6-453d-ab79-97bb7ef0345c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8fec9dd4-8732-41c2-905d-39d7ab746dba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.208478Z", + "modified": "2025-02-05T00:21:00.208478Z", + "name": "CVE-2025-24964", + "description": "Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks. When `api` option is enabled (Vitest UI enables it), Vitest starts a WebSocket server. This WebSocket server did not check Origin header and did not have any authorization mechanism and was vulnerable to CSWSH attacks. This WebSocket server has `saveTestFile` API that can edit a test file and `rerun` API that can rerun the tests. An attacker can execute arbitrary code by injecting a code in a test file by the `saveTestFile` API and then running that file by calling the `rerun` API. This vulnerability can result in remote code execution for users that are using Vitest serve API. This issue has been patched in versions 1.6.1, 2.1.9 and 3.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24964" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--918e434a-3a53-4ccd-b85a-8cebb2c91db9.json b/objects/vulnerability/vulnerability--918e434a-3a53-4ccd-b85a-8cebb2c91db9.json new file mode 100644 index 00000000000..836289b5a67 --- /dev/null +++ b/objects/vulnerability/vulnerability--918e434a-3a53-4ccd-b85a-8cebb2c91db9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4628911-4118-4832-82d4-9b474dc38326", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--918e434a-3a53-4ccd-b85a-8cebb2c91db9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.101508Z", + "modified": "2025-02-05T00:21:00.101508Z", + "name": "CVE-2025-22699", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Traveler Code. This issue affects Traveler Code: from n/a through 3.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22699" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92d21790-d05a-4cd6-8e88-ff5529dc4249.json b/objects/vulnerability/vulnerability--92d21790-d05a-4cd6-8e88-ff5529dc4249.json new file mode 100644 index 00000000000..6a2d1db09cf --- /dev/null +++ b/objects/vulnerability/vulnerability--92d21790-d05a-4cd6-8e88-ff5529dc4249.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b1ca1aa0-3b2f-4f63-bcc8-5c0ba2cfc26e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92d21790-d05a-4cd6-8e88-ff5529dc4249", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.297967Z", + "modified": "2025-02-05T00:20:50.297967Z", + "name": "CVE-2024-13331", + "description": "The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13331" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--93d5687b-33f8-4695-b13b-8c95b997dcd4.json b/objects/vulnerability/vulnerability--93d5687b-33f8-4695-b13b-8c95b997dcd4.json new file mode 100644 index 00000000000..77c92786179 --- /dev/null +++ b/objects/vulnerability/vulnerability--93d5687b-33f8-4695-b13b-8c95b997dcd4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--374a22bf-3c08-4b87-9d89-18dde0fa1913", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--93d5687b-33f8-4695-b13b-8c95b997dcd4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.087851Z", + "modified": "2025-02-05T00:21:00.087851Z", + "name": "CVE-2025-22602", + "description": "Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22602" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--95a06f06-ef3e-416a-a87c-8e562a7f2acf.json b/objects/vulnerability/vulnerability--95a06f06-ef3e-416a-a87c-8e562a7f2acf.json new file mode 100644 index 00000000000..c601d2a6356 --- /dev/null +++ b/objects/vulnerability/vulnerability--95a06f06-ef3e-416a-a87c-8e562a7f2acf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--01bc427d-82e6-48bd-99e1-4de3fcf87a8a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--95a06f06-ef3e-416a-a87c-8e562a7f2acf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.171359Z", + "modified": "2025-02-05T00:21:00.171359Z", + "name": "CVE-2025-23058", + "description": "A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23058" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9630d9cf-4850-4b2d-9fdf-69f506ab1722.json b/objects/vulnerability/vulnerability--9630d9cf-4850-4b2d-9fdf-69f506ab1722.json new file mode 100644 index 00000000000..beca0c371ef --- /dev/null +++ b/objects/vulnerability/vulnerability--9630d9cf-4850-4b2d-9fdf-69f506ab1722.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4b064529-5a8d-4b17-9f65-1fd5e14fada1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9630d9cf-4850-4b2d-9fdf-69f506ab1722", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.370719Z", + "modified": "2025-02-05T00:21:00.370719Z", + "name": "CVE-2025-20894", + "description": "Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20894" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9648532c-5bb1-44c8-9fd1-a119e855eca9.json b/objects/vulnerability/vulnerability--9648532c-5bb1-44c8-9fd1-a119e855eca9.json new file mode 100644 index 00000000000..6c299aca1de --- /dev/null +++ b/objects/vulnerability/vulnerability--9648532c-5bb1-44c8-9fd1-a119e855eca9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--156c2b56-7f38-4cae-aead-d6a828da5b0b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9648532c-5bb1-44c8-9fd1-a119e855eca9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.291875Z", + "modified": "2025-02-05T00:20:50.291875Z", + "name": "CVE-2024-13330", + "description": "The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13330" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9bc86c5a-8df0-4a4d-bb02-9eaaf78c42f7.json