From 468cb5c3075c530a4688f0c8d2fd0507ca806264 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 4 Feb 2025 00:37:01 +0000 Subject: [PATCH] generated content from 2025-02-04 --- mapping.csv | 185 ++++++++++++++++++ ...-00ea850d-ba1f-4841-a89b-b289b0d99e64.json | 22 +++ ...-01b8285e-0b78-421f-a939-0a27af9c7258.json | 22 +++ ...-038cadeb-565b-46d1-9347-32559a82f35d.json | 22 +++ ...-05657499-c450-4292-91e7-ef0465abacff.json | 22 +++ ...-05a86bb1-d37f-44e5-a5a2-0fc45cb27568.json | 22 +++ ...-0719107a-969c-4aee-9105-e8b5a6e8ffc6.json | 22 +++ ...-0776f98c-8af8-4379-a966-a82b7e7f322c.json | 22 +++ ...-07d7e272-8d9d-4264-aa7b-84a2e62b54fe.json | 22 +++ ...-086b3bb7-e851-4d5f-bf2b-eb8b3b8edf5a.json | 22 +++ ...-09507438-76c6-450f-8663-e28d93a89238.json | 22 +++ ...-0a47c903-3953-4548-8a26-f93fb03ad03f.json | 22 +++ ...-0a95a7e8-b0df-43b9-9938-ead9a32284fb.json | 22 +++ ...-0d103ac0-cb9a-49f2-a3d5-19d5086edc0f.json | 22 +++ ...-0dfd2d2c-fd4a-4f32-b143-ebd298e2222d.json | 22 +++ ...-0f012650-c1f6-4bb6-9636-b47f81cbe736.json | 22 +++ ...-104ff45b-adbb-42a7-95dd-6e10ed60a629.json | 22 +++ ...-130724db-3d29-41ba-bd7b-d624bcf323f9.json | 22 +++ ...-168f1a1a-fbaf-4217-85c2-f307c573e873.json | 22 +++ ...-18fc97fc-fc6f-4548-84e7-abd00c9fe73a.json | 22 +++ ...-19ed4503-6e07-4f9c-ab28-38011ccf9ba2.json | 22 +++ ...-1b37762f-0c57-41a9-b510-20cd959afd3a.json | 22 +++ ...-1b51cd60-9acd-42cd-9b75-93212ead5996.json | 22 +++ ...-1bbaff93-26f7-44f5-a61d-4c06eed7210d.json | 22 +++ ...-1c56b076-a64b-411a-a5a2-d4243e08c0f0.json | 22 +++ ...-1c764525-eb53-49d3-83b7-343f94983082.json | 22 +++ ...-1cdb7402-091f-4c66-8d3c-ca0b48e39d95.json | 22 +++ ...-1e20075e-2140-4926-a18a-631f60082889.json | 22 +++ ...-1e7aaacd-6328-4b1b-ad72-dd6360a81d61.json | 22 +++ ...-1fbd3951-ef54-4cc0-8fe1-39266dd1097b.json | 22 +++ ...-202127f3-31a6-4880-80ba-808b77119485.json | 22 +++ ...-20ad7902-a3bb-496b-83a9-a2aa369291b8.json | 22 +++ ...-213b3e52-0338-4d4e-91c7-e56114c97559.json | 22 +++ ...-23ee648e-170e-4c2d-993c-b360408b2743.json | 22 +++ ...-240561e8-d303-4283-a3a7-a3c6090bd9bc.json | 22 +++ ...-250bbf3f-226b-452e-b41c-12c8687a7d74.json | 22 +++ ...-2660b7a5-0344-40d6-b4ca-2f7f0c36afa8.json | 22 +++ ...-269c9aef-6244-492f-873e-9d2891705ac9.json | 22 +++ ...-2831571c-5513-4623-890a-437f32e354c3.json | 22 +++ ...-28e74f1e-df82-4be1-b3e8-c330023b70e4.json | 22 +++ ...-2c4a4e34-b355-4055-b69f-a48735b3cd75.json | 22 +++ ...-2cc05e86-bf8f-45b7-bfee-ab8bab0ca032.json | 22 +++ ...-2cead0ea-4c84-4217-a8d8-faa1645122cc.json | 22 +++ ...-2d182a05-c993-4561-a532-8a7b95f81da0.json | 22 +++ ...-2e3469b1-29fc-4cda-9be1-d55f43ac9c09.json | 22 +++ ...-2f4e95bf-9d88-4933-a264-69d67d880662.json | 22 +++ ...-30347b27-7fdb-4722-a29b-179abf250b40.json | 22 +++ ...-327c7630-e3e3-4960-93df-508391b71766.json | 22 +++ ...-330969e8-e0be-4b19-a22e-5c5869c05860.json | 22 +++ ...-379cb12d-850d-4406-bcd0-984b1bd79de2.json | 22 +++ ...-38a3e829-b31c-449d-8f4d-10e3be3e7f6a.json | 22 +++ ...-393a0e8f-03f0-491a-aca2-1895fe00846a.json | 22 +++ ...-3b81344b-b48b-48de-b04e-a4712804dfbb.json | 22 +++ ...-3c6d5136-8050-4cd8-8490-d64a594d97f2.json | 22 +++ ...-3cf6ed12-4527-4725-994c-0df5fee5353f.json | 22 +++ ...-3d185a34-02f3-400f-8ab4-d89a97646faf.json | 22 +++ ...-404a3963-c743-49c4-a37f-0bbe5a5a173c.json | 22 +++ ...-405a5c9b-b25f-418e-9f5f-89d09c928e23.json | 22 +++ ...-41afc89d-cd40-447c-bb9b-6e4057216471.json | 22 +++ ...-43a0ec15-95bf-4e33-8cd2-5805940961dd.json | 22 +++ ...-45754ac4-328d-4477-976c-204a466abfef.json | 22 +++ ...-4929795a-16c8-4cbd-8a41-b9d467144ea7.json | 22 +++ ...-4a82dc6c-2049-46b1-b243-07a98ca66bcc.json | 22 +++ ...-4c02bb01-8e1f-49b0-8548-5090eb3898db.json | 22 +++ ...-4d233d6e-eaef-4f1c-8a8d-baf19d4de7ef.json | 22 +++ ...-4d48da99-d331-44be-8a7d-bc109591abc6.json | 22 +++ ...-5162f8ad-2b4f-41aa-a6e1-f913e12c2eb2.json | 22 +++ ...-5247c33e-c2cd-444e-8535-06fdc10a47e2.json | 22 +++ ...-533cb943-31b2-4941-90cb-d3fd4624e255.json | 22 +++ ...-55ae5c95-434d-4645-bd76-94dc9e5fd961.json | 22 +++ ...-57b01de3-fb49-4a79-8d6c-7136822546d1.json | 22 +++ ...-57ebeec9-d99b-415e-a251-b489354f1511.json | 22 +++ ...-5af08757-ac8b-4c75-9ccc-6fcc82e95496.json | 22 +++ ...-5b5153b7-8be1-4967-b7ec-f487643e190c.json | 22 +++ ...-5ce237cf-90df-4577-a8b5-e86c4b514f7e.json | 22 +++ ...-5df686d6-2514-4256-b97f-07f1cf5e192f.json | 22 +++ ...-61e8ed77-cbed-4786-befb-31e8fdf7f2ef.json | 22 +++ ...-633e56fa-0483-45d3-94e6-e17c902b8933.json | 22 +++ ...-678d4706-e2e9-4111-9c59-3ed6b6c394d9.json | 22 +++ ...-6b7aaa9a-45ec-430e-b57c-77284ee2ea9e.json | 22 +++ ...-6c0e205f-5d1a-412b-9d2c-ee14bd5eedd2.json | 22 +++ ...-6c493e55-a843-411b-9b4f-8ee8f764ec61.json | 22 +++ ...-6ea948ff-e496-4b11-8e4d-bea0b95291da.json | 22 +++ ...-7091b74d-e16e-432d-96f2-045b83284a98.json | 22 +++ ...-72175004-ed3f-4fe2-8d7c-629b124ae870.json | 22 +++ ...-72eacb6c-a7e4-4fbc-98fe-3d32486e8fa1.json | 22 +++ ...-738664d1-6377-443f-879d-80a13a856ea0.json | 22 +++ ...-746fc469-3f91-4883-bb84-db14e74f4562.json | 22 +++ ...-74d1a8e7-35f3-4d8c-a980-18812594ab3d.json | 22 +++ ...-758d4c68-dffc-4e04-8eb2-d938698c9183.json | 22 +++ ...-76abc95f-f4c3-4809-a2c8-8658d479389e.json | 22 +++ ...-7c18e639-6f22-41f6-83dd-18a818854ccb.json | 22 +++ ...-7d17001f-b367-4a21-9a04-4347d7bb33a0.json | 22 +++ ...-7ffa85c6-7dc9-431e-9ed5-fdc20a3da98b.json | 22 +++ ...-8232d031-bbb1-4972-94fe-971673890a1d.json | 22 +++ ...-84e1cda9-a0f1-429f-9c90-dcd065d424d6.json | 22 +++ ...