b/objects/vulnerability/vulnerability--9bc86c5a-8df0-4a4d-bb02-9eaaf78c42f7.json new file mode 100644 index 00000000000..41e8ba4de7b --- /dev/null +++ b/objects/vulnerability/vulnerability--9bc86c5a-8df0-4a4d-bb02-9eaaf78c42f7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9cd1c46a-9ed8-4388-98ee-6cfb3105e220", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9bc86c5a-8df0-4a4d-bb02-9eaaf78c42f7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.335902Z", + "modified": "2025-02-05T00:21:00.335902Z", + "name": "CVE-2025-20886", + "description": "Inclusion of sensitive information in test code in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20886" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a0104cc8-1dff-4ed1-b573-2ef970a28fab.json b/objects/vulnerability/vulnerability--a0104cc8-1dff-4ed1-b573-2ef970a28fab.json new file mode 100644 index 00000000000..1d10ba14820 --- /dev/null +++ b/objects/vulnerability/vulnerability--a0104cc8-1dff-4ed1-b573-2ef970a28fab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--46dca369-ec0e-4314-890a-f9474cc02324", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a0104cc8-1dff-4ed1-b573-2ef970a28fab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.323086Z", + "modified": "2025-02-05T00:21:00.323086Z", + "name": "CVE-2025-0825", + "description": "cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters (\"\\r\\n\") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0825" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a02424fe-9b82-4b32-b32b-d643a6ebd349.json b/objects/vulnerability/vulnerability--a02424fe-9b82-4b32-b32b-d643a6ebd349.json new file mode 100644 index 00000000000..d2faa5cb026 --- /dev/null +++ b/objects/vulnerability/vulnerability--a02424fe-9b82-4b32-b32b-d643a6ebd349.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f52be930-1713-4b5e-aa73-7b79e59228d9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a02424fe-9b82-4b32-b32b-d643a6ebd349", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.273362Z", + "modified": "2025-02-05T00:21:00.273362Z", + "name": "CVE-2025-0509", + "description": "A security issue was found in Sparkle before version 2.64. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0509" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a4528b86-27dc-4183-a220-caded21b6514.json b/objects/vulnerability/vulnerability--a4528b86-27dc-4183-a220-caded21b6514.json new file mode 100644 index 00000000000..0a7e3b79619 --- /dev/null +++ b/objects/vulnerability/vulnerability--a4528b86-27dc-4183-a220-caded21b6514.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5043ebc6-674c-44a8-9fe4-59a082f7a0ed", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a4528b86-27dc-4183-a220-caded21b6514", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.292574Z", + "modified": "2025-02-05T00:21:00.292574Z", + "name": "CVE-2025-0960", + "description": "AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0960" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6f5f6cb-321b-49c4-9967-162b9718e6f4.json b/objects/vulnerability/vulnerability--a6f5f6cb-321b-49c4-9967-162b9718e6f4.json new file mode 100644 index 00000000000..dda8f4aa54c --- /dev/null +++ b/objects/vulnerability/vulnerability--a6f5f6cb-321b-49c4-9967-162b9718e6f4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f9fd7289-82ee-4059-ba81-709eea9339a0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6f5f6cb-321b-49c4-9967-162b9718e6f4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.231314Z", + "modified": "2025-02-05T00:20:50.231314Z", + "name": "CVE-2024-35138", + "description": "IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35138" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a75b62c1-b69f-4e55-8ba5-e78a9b150337.json b/objects/vulnerability/vulnerability--a75b62c1-b69f-4e55-8ba5-e78a9b150337.json new file mode 100644 index 00000000000..9794d68267d --- /dev/null +++ b/objects/vulnerability/vulnerability--a75b62c1-b69f-4e55-8ba5-e78a9b150337.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dd4eca69-7e89-4ea2-a91b-e1aae33bc290", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a75b62c1-b69f-4e55-8ba5-e78a9b150337", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.262382Z", + "modified": "2025-02-05T00:21:00.262382Z", + "name": "CVE-2025-24677", + "description": "Improper Control of Generation of Code ('Code Injection') vulnerability in WPSpins Post/Page Copying Tool allows Remote Code Inclusion. This issue affects Post/Page Copying Tool: from n/a through 2.0.