-880e6eba-f000-421c-a12b-1606753a5718.json | 22 +++ ...-8887b25b-bebf-42e2-bc4a-e40a6d412ea6.json | 22 +++ ...-889cb56a-91d8-4710-ad41-44ecffa2fb54.json | 22 +++ ...-89d32fd8-6a9d-4a1e-8942-f3247160f3b9.json | 22 +++ ...-8ac8aa6c-034d-4beb-aedd-ab752f512562.json | 22 +++ ...-8b077b07-c888-42ec-bed1-b7e372d3a527.json | 22 +++ ...-8b2bf415-1b64-43bf-ae77-15ab070dcf6f.json | 22 +++ ...-8f6fec8d-a8f4-471a-b01c-5c47bf8ccb5b.json | 22 +++ ...-8f709251-797f-4746-a403-f8cda00e34b6.json | 22 +++ ...-909b84be-ebc0-4de1-8de0-734929872e83.json | 22 +++ ...-917adc7b-8a49-4e84-a8e4-bd387e6730ff.json | 22 +++ ...-92cca811-91a9-49b4-abb5-43b55a532430.json | 22 +++ ...-94254347-0ef8-40d3-a54c-dc403033bcbb.json | 22 +++ ...-96fd3555-08c8-47fd-a833-12400896ce82.json | 22 +++ ...-97c33bc5-900d-4103-bc2a-a80125ddc56c.json | 22 +++ ...-9899f57c-e3f6-4378-b38e-0936f447e2b6.json | 22 +++ ...-998363c2-9b86-445f-9ccc-ad237cdb0eab.json | 22 +++ ...-99854090-5ab8-46ae-89f2-9131702e6c20.json | 22 +++ ...-9af849a1-877b-4b06-bd76-5e91641ef349.json | 22 +++ ...-9e57486d-e453-496d-bd9c-24e6c3bfa8ce.json | 22 +++ ...-9eac4fe9-8e51-4674-9294-b5e8aa4499bc.json | 22 +++ ...-a1aa9afb-4010-40dd-be0c-8b83dbca37f6.json | 22 +++ ...-a3b05b0c-2c6d-42e2-bca6-8e092b47746f.json | 22 +++ ...-a3cd3aea-d06f-4bc9-bfdd-82ab944e096d.json | 22 +++ ...-a44afcfe-dade-456b-b2dd-b8cf8bd510cc.json | 22 +++ ...-a49ddb3e-cdaf-40bb-92d4-b2e39a699531.json | 22 +++ ...-a4c56e30-2263-46bc-8bfa-4e42755801c1.json | 22 +++ ...-a86ff656-dac2-4264-bea4-5d526ef61150.json | 22 +++ ...-a90508d5-79c9-49d2-8fb7-3f865fd43dfc.json | 22 +++ ...-a90c770d-496f-4f5d-b5ab-dd64547f9bea.json | 22 +++ ...-a91b6aaa-052a-403e-a2c1-647135120e3d.json | 22 +++ ...-ab09252c-9706-4383-8327-757094e26d11.json | 22 +++ ...-ace65a03-808a-4731-ae37-1585311e9dbd.json | 22 +++ ...-ad45d3f6-15d7-4e25-8a12-363a51af8fd5.json | 22 +++ ...-aee9749b-1003-4282-83c0-5de62e90f115.json | 22 +++ ...-af49d753-d4cb-4521-a6b4-54d80bdd8527.json | 22 +++ ...-b211e5d5-6e18-4314-a80d-72c4635f9dc0.json | 22 +++ ...-b3394368-c4b4-4023-bce5-da38f6d109f9.json | 22 +++ ...-b5ac8eae-22fd-4199-b78e-29bb502b95df.json | 22 +++ ...-b5ba4a7f-86bb-4e25-b31e-4ab2371daeea.json | 22 +++ ...-bd817af2-ef94-429d-a795-121b4162a332.json | 22 +++ ...-bdcab286-d9f6-4eea-8614-8a6fc7eb888a.json | 22 +++ ...-be3c9fc2-143d-4907-9557-75412104f2df.json | 22 +++ ...-be4965de-fb47-4103-be88-81ad219faf3e.json | 22 +++ ...-bea753e8-97c4-440b-985c-0e071da95ed6.json | 22 +++ ...-c2a28bbd-60eb-4109-8171-08624555df13.json | 22 +++ ...-c7808ae2-b873-4f39-96c3-e10445a6d34d.json | 22 +++ ...-c7a326d5-963d-4ce5-aaf7-13391181c419.json | 22 +++ ...-c7ee488b-e5d6-4d47-9d0a-41c6665a62bd.json | 22 +++ ...-c8475575-56d0-4da9-ad85-5d0c13874a81.json | 22 +++ ...-c9fff7a3-1e8e-495d-9a0a-d7834705677a.json | 22 +++ ...-ca69d285-4e99-4519-8070-fc9c2fa59e45.json | 22 +++ ...-cba6d924-24fe-4916-804b-72481ee2c913.json | 22 +++ ...-d153b43b-e1bf-4a96-a4ac-92d68a049ba1.json | 22 +++ ...-d61f87b1-a247-433b-b8ff-ee78e2e4c237.json | 22 +++ ...-d62a6abf-bbca-401b-a0d4-d6a7906a2d34.json | 22 +++ ...-d63c5583-606a-48d6-a81a-8757fe91d942.json | 22 +++ ...-d6655b79-e77e-4419-8b57-e6047382e656.json | 22 +++ ...-d82014a6-d899-4f88-b30c-2cca2a8b749e.json | 22 +++ ...-d8863ed7-c5a3-43c1-aed8-12f28f24e263.json | 22 +++ ...-dac2e380-4f00-48c5-9a1b-43659b71b2ba.json | 22 +++ ...-dd8fd835-dd31-4a4b-a553-8a3459ecdf2c.json | 22 +++ ...-e0c659e0-5bd6-4978-a8c1-25ff628bc9d1.json | 22 +++ ...-e102564b-252f-468e-ac0a-564decd7d3b7.json | 22 +++ ...-e4a826d6-c569-4ec6-a9a7-4d3917ccdcd9.json | 22 +++ ...-e613311d-77e1-4062-b9b0-9c7fbbb9a75e.json | 22 +++ ...-e650d5f4-0011-4d3b-8f4f-087a4c3ff4c5.json | 22 +++ ...-e6ce21ec-9b13-4196-86fc-1e2cdf7924b5.json | 22 +++ ...-e6e9f9f1-7a8a-4d00-8871-e07338edfb08.json | 22 +++ ...-e81bdb22-d945-412a-a808-176ee868745a.json | 22 +++ ...-e9f3d764-c3a9-4c89-87f7-a43603dcdfcb.json | 22 +++ ...-ea3d408a-1daf-4c38-a873-0972fd22809f.json | 22 +++ ...-eb042d97-cc67-4984-bf5e-98a0a90480e0.json | 22 +++ ...-ebcb7d47-cab5-411b-b68e-88ab814cb87f.json | 22 +++ ...-ebf7203a-7ec7-42d3-85fe-d4f6b5a520d7.json | 22 +++ ...-ed64e154-e976-4418-8ba7-753a4b5b7935.json | 22 +++ ...-edfa6c1c-16fe-4a64-ae62-531d8b411bfe.json | 22 +++ ...-edfdcc97-32a4-40fd-a501-9eb378465d00.json | 22 +++ ...-f03dcc13-bd13-4be9-bc92-5a2d8ecf8cfa.json | 22 +++ ...-f086c035-cdc6-4f44-a8da-2f648f9d5fa5.json | 22 +++ ...-f1927cf3-11df-4c59-b4ba-7b8f13e47ce2.json | 22 +++ ...-f1d0850a-fc92-4837-af69-f90972e52c64.json | 22 +++ ...-f47f4c58-ef3b-4a18-be9b-770a04c1ea53.json | 22 +++ ...-f5295106-f78f-4bcb-8469-e135ae2d35df.json | 22 +++ ...-f669cd48-d380-43ac-a182-23115cd2986e.json | 22 +++ ...-f6daa590-3ca2-4c9d-bd2d-513cbb0beb0a.json | 22 +++ ...-f751b327-738b-48d4-8313-f5442a9d1123.json | 22 +++ ...-f8b419b6-ca6d-4511-b58f-36fab5d56f3e.json | 22 +++ ...-fe1b5bf5-f227-48f6-a81e-ba6bb22e80d6.json | 22 +++ ...