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24677" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa349bc7-7429-425c-b508-dd2b08a618fb.json b/objects/vulnerability/vulnerability--aa349bc7-7429-425c-b508-dd2b08a618fb.json new file mode 100644 index 00000000000..8603923718c --- /dev/null +++ b/objects/vulnerability/vulnerability--aa349bc7-7429-425c-b508-dd2b08a618fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4e9d1ad3-38ca-436e-a281-eb74401191cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa349bc7-7429-425c-b508-dd2b08a618fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.980422Z", + "modified": "2025-02-05T00:20:50.980422Z", + "name": "CVE-2024-40891", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** **UNSUPPORTED WHEN ASSIGNED**\nA post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-40891" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae95f4d8-b9f4-4ebb-8549-dca1971381d6.json b/objects/vulnerability/vulnerability--ae95f4d8-b9f4-4ebb-8549-dca1971381d6.json new file mode 100644 index 00000000000..a47af33b72e --- /dev/null +++ b/objects/vulnerability/vulnerability--ae95f4d8-b9f4-4ebb-8549-dca1971381d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5456e8ab-90f0-4021-a326-4d3c057318e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae95f4d8-b9f4-4ebb-8549-dca1971381d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.043699Z", + "modified": "2025-02-05T00:21:00.043699Z", + "name": "CVE-2025-1020", + "description": "Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1020" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ae9b7501-e012-48ed-8def-e342f1ce391e.json b/objects/vulnerability/vulnerability--ae9b7501-e012-48ed-8def-e342f1ce391e.json new file mode 100644 index 00000000000..7645ef9454d --- /dev/null +++ b/objects/vulnerability/vulnerability--ae9b7501-e012-48ed-8def-e342f1ce391e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10ccdda9-3f24-4cde-ab5a-bb9cf88bab01", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ae9b7501-e012-48ed-8def-e342f1ce391e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.34636Z", + "modified": "2025-02-05T00:20:50.34636Z", + "name": "CVE-2024-53966", + "description": "Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53966" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--afa9c429-c767-4857-8178-379a637e072d.json b/objects/vulnerability/vulnerability--afa9c429-c767-4857-8178-379a637e072d.json new file mode 100644 index 00000000000..9858a459c57 --- /dev/null +++ b/objects/vulnerability/vulnerability--afa9c429-c767-4857-8178-379a637e072d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b76c4dc-fceb-4d55-a3f6-ae381a985f54", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--afa9c429-c767-4857-8178-379a637e072d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:51.506875Z", + "modified": "2025-02-05T00:20:51.506875Z", + "name": "CVE-2024-8125", + "description": "Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection. \n\nA bad actor with the required OpenText Content Management privileges (not root) could expose\nthe vulnerability to carry out a remote code execution attack on the target system.\n\nThis issue affects Content Management (Extended ECM): from 10.0 through 24.4 \n\n with WebReports module\ninstalled and enabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-8125" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b11819c3-23c7-407f-ae8f-3b7bf9a7e284.json b/objects/vulnerability/vulnerability--b11819c3-23c7-407f-ae8f-3b7bf9a7e284.json new file mode 100644 index 00000000000..5c73823238d --- /dev/null +++ b/objects/vulnerability/vulnerability--b11819c3-23c7-407f-ae8f-3b7bf9a7e284.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--13e7e869-eec0-4a5d-87cc-ac744ce0379a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b11819c3-23c7-407f-ae8f-3b7bf9a7e284", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.324323Z", + "modified": "2025-02-05T00:21:00.324323Z", + "name": "CVE-2025-0510", + "description": "Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b1fa6a29-84ff-412c-ad80-637d4899a216.json b/objects/vulnerability/vulnerability--b1fa6a29-84ff-412c-ad80-637d4899a216.json new file mode 100644 index 00000000000..a9495940659 --- /dev/null +++ b/objects/vulnerability/vulnerability--b1fa6a29-84ff-412c-ad80-637d4899a216.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c04e87f2-cb69-44fc-b64f-a25e90edd171", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b1fa6a29-84ff-412c-ad80-637d4899a216", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.375634Z", + "modified": "2025-02-05T00:21:00.375634Z", + "name": "CVE-2025-20883", + "description": "Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20883" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b41d9b39-2d1e-4723-b883-60c53fa9268d.json b/objects/vulnerability/vulnerability--b41d9b39-2d1e-4723-b883-60c53fa9268d.json new file mode 100644 index 00000000000..65e381c74b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--b41d9b39-2d1e-4723-b883-60c53fa9268d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--913d6684-2373-491d-9a10-e7c749bc183f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b41d9b39-2d1e-4723-b883-60c53fa9268d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.058736Z", + "modified": "2025-02-05T00:21:00.058736Z", + "name": "CVE-2025-1013", + "description": "A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1013" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bc315010-3d22-4f47-8c61-6e4b91ce522e.json b/objects/vulnerability/vulnerability--bc315010-3d22-4f47-8c61-6e4b91ce522e.json new file mode 100644 index 00000000000..00a60a5a2bd --- /dev/null +++ b/objects/vulnerability/vulnerability--bc315010-3d22-4f47-8c61-6e4b91ce522e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82f40f3f-307e-45f9-954e-b2ad35c4648a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bc315010-3d22-4f47-8c61-6e4b91ce522e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.319658Z", + "modified": "2025-02-05T00:20:50.319658Z", + "name": "CVE-2024-13514", + "description": "The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13514" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bc622705-95fa-4b3c-99eb-7b1ea98e3931.json b/objects/vulnerability/vulnerability--bc622705-95fa-4b3c-99eb-7b1ea98e3931.json new file mode 100644 index 00000000000..ed7e4f75d7c --- /dev/null +++ b/objects/vulnerability/vulnerability--bc622705-95fa-4b3c-99eb-7b1ea98e3931.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6a518064-3daf-4986-8bc1-56228b1f779a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bc622705-95fa-4b3c-99eb-7b1ea98e3931", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:51.226759Z", + "modified": "2025-02-05T00:20:51.226759Z", + "name": "CVE-2024-48445", + "description": "An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48445" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bcccdf5e-c8b0-4c63-be1b-e3928574969a.json b/objects/vulnerability/vulnerability--bcccdf5e-c8b0-4c63-be1b-e3928574969a.json new file mode 100644 index 00000000000..684a7265dd8 --- /dev/null +++ b/objects/vulnerability/vulnerability--bcccdf5e-c8b0-4c63-be1b-e3928574969a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--afb0fbc5-cffc-433a-be21-e863c743a47c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bcccdf5e-c8b0-4c63-be1b-e3928574969a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.39166Z", + "modified": "2025-02-05T00:20:50.39166Z", + "name": "CVE-2024-53963", + "description": "Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated link or input data into a vulnerable page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53963" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bcdd935e-672b-498d-b4d9-5a253a6e7385.json b/objects/vulnerability/vulnerability--bcdd935e-672b-498d-b4d9-5a253a6e7385.json new file mode 100644 index 00000000000..c447cbe1105 --- /dev/null +++ b/objects/vulnerability/vulnerability--bcdd935e-672b-498d-b4d9-5a253a6e7385.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb1c124b-d007-4d89-a710-1d2a09de6f0b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bcdd935e-672b-498d-b4d9-5a253a6e7385", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.350163Z", + "modified": "2025-02-05T00:20:50.350163Z", + "name": "CVE-2024-53994", + "description": "Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53994" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2a8fdc6-f25d-4875-8b1c-0d40ef547544.json b/objects/vulnerability/vulnerability--c2a8fdc6-f25d-4875-8b1c-0d40ef547544.json new file mode 100644 index 00000000000..453dd7c1747 --- /dev/null +++ b/objects/vulnerability/vulnerability--c2a8fdc6-f25d-4875-8b1c-0d40ef547544.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1e60292-dc12-4164-af40-d6ec358c359f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2a8fdc6-f25d-4875-8b1c-0d40ef547544", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.127618Z", + "modified": "2025-02-05T00:21:00.127618Z", + "name": "CVE-2025-22205", + "description": "Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22205" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c64e510e-850d-49e1-a823-343a575fd04b.json b/objects/vulnerability/vulnerability--c64e510e-850d-49e1-a823-343a575fd04b.json new file mode 100644 index 00000000000..5e7df84d8a8 --- /dev/null +++ b/objects/vulnerability/vulnerability--c64e510e-850d-49e1-a823-343a575fd04b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6554915d-c99d-4f10-9ff7-0a822f33760e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c64e510e-850d-49e1-a823-343a575fd04b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:49.537732Z", + "modified": "2025-02-05T00:20:49.537732Z", + "name": "CVE-2024-45659", + "description": "IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45659" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c730ad6b-402a-4ccf-a92a-39e7d5d933d6.json b/objects/vulnerability/vulnerability--c730ad6b-402a-4ccf-a92a-39e7d5d933d6.json new file mode 100644 index 00000000000..03c251f7874 --- /dev/null +++ b/objects/vulnerability/vulnerability--c730ad6b-402a-4ccf-a92a-39e7d5d933d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ef98c6bf-5b3d-4588-873f-c6ead6cddacd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c730ad6b-402a-4ccf-a92a-39e7d5d933d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.104847Z", + "modified": "2025-02-05T00:21:00.104847Z", + "name": "CVE-2025-22697", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Reflected XSS. This issue affects Responsive Blocks: from n/a through 1.9.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22697" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c9b1449d-3c69-4eb4-b051-d495c5e976c2.json b/objects/vulnerability/vulnerability--c9b1449d-3c69-4eb4-b051-d495c5e976c2.json new file mode 100644 index 00000000000..19cd4afe67e --- /dev/null +++ b/objects/vulnerability/vulnerability--c9b1449d-3c69-4eb4-b051-d495c5e976c2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7e735753-8e08-45af-98c3-00cc589cdb2e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c9b1449d-3c69-4eb4-b051-d495c5e976c2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.257441Z", + "modified": "2025-02-05T00:21:00.257441Z", + "name": "CVE-2025-24648", + "description": "Incorrect Privilege Assignment vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24648" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cc44ed78-2728-4390-aad7-237609958b47.json b/objects/vulnerability/vulnerability--cc44ed78-2728-4390-aad7-237609958b47.json new file mode 100644 index 00000000000..a310ffc008b --- /dev/null +++ b/objects/vulnerability/vulnerability--cc44ed78-2728-4390-aad7-237609958b47.