-fe8ff985-22b2-47c6-9988-464a84d06f0c.json | 22 +++ 186 files changed, 4255 insertions(+) create mode 100644 objects/vulnerability/vulnerability--00ea850d-ba1f-4841-a89b-b289b0d99e64.json create mode 100644 objects/vulnerability/vulnerability--01b8285e-0b78-421f-a939-0a27af9c7258.json create mode 100644 objects/vulnerability/vulnerability--038cadeb-565b-46d1-9347-32559a82f35d.json create mode 100644 objects/vulnerability/vulnerability--05657499-c450-4292-91e7-ef0465abacff.json create mode 100644 objects/vulnerability/vulnerability--05a86bb1-d37f-44e5-a5a2-0fc45cb27568.json create mode 100644 objects/vulnerability/vulnerability--0719107a-969c-4aee-9105-e8b5a6e8ffc6.json create mode 100644 objects/vulnerability/vulnerability--0776f98c-8af8-4379-a966-a82b7e7f322c.json create mode 100644 objects/vulnerability/vulnerability--07d7e272-8d9d-4264-aa7b-84a2e62b54fe.json create mode 100644 objects/vulnerability/vulnerability--086b3bb7-e851-4d5f-bf2b-eb8b3b8edf5a.json create mode 100644 objects/vulnerability/vulnerability--09507438-76c6-450f-8663-e28d93a89238.json create mode 100644 objects/vulnerability/vulnerability--0a47c903-3953-4548-8a26-f93fb03ad03f.json create mode 100644 objects/vulnerability/vulnerability--0a95a7e8-b0df-43b9-9938-ead9a32284fb.json create mode 100644 objects/vulnerability/vulnerability--0d103ac0-cb9a-49f2-a3d5-19d5086edc0f.json create mode 100644 objects/vulnerability/vulnerability--0dfd2d2c-fd4a-4f32-b143-ebd298e2222d.json create mode 100644 objects/vulnerability/vulnerability--0f012650-c1f6-4bb6-9636-b47f81cbe736.json create mode 100644 objects/vulnerability/vulnerability--104ff45b-adbb-42a7-95dd-6e10ed60a629.json create mode 100644 objects/vulnerability/vulnerability--130724db-3d29-41ba-bd7b-d624bcf323f9.json create mode 100644 objects/vulnerability/vulnerability--168f1a1a-fbaf-4217-85c2-f307c573e873.json create mode 100644 objects/vulnerability/vulnerability--18fc97fc-fc6f-4548-84e7-abd00c9fe73a.json create mode 100644 objects/vulnerability/vulnerability--19ed4503-6e07-4f9c-ab28-38011ccf9ba2.json create mode 100644 objects/vulnerability/vulnerability--1b37762f-0c57-41a9-b510-20cd959afd3a.json create mode 100644 objects/vulnerability/vulnerability--1b51cd60-9acd-42cd-9b75-93212ead5996.json create mode 100644 objects/vulnerability/vulnerability--1bbaff93-26f7-44f5-a61d-4c06eed7210d.json create mode 100644 objects/vulnerability/vulnerability--1c56b076-a64b-411a-a5a2-d4243e08c0f0.json create mode 100644 objects/vulnerability/vulnerability--1c764525-eb53-49d3-83b7-343f94983082.json create mode 100644 objects/vulnerability/vulnerability--1cdb7402-091f-4c66-8d3c-ca0b48e39d95.json create mode 100644 objects/vulnerability/vulnerability--1e20075e-2140-4926-a18a-631f60082889.json create mode 100644 objects/vulnerability/vulnerability--1e7aaacd-6328-4b1b-ad72-dd6360a81d61.json create mode 100644 objects/vulnerability/vulnerability--1fbd3951-ef54-4cc0-8fe1-39266dd1097b.json create mode 100644 objects/vulnerability/vulnerability--202127f3-31a6-4880-80ba-808b77119485.json create mode 100644 objects/vulnerability/vulnerability--20ad7902-a3bb-496b-83a9-a2aa369291b8.json create mode 100644 objects/vulnerability/vulnerability--213b3e52-0338-4d4e-91c7-e56114c97559.json create mode 100644 objects/vulnerability/vulnerability--23ee648e-170e-4c2d-993c-b360408b2743.json create mode 100644 objects/vulnerability/vulnerability--240561e8-d303-4283-a3a7-a3c6090bd9bc.json create mode 100644 objects/vulnerability/vulnerability--250bbf3f-226b-452e-b41c-12c8687a7d74.json create mode 100644 objects/vulnerability/vulnerability--2660b7a5-0344-40d6-b4ca-2f7f0c36afa8.json create mode 100644 objects/vulnerability/vulnerability--269c9aef-6244-492f-873e-9d2891705ac9.json create mode 100644 objects/vulnerability/vulnerability--2831571c-5513-4623-890a-437f32e354c3.json create mode 100644 objects/vulnerability/vulnerability--28e74f1e-df82-4be1-b3e8-c330023b70e4.json create mode 100644 objects/vulnerability/vulnerability--2c4a4e34-b355-4055-b69f-a48735b3cd75.json create mode 100644 objects/vulnerability/vulnerability--2cc05e86-bf8f-45b7-bfee-ab8bab0ca032.json create mode 100644 objects/vulnerability/vulnerability--2cead0ea-4c84-4217-a8d8-faa1645122cc.json create mode 100644 objects/vulnerability/vulnerability--2d182a05-c993-4561-a532-8a7b95f81da0.json create mode 100644 objects/vulnerability/vulnerability--2e3469b1-29fc-4cda-9be1-d55f43ac9c09.json create mode 100644 objects/vulnerability/vulnerability--2f4e95bf-9d88-4933-a264-69d67d880662.json create mode 100644 objects/vulnerability/vulnerability--30347b27-7fdb-4722-a29b-179abf250b40.json create mode 100644 objects/vulnerability/vulnerability--327c7630-e3e3-4960-93df-508391b71766.json create mode 100644 objects/vulnerability/vulnerability--330969e8-e0be-4b19-a22e-5c5869c05860.json create mode 100644 objects/vulnerability/vulnerability--379cb12d-850d-4406-bcd0-984b1bd79de2.json create mode 100644 objects/vulnerability/vulnerability--38a3e829-b31c-449d-8f4d-10e3be3e7f6a.json create mode 100644 objects/vulnerability/vulnerability--393a0e8f-03f0-491a-aca2-1895fe00846a.json create mode 100644 objects/vulnerability/vulnerability--3b81344b-b48b-48de-b04e-a4712804dfbb.json create mode 100644 objects/vulnerability/vulnerability--3c6d5136-8050-4cd8-8490-d64a594d97f2.json create mode 100644 objects/vulnerability/vulnerability--3cf6ed12-4527-4725-994c-0df5fee5353f.json create mode 100644 objects/vulnerability/vulnerability--3d185a34-02f3-400f-8ab4-d89a97646faf.json create mode 100644 objects/vulnerability/vulnerability--404a3963-c743-49c4-a37f-0bbe5a5a173c.json create mode 100644 objects/vulnerability/vulnerability--405a5c9b-b25f-418e-9f5f-89d09c928e23.json create mode 100644 objects/vulnerability/vulnerability--41afc89d-cd40-447c-bb9b-6e4057216471.json create mode 100644 objects/vulnerability/vulnerability--43a0ec15-95bf-4e33-8cd2-5805940961dd.json create mode 100644 