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e565972a-5126-41cc-925f-1559fec6405b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cc44ed78-2728-4390-aad7-237609958b47", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.18411Z", + "modified": "2025-02-05T00:21:00.18411Z", + "name": "CVE-2025-23645", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Optimize Worldwide Find Content IDs allows Reflected XSS. This issue affects Find Content IDs: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23645" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cfba1a5a-b000-4bb1-8d34-042e9de64e70.json b/objects/vulnerability/vulnerability--cfba1a5a-b000-4bb1-8d34-042e9de64e70.json new file mode 100644 index 00000000000..ecf8f606923 --- /dev/null +++ b/objects/vulnerability/vulnerability--cfba1a5a-b000-4bb1-8d34-042e9de64e70.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e6f6f309-2093-48a5-8dae-bc0e2fd2f193", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cfba1a5a-b000-4bb1-8d34-042e9de64e70", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:49.291575Z", + "modified": "2025-02-05T00:20:49.291575Z", + "name": "CVE-2024-12597", + "description": "The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'block_css' and 'inner_css' parameters in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12597" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d238f2da-f001-44f4-b1df-dd83c5128f66.json b/objects/vulnerability/vulnerability--d238f2da-f001-44f4-b1df-dd83c5128f66.json new file mode 100644 index 00000000000..7e04e09f190 --- /dev/null +++ b/objects/vulnerability/vulnerability--d238f2da-f001-44f4-b1df-dd83c5128f66.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c77366f0-73c3-4253-9a02-bc4bfbb21413", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d238f2da-f001-44f4-b1df-dd83c5128f66", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.342453Z", + "modified": "2025-02-05T00:21:00.342453Z", + "name": "CVE-2025-20905", + "description": "Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20905" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d249ede4-12d2-4e83-8389-0c91b6cb20f5.json b/objects/vulnerability/vulnerability--d249ede4-12d2-4e83-8389-0c91b6cb20f5.json new file mode 100644 index 00000000000..5606c5f27a4 --- /dev/null +++ b/objects/vulnerability/vulnerability--d249ede4-12d2-4e83-8389-0c91b6cb20f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b8fdd861-efbe-4380-8f00-cab463c514a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d249ede4-12d2-4e83-8389-0c91b6cb20f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.367636Z", + "modified": "2025-02-05T00:21:00.367636Z", + "name": "CVE-2025-20885", + "description": "Out-of-bounds write in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20885" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d7315b1c-9986-4916-9530-7fa58ad369da.json b/objects/vulnerability/vulnerability--d7315b1c-9986-4916-9530-7fa58ad369da.json new file mode 100644 index 00000000000..7631a5841da --- /dev/null +++ b/objects/vulnerability/vulnerability--d7315b1c-9986-4916-9530-7fa58ad369da.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04c43b3c-6f89-4a93-90c0-caa7f85d5b60", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d7315b1c-9986-4916-9530-7fa58ad369da", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.0547Z", + "modified": "2025-02-05T00:21:00.0547Z", + "name": "CVE-2025-1015", + "description": "The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book, clicking on the link could result in opening a web page inside Thunderbird, and that page could execute (unprivileged) JavaScript. This vulnerability affects Thunderbird < 128.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1015" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d82f5398-bb49-4bb9-bb30-19b685718c62.json b/objects/vulnerability/vulnerability--d82f5398-bb49-4bb9-bb30-19b685718c62.json new file mode 100644 index 00000000000..27f60841d04 --- /dev/null +++ b/objects/vulnerability/vulnerability--d82f5398-bb49-4bb9-bb30-19b685718c62.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0cc2667e-b7f2-4f3c-b14b-6acb463fd30e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d82f5398-bb49-4bb9-bb30-19b685718c62", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:49.564709Z", + "modified": "2025-02-05T00:20:49.564709Z", + "name": "CVE-2024-27137", + "description": "In Apache Cassandra it is possible for a local attacker without access\n to the Apache Cassandra process or configuration files to manipulate \nthe RMI registry to perform a man-in-the-middle attack and capture user \nnames and passwords used to access the JMX interface. The attacker can \nthen use these credentials to access the JMX interface and perform \nunauthorized operations.\n\n\nThis is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.\n\n\nThis issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.