objects/vulnerability/vulnerability--45754ac4-328d-4477-976c-204a466abfef.json create mode 100644 objects/vulnerability/vulnerability--4929795a-16c8-4cbd-8a41-b9d467144ea7.json create mode 100644 objects/vulnerability/vulnerability--4a82dc6c-2049-46b1-b243-07a98ca66bcc.json create mode 100644 objects/vulnerability/vulnerability--4c02bb01-8e1f-49b0-8548-5090eb3898db.json create mode 100644 objects/vulnerability/vulnerability--4d233d6e-eaef-4f1c-8a8d-baf19d4de7ef.json create mode 100644 objects/vulnerability/vulnerability--4d48da99-d331-44be-8a7d-bc109591abc6.json create mode 100644 objects/vulnerability/vulnerability--5162f8ad-2b4f-41aa-a6e1-f913e12c2eb2.json create mode 100644 objects/vulnerability/vulnerability--5247c33e-c2cd-444e-8535-06fdc10a47e2.json create mode 100644 objects/vulnerability/vulnerability--533cb943-31b2-4941-90cb-d3fd4624e255.json create mode 100644 objects/vulnerability/vulnerability--55ae5c95-434d-4645-bd76-94dc9e5fd961.json create mode 100644 objects/vulnerability/vulnerability--57b01de3-fb49-4a79-8d6c-7136822546d1.json create mode 100644 objects/vulnerability/vulnerability--57ebeec9-d99b-415e-a251-b489354f1511.json create mode 100644 objects/vulnerability/vulnerability--5af08757-ac8b-4c75-9ccc-6fcc82e95496.json create mode 100644 objects/vulnerability/vulnerability--5b5153b7-8be1-4967-b7ec-f487643e190c.json create mode 100644 objects/vulnerability/vulnerability--5ce237cf-90df-4577-a8b5-e86c4b514f7e.json create mode 100644 objects/vulnerability/vulnerability--5df686d6-2514-4256-b97f-07f1cf5e192f.json create mode 100644 objects/vulnerability/vulnerability--61e8ed77-cbed-4786-befb-31e8fdf7f2ef.json create mode 100644 objects/vulnerability/vulnerability--633e56fa-0483-45d3-94e6-e17c902b8933.json create mode 100644 objects/vulnerability/vulnerability--678d4706-e2e9-4111-9c59-3ed6b6c394d9.json create mode 100644 objects/vulnerability/vulnerability--6b7aaa9a-45ec-430e-b57c-77284ee2ea9e.json create mode 100644 objects/vulnerability/vulnerability--6c0e205f-5d1a-412b-9d2c-ee14bd5eedd2.json create mode 100644 objects/vulnerability/vulnerability--6c493e55-a843-411b-9b4f-8ee8f764ec61.json create mode 100644 objects/vulnerability/vulnerability--6ea948ff-e496-4b11-8e4d-bea0b95291da.json create mode 100644 objects/vulnerability/vulnerability--7091b74d-e16e-432d-96f2-045b83284a98.json create mode 100644 objects/vulnerability/vulnerability--72175004-ed3f-4fe2-8d7c-629b124ae870.json create mode 100644 objects/vulnerability/vulnerability--72eacb6c-a7e4-4fbc-98fe-3d32486e8fa1.json create mode 100644 objects/vulnerability/vulnerability--738664d1-6377-443f-879d-80a13a856ea0.json create mode 100644 objects/vulnerability/vulnerability--746fc469-3f91-4883-bb84-db14e74f4562.json create mode 100644 objects/vulnerability/vulnerability--74d1a8e7-35f3-4d8c-a980-18812594ab3d.json create mode 100644 objects/vulnerability/vulnerability--758d4c68-dffc-4e04-8eb2-d938698c9183.json create mode 100644 objects/vulnerability/vulnerability--76abc95f-f4c3-4809-a2c8-8658d479389e.json create mode 100644 objects/vulnerability/vulnerability--7c18e639-6f22-41f6-83dd-18a818854ccb.json create mode 100644 objects/vulnerability/vulnerability--7d17001f-b367-4a21-9a04-4347d7bb33a0.json create mode 100644 objects/vulnerability/vulnerability--7ffa85c6-7dc9-431e-9ed5-fdc20a3da98b.json create mode 100644 objects/vulnerability/vulnerability--8232d031-bbb1-4972-94fe-971673890a1d.json create mode 100644 objects/vulnerability/vulnerability--84e1cda9-a0f1-429f-9c90-dcd065d424d6.json create mode 100644 objects/vulnerability/vulnerability--880e6eba-f000-421c-a12b-1606753a5718.json create mode 100644 objects/vulnerability/vulnerability--8887b25b-bebf-42e2-bc4a-e40a6d412ea6.json create mode 100644 objects/vulnerability/vulnerability--889cb56a-91d8-4710-ad41-44ecffa2fb54.json create mode 100644 objects/vulnerability/vulnerability--89d32fd8-6a9d-4a1e-8942-f3247160f3b9.json create mode 100644 objects/vulnerability/vulnerability--8ac8aa6c-034d-4beb-aedd-ab752f512562.json create mode 100644 objects/vulnerability/vulnerability--8b077b07-c888-42ec-bed1-b7e372d3a527.json create mode 100644 objects/vulnerability/vulnerability--8b2bf415-1b64-43bf-ae77-15ab070dcf6f.json create mode 100644 objects/vulnerability/vulnerability--8f6fec8d-a8f4-471a-b01c-5c47bf8ccb5b.json create mode 100644 objects/vulnerability/vulnerability--8f709251-797f-4746-a403-f8cda00e34b6.json create mode 100644 objects/vulnerability/vulnerability--909b84be-ebc0-4de1-8de0-734929872e83.json create mode 100644 objects/vulnerability/vulnerability--917adc7b-8a49-4e84-a8e4-bd387e6730ff.json create mode 100644 objects/vulnerability/vulnerability--92cca811-91a9-49b4-abb5-43b55a532430.json create mode 100644 objects/vulnerability/vulnerability--94254347-0ef8-40d3-a54c-dc403033bcbb.json create mode 100644 objects/vulnerability/vulnerability--96fd3555-08c8-47fd-a833-12400896ce82.json create mode 100644 objects/vulnerability/vulnerability--97c33bc5-900d-4103-bc2a-a80125ddc56c.json create mode 100644 objects/vulnerability/vulnerability--9899f57c-e3f6-4378-b38e-0936f447e2b6.json create mode 100644 objects/vulnerability/vulnerability--998363c2-9b86-445f-9ccc-ad237cdb0eab.json create mode 100644 objects/vulnerability/vulnerability--99854090-5ab8-46ae-89f2-9131702e6c20.json create mode 100644 objects/vulnerability/vulnerability--9af849a1-877b-4b06-bd76-5e91641ef349.json create mode 100644 objects/vulnerability/vulnerability--9e57486d-e453-496d-bd9c-24e6c3bfa8ce.json create mode 100644 objects/vulnerability/vulnerability--9eac4fe9-8e51-4674-9294-b5e8aa4499bc.json create mode 100644 objects/vulnerability/vulnerability--a1aa9afb-4010-40dd-be0c-8b83dbca37f6.json create mode 100644 objects/vulnerability/vulnerability--a3b05b0c-2c6d-42e2-bca6-8e092b47746f.json create mode 100644 objects/vulnerability/vulnerability--a3cd3aea-d06f-4bc9-bfdd-82ab944e096d.json create mode 100644 objects/vulnerability/vulnerability--a44afcfe-dade-456b-b2dd-b8cf8bd510cc.json create mode 100644 objects/vulnerability/vulnerability--a49ddb3e-cdaf-40bb-92d4-b2e39a699531.json create mode 100644 objects/vulnerability/vulnerability--a4c56e30-2263-46bc-8bfa-4e42755801c1.json create mode 100644 objects/vulnerability/vulnerability--a86ff656-dac2-4264-bea4-5d526ef61150.json create mode 100644 objects/vulnerability/vulnerability--a90508d5-79c9-49d2-8fb7-3f865fd43dfc.json create mode 100644 objects/vulnerability/vulnerability--a90c770d-496f-4f5d-b5ab-dd64547f9bea.json create mode 100644 objects/vulnerability/vulnerability--a91b6aaa-052a-403e-a2c1-647135120e3d.json create mode 100644 objects/vulnerability/vulnerability--ab09252c-9706-4383-8327-757094e26d11.json create mode 100644 objects/vulnerability/vulnerability--ace65a03-808a-4731-ae37-1585311e9dbd.json create mode 100644 objects/vulnerability/vulnerability--ad45d3f6-15d7-4e25-8a12-363a51af8fd5.json create mode 100644 objects/vulnerability/vulnerability--aee9749b-1003-4282-83c0-5de62e90f115.json create mode 100644 objects/vulnerability/vulnerability--af49d753-d4cb-4521-a6b4-54d80bdd8527.json create mode 100644 objects/vulnerability/vulnerability--b211e5d5-6e18-4314-a80d-72c4635f9dc0.json create mode 100644 objects/vulnerability/vulnerability--b3394368-c4b4-4023-bce5-da38f6d109f9.json create mode 100644 objects/vulnerability/vulnerability--b5ac8eae-22fd-4199-b78e-29bb502b95df.json create mode 100644 objects/vulnerability/vulnerability--b5ba4a7f-86bb-4e25-b31e-4ab2371daeea.json create mode 100644 objects/vulnerability/vulnerability--bd817af2-ef94-429d-a795-121b4162a332.json create mode 100644 objects/vulnerability/vulnerability--bdcab286-d9f6-4eea-8614-8a6fc7eb888a.json create mode 100644 objects/vulnerability/vulnerability--be3c9fc2-143d-4907-9557-75412104f2df.json create mode 100644 objects/vulnerability/vulnerability--be4965de-fb47-4103-be88-81ad219faf3e.json create mode 100644 objects/vulnerability/vulnerability--bea753e8-97c4-440b-985c-0e071da95ed6.json create mode 100644 objects/vulnerability/vulnerability--c2a28bbd-60eb-4109-8171-08624555df13.json create mode 100644 objects/vulnerability/vulnerability--c7808ae2-b873-4f39-96c3-e10445a6d34d.json create mode 100644 objects/vulnerability/vulnerability--c7a326d5-963d-4ce5-aaf7-13391181c419.json create mode 100644 objects/vulnerability/vulnerability--c7ee488b-e5d6-4d47-9d0a-41c6665a62bd.json create mode 100644 objects/vulnerability/vulnerability--c8475575-56d0-4da9-ad85-5d0c13874a81.json create mode 100644 objects/vulnerability/vulnerability--c9fff7a3-1e8e-495d-9a0a-d7834705677a.json create mode 100644 objects/vulnerability/vulnerability--ca69d285-4e99-4519-8070-fc9c2fa59e45.json create mode 100644 objects/vulnerability/vulnerability--cba6d924-24fe-4916-804b-72481ee2c913.json create mode 100644 objects/vulnerability/vulnerability--d153b43b-e1bf-4a96-a4ac-92d68a049ba1.json create mode 100644 objects/vulnerability/vulnerability--d61f87b1-a247-433b-b8ff-ee78e2e4c237.json create mode 100644 objects/vulnerability/vulnerability--d62a6abf-bbca-401b-a0d4-d6a7906a2d34.json create mode 100644 objects/vulnerability/vulnerability--d63c5583-606a-48d6-a81a-8757fe91d942.json create mode 100644 objects/vulnerability/vulnerability--d6655b79-e77e-4419-8b57-e6047382e656.json create mode 100644 objects/vulnerability/vulnerability--d82014a6-d899-4f88-b30c-2cca2a8b749e.json create mode 100644 objects/vulnerability/vulnerability--d8863ed7-c5a3-43c1-aed8-12f28f24e263.json create mode 100644 objects/vulnerability/vulnerability--dac2e380-4f00-48c5-9a1b-43659b71b2ba.json create mode 100644 objects/vulnerability/vulnerability--dd8fd835-dd31-4a4b-a553-8a3459ecdf2c.json create mode 100644 objects/vulnerability/vulnerability--e0c659e0-5bd6-4978-a8c1-25ff628bc9d1.json create mode 100644 objects/vulnerability/vulnerability--e102564b-252f-468e-ac0a-564decd7d3b7.json create mode 100644 objects/vulnerability/vulnerability--e4a826d6-c569-4ec6-a9a7-4d3917ccdcd9.json create mode 100644 objects/vulnerability/vulnerability--e613311d-77e1-4062-b9b0-9c7fbbb9a75e.json create mode 100644 objects/vulnerability/vulnerability--e650d5f4-0011-4d3b-8f4f-087a4c3ff4c5.json create mode 100644 objects/vulnerability/vulnerability--e6ce21ec-9b13-4196-86fc-1e2cdf7924b5.json create mode 100644 objects/vulnerability/vulnerability--e6e9f9f1-7a8a-4d00-8871-e07338edfb08.json create mode 100644 objects/vulnerability/vulnerability--e81bdb22-d945-412a-a808-176ee868745a.json create mode 100644 objects/vulnerability/vulnerability--e9f3d764-c3a9-4c89-87f7-a43603dcdfcb.json create mode 100644 objects/vulnerability/vulnerability--ea3d408a-1daf-4c38-a873-0972fd22809f.json create mode 100644 objects/vulnerability/vulnerability--eb042d97-cc67-4984-bf5e-98a0a90480e0.json create mode 100644 objects/vulnerability/vulnerability--ebcb7d47-cab5-411b-b68e-88ab814cb87f.json create mode 100644 objects/vulnerability/vulnerability--ebf7203a-7ec7-42d3-85fe-d4f6b5a520d7.json create mode 100644 