\n\n\nOperators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27137" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da1df684-65fd-402a-aee6-0570a1de143e.json b/objects/vulnerability/vulnerability--da1df684-65fd-402a-aee6-0570a1de143e.json new file mode 100644 index 00000000000..03d76f48635 --- /dev/null +++ b/objects/vulnerability/vulnerability--da1df684-65fd-402a-aee6-0570a1de143e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85ee63a3-2594-43cf-ba69-1fb47ef45439", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da1df684-65fd-402a-aee6-0570a1de143e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.346661Z", + "modified": "2025-02-05T00:21:00.346661Z", + "name": "CVE-2025-20884", + "description": "Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20884" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da3e3c48-e842-4c7b-8bdc-1adaa10cb30d.json b/objects/vulnerability/vulnerability--da3e3c48-e842-4c7b-8bdc-1adaa10cb30d.json new file mode 100644 index 00000000000..a21d756b7be --- /dev/null +++ b/objects/vulnerability/vulnerability--da3e3c48-e842-4c7b-8bdc-1adaa10cb30d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e387be65-2eee-4e85-acf6-1c514af0ad12", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da3e3c48-e842-4c7b-8bdc-1adaa10cb30d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.119074Z", + "modified": "2025-02-05T00:21:00.119074Z", + "name": "CVE-2025-22643", + "description": "Missing Authorization vulnerability in FameThemes OnePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OnePress: from n/a through 2.3.11.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22643" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--de071fe9-b8ef-4098-9528-32dcd8af0f16.json b/objects/vulnerability/vulnerability--de071fe9-b8ef-4098-9528-32dcd8af0f16.json new file mode 100644 index 00000000000..aba7a65bdd1 --- /dev/null +++ b/objects/vulnerability/vulnerability--de071fe9-b8ef-4098-9528-32dcd8af0f16.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e496aa6c-d46c-439e-9361-1e36a136681f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--de071fe9-b8ef-4098-9528-32dcd8af0f16", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.361288Z", + "modified": "2025-02-05T00:20:50.361288Z", + "name": "CVE-2024-53266", + "description": "Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. This has been patched in the latest version of Discourse core. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53266" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--de34c13e-9cc7-4c56-ae74-f8b3a5047596.json b/objects/vulnerability/vulnerability--de34c13e-9cc7-4c56-ae74-f8b3a5047596.json new file mode 100644 index 00000000000..cffc171a3ac --- /dev/null +++ b/objects/vulnerability/vulnerability--de34c13e-9cc7-4c56-ae74-f8b3a5047596.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dc7d865d-42b7-4662-881c-3ed478221eda", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--de34c13e-9cc7-4c56-ae74-f8b3a5047596", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.309251Z", + "modified": "2025-02-05T00:20:50.309251Z", + "name": "CVE-2024-13327", + "description": "The Musicbox WordPress plugin through 2.0.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13327" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--df394d10-31ca-4cf4-95e8-2297e211dfd4.json b/objects/vulnerability/vulnerability--df394d10-31ca-4cf4-95e8-2297e211dfd4.json new file mode 100644 index 00000000000..60179afd0a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--df394d10-31ca-4cf4-95e8-2297e211dfd4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10249057-fe08-4e7e-b7ff-55f19e257516", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--df394d10-31ca-4cf4-95e8-2297e211dfd4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.309825Z", + "modified": "2025-02-05T00:21:00.309825Z", + "name": "CVE-2025-0451", + "description": "Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0451" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e159b384-b328-4419-ace9-5d063ade918f.json b/objects/vulnerability/vulnerability--e159b384-b328-4419-ace9-5d063ade918f.json new file mode 100644 index 00000000000..923462c2b7f --- /dev/null +++ b/objects/vulnerability/vulnerability--e159b384-b328-4419-ace9-5d063ade918f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2067732d-48fa-46ea-bf74-a7606d41655a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e159b384-b328-4419-ace9-5d063ade918f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:51.189798Z", + "modified": "2025-02-05T00:20:51.189798Z", + "name": "CVE-2024-48019", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris.\n\n\nApplication administrators can read arbitrary\nfiles from the server filesystem through path traversal.\n\n\nUsers are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48019" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e2dc53ac-1634-440c-98ef-bcb479f934f1.json b/objects/vulnerability/vulnerability--e2dc53ac-1634-440c-98ef-bcb479f934f1.json new file mode 100644 index 00000000000..c4ba895a1f6 --- /dev/null +++ b/objects/vulnerability/vulnerability--e2dc53ac-1634-440c-98ef-bcb479f934f1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e85286e-7806-4420-8ece-5bdf39e3cab2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e2dc53ac-1634-440c-98ef-bcb479f934f1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.389897Z", + "modified": "2025-02-05T00:21:00.389897Z", + "name": "CVE-2025-20897", + "description": "Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20897" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e5bfe735-5638-4d65-a541-6c9252d2b645.json b/objects/vulnerability/vulnerability--e5bfe735-5638-4d65-a541-6c9252d2b645.json new file mode 100644 index 00000000000..6ce9bb3a416 --- /dev/null +++ b/objects/vulnerability/vulnerability--e5bfe735-5638-4d65-a541-6c9252d2b645.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ad1fb1c-5991-408c-93b6-92bae4c2a0f5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e5bfe735-5638-4d65-a541-6c9252d2b645", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.36905Z", + "modified": "2025-02-05T00:21:00.36905Z", + "name": "CVE-2025-20901", + "description": "Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20901" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e844d8ba-65fc-4bcc-aa17-31ca8fcc0c2e.json b/objects/vulnerability/vulnerability--e844d8ba-65fc-4bcc-aa17-31ca8fcc0c2e.json new file mode 100644 index 00000000000..8850ddf6e25 --- /dev/null +++ b/objects/vulnerability/vulnerability--e844d8ba-65fc-4bcc-aa17-31ca8fcc0c2e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a6e0df8-51ef-48bf-a278-6a05cf938df4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e844d8ba-65fc-4bcc-aa17-31ca8fcc0c2e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.247133Z", + "modified": "2025-02-05T00:21:00.247133Z", + "name": "CVE-2025-24968", + "description": "reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24968" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9231f32-51c4-4b9a-94cf-487d6eb2b7b0.json b/objects/vulnerability/vulnerability--e9231f32-51c4-4b9a-94cf-487d6eb2b7b0.json new file mode 100644 index 00000000000..aa5db84f548 --- /dev/null +++ b/objects/vulnerability/vulnerability--e9231f32-51c4-4b9a-94cf-487d6eb2b7b0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6aa0e9e2-6706-4854-a8ca-d4b8294afc00", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9231f32-51c4-4b9a-94cf-487d6eb2b7b0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.063798Z", + "modified": "2025-02-05T00:21:00.063798Z", + "name": "CVE-2025-1018", + "description": "The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1018" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9c4a6dd-4b4b-4b47-920e-f19e5901019a.json b/objects/vulnerability/vulnerability--e9c4a6dd-4b4b-4b47-920e-f19e5901019a.json new file mode 100644 index 00000000000..d15c8b985ab --- /dev/null +++ b/objects/vulnerability/vulnerability--e9c4a6dd-4b4b-4b47-920e-f19e5901019a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e59ea8b5-1bd8-42c4-8100-7a8e05fdd651", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9c4a6dd-4b4b-4b47-920e-f19e5901019a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.347806Z", + "modified": "2025-02-05T00:21:00.347806Z", + "name": "CVE-2025-20888", + "description": "Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20888" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb10217f-9a90-4995-b86b-78daf8990c55.json b/objects/vulnerability/vulnerability--eb10217f-9a90-4995-b86b-78daf8990c55.json new file mode 100644 index 00000000000..8e026cbbbac --- /dev/null +++ b/objects/vulnerability/vulnerability--eb10217f-9a90-4995-b86b-78daf8990c55.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19c4b12b-0b97-4773-be69-4e7f46097287", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb10217f-9a90-4995-b86b-78daf8990c55", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.391807Z", + "modified": "2025-02-05T00:21:00.391807Z", + "name": "CVE-2025-20904", + "description": "Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20904" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec713a8c-9c5f-4000-b878-eab9e64fc4c9.json b/objects/vulnerability/vulnerability--ec713a8c-9c5f-4000-b878-eab9e64fc4c9.json new file mode 100644 index 00000000000..8c6d786a08a --- /dev/null +++ b/objects/vulnerability/vulnerability--ec713a8c-9c5f-4000-b878-eab9e64fc4c9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--da7db902-9a31-4828-8fd4-36c4bd1edc09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec713a8c-9c5f-4000-b878-eab9e64fc4c9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.056688Z", + "modified": "2025-02-05T00:21:00.056688Z", + "name": "CVE-2025-1017", + "description": "Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1017" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edb26faf-1b89-4a3c-9b94-972c98bdc3a1.json b/objects/vulnerability/vulnerability--edb26faf-1b89-4a3c-9b94-972c98bdc3a1.json new file mode 100644 index 00000000000..f4b12e6c14a --- /dev/null +++ b/objects/vulnerability/vulnerability--edb26faf-1b89-4a3c-9b94-972c98bdc3a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c42ff9a-1a5b-4874-84d0-3c686d430d14", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edb26faf-1b89-4a3c-9b94-972c98bdc3a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.321864Z", + "modified": "2025-02-05T00:20:50.321864Z", + "name": "CVE-2024-13332", + "description": "The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13332" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ef7cb4de-3c0b-464d-b6c1-fb8e30093c59.json b/objects/vulnerability/vulnerability--ef7cb4de-3c0b-464d-b6c1-fb8e30093c59.json new file mode 100644 index 00000000000..c3141a67b79 --- /dev/null +++ b/objects/vulnerability/vulnerability--ef7cb4de-3c0b-464d-b6c1-fb8e30093c59.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ae74dcd9-99ba-4325-834f-0ae4b65f2441", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ef7cb4de-3c0b-464d-b6c1-fb8e30093c59", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.380947Z", + "modified": "2025-02-05T00:21:00.380947Z", + "name": "CVE-2025-20889", + "description": "Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20889" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0aa848d-195f-48eb-ba72-5bddd0ba499a.json b/objects/vulnerability/vulnerability--f0aa848d-195f-48eb-ba72-5bddd0ba499a.json new file mode 100644 index 00000000000..ae1cf136831 --- /dev/null +++ b/objects/vulnerability/vulnerability--f0aa848d-195f-48eb-ba72-5bddd0ba499a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dcc48d7c-9f88-43ce-a4b8-fd94aa18c4fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0aa848d-195f-48eb-ba72-5bddd0ba499a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.068414Z", + "modified": "2025-02-05T00:21:00.068414Z", + "name": "CVE-2025-22696", + "description": "Missing Authorization vulnerability in EmbedPress Document Block – Upload & Embed Docs. This issue affects Document Block – Upload & Embed Docs: from n/a through 1.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22696" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f46625a0-94dd-4c02-85ee-f710ede55b81.json b/objects/vulnerability/vulnerability--f46625a0-94dd-4c02-85ee-f710ede55b81.json new file mode 100644 index 00000000000..7a70faa055e --- /dev/null +++ b/objects/vulnerability/vulnerability--f46625a0-94dd-4c02-85ee-f710ede55b81.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc3fcdf2-6823-4eb5-b400-6b2825ebb552", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f46625a0-94dd-4c02-85ee-f710ede55b81", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.166822Z", + "modified": "2025-02-05T00:21:00.166822Z", + "name": "CVE-2025-23059", + "description": "A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23059" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8749a56-125d-4c32-825e-861236dc83f5.json b/objects/vulnerability/vulnerability--f8749a56-125d-4c32-825e-861236dc83f5.json new file mode 100644 index 00000000000..53a06b5ddf0 --- /dev/null +++ b/objects/vulnerability/vulnerability--f8749a56-125d-4c32-825e-861236dc83f5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ec617ad-ef5c-48f6-a930-22c337549c06", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8749a56-125d-4c32-825e-861236dc83f5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.317264Z", + "modified": "2025-02-05T00:20:50.317264Z", + "name": "CVE-2024-13733", + "description": "The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks/post-carousel block in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13733" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fd4deda1-0201-4950-9d25-0769fdd3b2f3.json b/objects/vulnerability/vulnerability--fd4deda1-0201-4950-9d25-0769fdd3b2f3.json new file mode 100644 index 00000000000..646e341df42 --- /dev/null +++ b/objects/vulnerability/vulnerability--fd4deda1-0201-4950-9d25-0769fdd3b2f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f40c98d3-c6d8-4d66-b1d9-c91d274ad526", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fd4deda1-0201-4950-9d25-0769fdd3b2f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.325286Z", + "modified": "2025-02-05T00:20:50.325286Z", + "name": "CVE-2024-13510", + "description": "The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fdfb2f30-0503-40ff-89a3-32289507410c.json b/objects/vulnerability/vulnerability--fdfb2f30-0503-40ff-89a3-32289507410c.json new file mode 100644 index 00000000000..a81cae0ae13 --- /dev/null +++ b/objects/vulnerability/vulnerability--fdfb2f30-0503-40ff-89a3-32289507410c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bab7895e-6c6f-4ef7-b118-464cf817bcef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fdfb2f30-0503-40ff-89a3-32289507410c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:21:00.214422Z", + "modified": "2025-02-05T00:21:00.214422Z", + "name": "CVE-2025-24966", + "description": "reNgine is an automated reconnaissance framework for web applications. HTML Injection occurs when an application improperly validates or sanitizes user inputs, allowing attackers to inject arbitrary HTML code. In this scenario, the vulnerability exists in the \"Add Target\" functionality of the application, where the Target Organization and Target Description fields accept HTML payloads. The injected HTML is rendered and executed in the target area, potentially leading to malicious actions. Exploitation of HTML Injection can compromise the application's integrity and user trust. Attackers can execute unauthorized actions, steal sensitive information, or trick users into performing harmful actions. The organization's reputation, customer trust, and regulatory compliance could be negatively affected. This issue affects all versions up to and including 2.2.0. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24966" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fe1a11fa-e241-47ea-830d-a49cbce783e1.json b/objects/vulnerability/vulnerability--fe1a11fa-e241-47ea-830d-a49cbce783e1.json new file mode 100644 index 00000000000..0d82030d5b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--fe1a11fa-e241-47ea-830d-a49cbce783e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e3073c08-ef39-4694-b554-0c7bad3f8a67", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fe1a11fa-e241-47ea-830d-a49cbce783e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-05T00:20:50.301173Z", + "modified": "2025-02-05T00:20:50.301173Z", + "name": "CVE-2024-13329", + "description": "The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13329" + } + ] + } + ] +} \ No newline at end of file