objects/vulnerability/vulnerability--ed64e154-e976-4418-8ba7-753a4b5b7935.json create mode 100644 objects/vulnerability/vulnerability--edfa6c1c-16fe-4a64-ae62-531d8b411bfe.json create mode 100644 objects/vulnerability/vulnerability--edfdcc97-32a4-40fd-a501-9eb378465d00.json create mode 100644 objects/vulnerability/vulnerability--f03dcc13-bd13-4be9-bc92-5a2d8ecf8cfa.json create mode 100644 objects/vulnerability/vulnerability--f086c035-cdc6-4f44-a8da-2f648f9d5fa5.json create mode 100644 objects/vulnerability/vulnerability--f1927cf3-11df-4c59-b4ba-7b8f13e47ce2.json create mode 100644 objects/vulnerability/vulnerability--f1d0850a-fc92-4837-af69-f90972e52c64.json create mode 100644 objects/vulnerability/vulnerability--f47f4c58-ef3b-4a18-be9b-770a04c1ea53.json create mode 100644 objects/vulnerability/vulnerability--f5295106-f78f-4bcb-8469-e135ae2d35df.json create mode 100644 objects/vulnerability/vulnerability--f669cd48-d380-43ac-a182-23115cd2986e.json create mode 100644 objects/vulnerability/vulnerability--f6daa590-3ca2-4c9d-bd2d-513cbb0beb0a.json create mode 100644 objects/vulnerability/vulnerability--f751b327-738b-48d4-8313-f5442a9d1123.json create mode 100644 objects/vulnerability/vulnerability--f8b419b6-ca6d-4511-b58f-36fab5d56f3e.json create mode 100644 objects/vulnerability/vulnerability--fe1b5bf5-f227-48f6-a81e-ba6bb22e80d6.json create mode 100644 objects/vulnerability/vulnerability--fe8ff985-22b2-47c6-9988-464a84d06f0c.json diff --git a/mapping.csv b/mapping.csv index 0a61acb883c..f85537d7945 100644 --- a/mapping.csv +++ b/mapping.csv @@ -265938,3 +265938,188 @@ vulnerability,CVE-2024-0131,vulnerability--f16183b9-ed8c-4b54-88e8-fc1d36f8e8fa vulnerability,CVE-2025-0970,vulnerability--c11bc805-6388-4961-83e5-94bf67d994b8 vulnerability,CVE-2025-0967,vulnerability--c045567b-2439-440b-ac89-233956f343ad vulnerability,CVE-2025-0971,vulnerability--0cc8bd0f-c592-4420-8abd-f8567015850a +vulnerability,CVE-2024-6790,vulnerability--9e57486d-e453-496d-bd9c-24e6c3bfa8ce +vulnerability,CVE-2024-50500,vulnerability--fe1b5bf5-f227-48f6-a81e-ba6bb22e80d6 +vulnerability,CVE-2024-50656,vulnerability--e6e9f9f1-7a8a-4d00-8871-e07338edfb08 +vulnerability,CVE-2024-34897,vulnerability--ad45d3f6-15d7-4e25-8a12-363a51af8fd5 +vulnerability,CVE-2024-34896,vulnerability--a4c56e30-2263-46bc-8bfa-4e42755801c1 +vulnerability,CVE-2024-12510,vulnerability--404a3963-c743-49c4-a37f-0bbe5a5a173c +vulnerability,CVE-2024-12859,vulnerability--0a47c903-3953-4548-8a26-f93fb03ad03f +vulnerability,CVE-2024-12511,vulnerability--d63c5583-606a-48d6-a81a-8757fe91d942 +vulnerability,CVE-2024-45560,vulnerability--1c764525-eb53-49d3-83b7-343f94983082 +vulnerability,CVE-2024-45571,vulnerability--55ae5c95-434d-4645-bd76-94dc9e5fd961 +vulnerability,CVE-2024-45573,vulnerability--ea3d408a-1daf-4c38-a873-0972fd22809f +vulnerability,CVE-2024-45561,vulnerability--a86ff656-dac2-4264-bea4-5d526ef61150 +vulnerability,CVE-2024-45569,vulnerability--be3c9fc2-143d-4907-9557-75412104f2df +vulnerability,CVE-2024-45582,vulnerability--61e8ed77-cbed-4786-befb-31e8fdf7f2ef +vulnerability,CVE-2024-45584,vulnerability--e9f3d764-c3a9-4c89-87f7-a43603dcdfcb +vulnerability,CVE-2024-44449,vulnerability--2f4e95bf-9d88-4933-a264-69d67d880662 +vulnerability,CVE-2024-54840,vulnerability--038cadeb-565b-46d1-9347-32559a82f35d +vulnerability,CVE-2024-10395,vulnerability--5af08757-ac8b-4c75-9ccc-6fcc82e95496 +vulnerability,CVE-2024-57238,vulnerability--45754ac4-328d-4477-976c-204a466abfef +vulnerability,CVE-2024-57004,vulnerability--ca69d285-4e99-4519-8070-fc9c2fa59e45 +vulnerability,CVE-2024-57098,vulnerability--880e6eba-f000-421c-a12b-1606753a5718 +vulnerability,CVE-2024-57451,vulnerability--5247c33e-c2cd-444e-8535-06fdc10a47e2 +vulnerability,CVE-2024-57237,vulnerability--e0c659e0-5bd6-4978-a8c1-25ff628bc9d1 +vulnerability,CVE-2024-57097,vulnerability--8b077b07-c888-42ec-bed1-b7e372d3a527 +vulnerability,CVE-2024-57669,vulnerability--a91b6aaa-052a-403e-a2c1-647135120e3d +vulnerability,CVE-2024-57966,vulnerability--ab09252c-9706-4383-8327-757094e26d11 +vulnerability,CVE-2024-57099,vulnerability--76abc95f-f4c3-4809-a2c8-8658d479389e +vulnerability,CVE-2024-57967,vulnerability--97c33bc5-900d-4103-bc2a-a80125ddc56c +vulnerability,CVE-2024-57498,vulnerability--405a5c9b-b25f-418e-9f5f-89d09c928e23 +vulnerability,CVE-2024-57175,vulnerability--84e1cda9-a0f1-429f-9c90-dcd065d424d6 +vulnerability,CVE-2024-57450,vulnerability--5df686d6-2514-4256-b97f-07f1cf5e192f +vulnerability,CVE-2024-57452,vulnerability--bea753e8-97c4-440b-985c-0e071da95ed6 +vulnerability,CVE-2024-57968,vulnerability--92cca811-91a9-49b4-abb5-43b55a532430 +vulnerability,CVE-2024-57522,vulnerability--07d7e272-8d9d-4264-aa7b-84a2e62b54fe +vulnerability,CVE-2024-38417,vulnerability--1bbaff93-26f7-44f5-a61d-4c06eed7210d +vulnerability,CVE-2024-38411,vulnerability--0719107a-969c-4aee-9105-e8b5a6e8ffc6 +vulnerability,CVE-2024-38420,vulnerability--c9fff7a3-1e8e-495d-9a0a-d7834705677a +vulnerability,CVE-2024-38414,vulnerability--9eac4fe9-8e51-4674-9294-b5e8aa4499bc +vulnerability,CVE-2024-38412,vulnerability--ace65a03-808a-4731-ae37-1585311e9dbd +vulnerability,CVE-2024-38413,vulnerability--213b3e52-0338-4d4e-91c7-e56114c97559 +vulnerability,CVE-2024-38416,vulnerability--bdcab286-d9f6-4eea-8614-8a6fc7eb888a +vulnerability,CVE-2024-38418,vulnerability--05657499-c450-4292-91e7-ef0465abacff +vulnerability,CVE-2024-38404,vulnerability--393a0e8f-03f0-491a-aca2-1895fe00846a +vulnerability,CVE-2024-36437,vulnerability--1b51cd60-9acd-42cd-9b75-93212ead5996 +vulnerability,CVE-2024-35177,vulnerability--1e20075e-2140-4926-a18a-631f60082889 +vulnerability,CVE-2024-13347,vulnerability--41afc89d-cd40-447c-bb9b-6e4057216471 +vulnerability,CVE-2024-53943,vulnerability--6b7aaa9a-45ec-430e-b57c-77284ee2ea9e +vulnerability,CVE-2024-53942,vulnerability--c2a28bbd-60eb-4109-8171-08624555df13 +vulnerability,CVE-2024-56946,vulnerability--ebcb7d47-cab5-411b-b68e-88ab814cb87f +vulnerability,CVE-2024-56921,vulnerability--23ee648e-170e-4c2d-993c-b360408b2743 +vulnerability,CVE-2024-56902,vulnerability--7ffa85c6-7dc9-431e-9ed5-fdc20a3da98b +vulnerability,CVE-2024-56161,vulnerability--4d48da99-d331-44be-8a7d-bc109591abc6 +vulnerability,CVE-2024-56898,vulnerability--19ed4503-6e07-4f9c-ab28-38011ccf9ba2 +vulnerability,CVE-2024-56903,vulnerability--74d1a8e7-35f3-4d8c-a980-18812594ab3d +vulnerability,CVE-2024-56901,vulnerability--1c56b076-a64b-411a-a5a2-d4243e08c0f0 +vulnerability,CVE-2024-47770,vulnerability--c7808ae2-b873-4f39-96c3-e10445a6d34d +vulnerability,CVE-2024-55456,vulnerability--250bbf3f-226b-452e-b41c-12c8687a7d74 +vulnerability,CVE-2024-49837,vulnerability--4a82dc6c-2049-46b1-b243-07a98ca66bcc +vulnerability,CVE-2024-49832,vulnerability--746fc469-3f91-4883-bb84-db14e74f4562 +vulnerability,CVE-2024-49833,vulnerability--1b37762f-0c57-41a9-b510-20cd959afd3a +vulnerability,CVE-2024-49840,vulnerability--f03dcc13-bd13-4be9-bc92-5a2d8ecf8cfa +vulnerability,CVE-2024-49839,vulnerability--998363c2-9b86-445f-9ccc-ad237cdb0eab +vulnerability,CVE-2024-49834,vulnerability--eb042d97-cc67-4984-bf5e-98a0a90480e0 +vulnerability,CVE-2024-49843,vulnerability--909b84be-ebc0-4de1-8de0-734929872e83 +vulnerability,CVE-2024-49838,vulnerability--d82014a6-d899-4f88-b30c-2cca2a8b749e +vulnerability,CVE-2024-11132,vulnerability--4d233d6e-eaef-4f1c-8a8d-baf19d4de7ef +vulnerability,CVE-2024-11133,vulnerability--5b5153b7-8be1-4967-b7ec-f487643e190c +vulnerability,CVE-2024-11134,vulnerability--8ac8aa6c-034d-4beb-aedd-ab752f512562 +vulnerability,CVE-2024-20141,vulnerability--d153b43b-e1bf-4a96-a4ac-92d68a049ba1 +vulnerability,CVE-2024-20147,vulnerability--c7a326d5-963d-4ce5-aaf7-13391181c419 +vulnerability,CVE-2024-20142,vulnerability--086b3bb7-e851-4d5f-bf2b-eb8b3b8edf5a +vulnerability,CVE-2024-43333,vulnerability--758d4c68-dffc-4e04-8eb2-d938698c9183 +vulnerability,CVE-2023-52164,vulnerability--e650d5f4-0011-4d3b-8f4f-087a4c3ff4c5 +vulnerability,CVE-2023-52163,vulnerability--a44afcfe-dade-456b-b2dd-b8cf8bd510cc +vulnerability,CVE-2025-1003,vulnerability--b5ac8eae-22fd-4199-b78e-29bb502b95df +vulnerability,CVE-2025-22693,vulnerability--2cc05e86-bf8f-45b7-bfee-ab8bab0ca032 +vulnerability,CVE-2025-22682,vulnerability--be4965de-fb47-4103-be88-81ad219faf3e +vulnerability,CVE-2025-22292,vulnerability--09507438-76c6-450f-8663-e28d93a89238 +vulnerability,CVE-2025-22704,vulnerability--dac2e380-4f00-48c5-9a1b-43659b71b2ba +vulnerability,CVE-2025-22691,vulnerability--269c9aef-6244-492f-873e-9d2891705ac9 +vulnerability,CVE-2025-22683,vulnerability--330969e8-e0be-4b19-a22e-5c5869c05860 +vulnerability,CVE-2025-22686,vulnerability--917adc7b-8a49-4e84-a8e4-bd387e6730ff +vulnerability,CVE-2025-22694,vulnerability--a49ddb3e-cdaf-40bb-92d4-b2e39a699531 +vulnerability,CVE-2025-22918,vulnerability--a3cd3aea-d06f-4bc9-bfdd-82ab944e096d +vulnerability,CVE-2025-22701,vulnerability--7d17001f-b367-4a21-9a04-4347d7bb33a0 +vulnerability,CVE-2025-22684,vulnerability--8f709251-797f-4746-a403-f8cda00e34b6 +vulnerability,CVE-2025-22775,vulnerability--7c18e639-6f22-41f6-83dd-18a818854ccb +vulnerability,CVE-2025-22679,vulnerability--dd8fd835-dd31-4a4b-a553-8a3459ecdf2c +vulnerability,CVE-2025-22978,vulnerability--cba6d924-24fe-4916-804b-72481ee2c913 +vulnerability,CVE-2025-22685,vulnerability--e81bdb22-d945-412a-a808-176ee868745a +vulnerability,CVE-2025-22260,vulnerability--43a0ec15-95bf-4e33-8cd2-5805940961dd +vulnerability,CVE-2025-22695,vulnerability--633e56fa-0483-45d3-94e6-e17c902b8933 +vulnerability,CVE-2025-22703,vulnerability--8b2bf415-1b64-43bf-ae77-15ab070dcf6f +vulnerability,CVE-2025-22688,vulnerability--f751b327-738b-48d4-8313-f5442a9d1123 +vulnerability,CVE-2025-22677,vulnerability--2cead0ea-4c84-4217-a8d8-faa1645122cc +vulnerability,CVE-2025-22681,vulnerability--2c4a4e34-b355-4055-b69f-a48735b3cd75 +vulnerability,CVE-2025-22129,vulnerability--edfa6c1c-16fe-4a64-ae62-531d8b411bfe +vulnerability,CVE-2025-22690,vulnerability--202127f3-31a6-4880-80ba-808b77119485 +vulnerability,CVE-2025-23561,vulnerability--38a3e829-b31c-449d-8f4d-10e3be3e7f6a +vulnerability,CVE-2025-23799,vulnerability--a3b05b0c-2c6d-42e2-bca6-8e092b47746f +vulnerability,CVE-2025-23599,vulnerability--f669cd48-d380-43ac-a182-23115cd2986e +vulnerability,CVE-2025-23747,vulnerability--d8863ed7-c5a3-43c1-aed8-12f28f24e263 +vulnerability,CVE-2025-23588,vulnerability--ed64e154-e976-4418-8ba7-753a4b5b7935 +vulnerability,CVE-2025-23594,vulnerability--0dfd2d2c-fd4a-4f32-b143-ebd298e2222d +vulnerability,CVE-2025-23819,vulnerability--e6ce21ec-9b13-4196-86fc-1e2cdf7924b5 +vulnerability,CVE-2025-23581,vulnerability--a1aa9afb-4010-40dd-be0c-8b83dbca37f6 +vulnerability,CVE-2025-23582,vulnerability--9af849a1-877b-4b06-bd76-5e91641ef349 +vulnerability,CVE-2025-23920,vulnerability--2660b7a5-0344-40d6-b4ca-2f7f0c36afa8 +vulnerability,CVE-2025-23590,vulnerability--f47f4c58-ef3b-4a18-be9b-770a04c1ea53 +vulnerability,CVE-2025-23491,vulnerability--e4a826d6-c569-4ec6-a9a7-4d3917ccdcd9 +vulnerability,CVE-2025-23593,vulnerability--c7ee488b-e5d6-4d47-9d0a-41c6665a62bd +vulnerability,CVE-2025-23614,vulnerability--f086c035-cdc6-4f44-a8da-2f648f9d5fa5 +vulnerability,CVE-2025-23755,vulnerability--168f1a1a-fbaf-4217-85c2-f307c573e873 +vulnerability,CVE-2025-23591,vulnerability--0d103ac0-cb9a-49f2-a3d5-19d5086edc0f +vulnerability,CVE-2025-23984,vulnerability--05a86bb1-d37f-44e5-a5a2-0fc45cb27568 +vulnerability,CVE-2025-23527,vulnerability--96fd3555-08c8-47fd-a833-12400896ce82 +vulnerability,CVE-2025-23210,vulnerability--18fc97fc-fc6f-4548-84e7-abd00c9fe73a +vulnerability,CVE-2025-23923,vulnerability--f8b419b6-ca6d-4511-b58f-36fab5d56f3e +vulnerability,CVE-2025-23685,vulnerability--3c6d5136-8050-4cd8-8490-d64a594d97f2 +vulnerability,CVE-2025-25064,vulnerability--72175004-ed3f-4fe2-8d7c-629b124ae870 +vulnerability,CVE-2025-25062,vulnerability--d6655b79-e77e-4419-8b57-e6047382e656 +vulnerability,CVE-2025-25066,vulnerability--aee9749b-1003-4282-83c0-5de62e90f115 +vulnerability,CVE-2025-25065,vulnerability--4c02bb01-8e1f-49b0-8548-5090eb3898db +vulnerability,CVE-2025-25181,vulnerability--f1d0850a-fc92-4837-af69-f90972e52c64 +vulnerability,CVE-2025-25063,vulnerability--0a95a7e8-b0df-43b9-9938-ead9a32284fb +vulnerability,CVE-2025-24630,vulnerability--6c0e205f-5d1a-412b-9d2c-ee14bd5eedd2 +vulnerability,CVE-2025-24629,vulnerability--0f012650-c1f6-4bb6-9636-b47f81cbe736 +vulnerability,CVE-2025-24961,vulnerability--8f6fec8d-a8f4-471a-b01c-5c47bf8ccb5b +vulnerability,CVE-2025-24661,vulnerability--7091b74d-e16e-432d-96f2-045b83284a98 +vulnerability,CVE-2025-24957,vulnerability--fe8ff985-22b2-47c6-9988-464a84d06f0c +vulnerability,CVE-2025-24707,vulnerability--4929795a-16c8-4cbd-8a41-b9d467144ea7 +vulnerability,CVE-2025-24958,vulnerability--bd817af2-ef94-429d-a795-121b4162a332 +vulnerability,CVE-2025-24660,vulnerability--2e3469b1-29fc-4cda-9be1-d55f43ac9c09 +vulnerability,CVE-2025-24620,vulnerability--9899f57c-e3f6-4378-b38e-0936f447e2b6 +vulnerability,CVE-2025-24541,vulnerability--678d4706-e2e9-4111-9c59-3ed6b6c394d9 +vulnerability,CVE-2025-24631,vulnerability--1fbd3951-ef54-4cc0-8fe1-39266dd1097b +vulnerability,CVE-2025-24697,vulnerability--3cf6ed12-4527-4725-994c-0df5fee5353f +vulnerability,CVE-2025-24536,vulnerability--e102564b-252f-468e-ac0a-564decd7d3b7 +vulnerability,CVE-2025-24559,vulnerability--3d185a34-02f3-400f-8ab4-d89a97646faf +vulnerability,CVE-2025-24902,vulnerability--30347b27-7fdb-4722-a29b-179abf250b40 +vulnerability,CVE-2025-24898,vulnerability--240561e8-d303-4283-a3a7-a3c6090bd9bc +vulnerability,CVE-2025-24899,vulnerability--99854090-5ab8-46ae-89f2-9131702e6c20 +vulnerability,CVE-2025-24371,vulnerability--af49d753-d4cb-4521-a6b4-54d80bdd8527 +vulnerability,CVE-2025-24684,vulnerability--d62a6abf-bbca-401b-a0d4-d6a7906a2d34 +vulnerability,CVE-2025-24781,vulnerability--738664d1-6377-443f-879d-80a13a856ea0 +vulnerability,CVE-2025-24962,vulnerability--533cb943-31b2-4941-90cb-d3fd4624e255 +vulnerability,CVE-2025-24605,vulnerability--ebf7203a-7ec7-42d3-85fe-d4f6b5a520d7 +vulnerability,CVE-2025-24029,vulnerability--edfdcc97-32a4-40fd-a501-9eb378465d00 +vulnerability,CVE-2025-24642,vulnerability--0776f98c-8af8-4379-a966-a82b7e7f322c +vulnerability,CVE-2025-24576,vulnerability--f6daa590-3ca2-4c9d-bd2d-513cbb0beb0a +vulnerability,CVE-2025-24639,vulnerability--3b81344b-b48b-48de-b04e-a4712804dfbb +vulnerability,CVE-2025-24370,vulnerability--2d182a05-c993-4561-a532-8a7b95f81da0 +vulnerability,CVE-2025-24656,vulnerability--8887b25b-bebf-42e2-bc4a-e40a6d412ea6 +vulnerability,CVE-2025-24901,vulnerability--57ebeec9-d99b-415e-a251-b489354f1511 +vulnerability,CVE-2025-24643,vulnerability--b5ba4a7f-86bb-4e25-b31e-4ab2371daeea +vulnerability,CVE-2025-24905,vulnerability--5ce237cf-90df-4577-a8b5-e86c4b514f7e +vulnerability,CVE-2025-24906,vulnerability--f5295106-f78f-4bcb-8469-e135ae2d35df +vulnerability,CVE-2025-24557,vulnerability--b211e5d5-6e18-4314-a80d-72c4635f9dc0 +vulnerability,CVE-2025-24676,vulnerability--5162f8ad-2b4f-41aa-a6e1-f913e12c2eb2 +vulnerability,CVE-2025-24545,vulnerability--a90c770d-496f-4f5d-b5ab-dd64547f9bea +vulnerability,CVE-2025-24646,vulnerability--f1927cf3-11df-4c59-b4ba-7b8f13e47ce2 +vulnerability,CVE-2025-24959,vulnerability--327c7630-e3e3-4960-93df-508391b71766 +vulnerability,CVE-2025-24574,vulnerability--94254347-0ef8-40d3-a54c-dc403033bcbb +vulnerability,CVE-2025-24569,vulnerability--1cdb7402-091f-4c66-8d3c-ca0b48e39d95 +vulnerability,CVE-2025-24556,vulnerability--889cb56a-91d8-4710-ad41-44ecffa2fb54 +vulnerability,CVE-2025-24544,vulnerability--00ea850d-ba1f-4841-a89b-b289b0d99e64 +vulnerability,CVE-2025-24960,vulnerability--b3394368-c4b4-4023-bce5-da38f6d109f9 +vulnerability,CVE-2025-0148,vulnerability--57b01de3-fb49-4a79-8d6c-7136822546d1 +vulnerability,CVE-2025-0973,vulnerability--01b8285e-0b78-421f-a939-0a27af9c7258 +vulnerability,CVE-2025-0015,vulnerability--28e74f1e-df82-4be1-b3e8-c330023b70e4 +vulnerability,CVE-2025-0974,vulnerability--379cb12d-850d-4406-bcd0-984b1bd79de2 +vulnerability,CVE-2025-0972,vulnerability--c8475575-56d0-4da9-ad85-5d0c13874a81 +vulnerability,CVE-2025-20632,vulnerability--a90508d5-79c9-49d2-8fb7-3f865fd43dfc +vulnerability,CVE-2025-20637,vulnerability--72eacb6c-a7e4-4fbc-98fe-3d32486e8fa1 +vulnerability,CVE-2025-20640,vulnerability--1e7aaacd-6328-4b1b-ad72-dd6360a81d61 +vulnerability,CVE-2025-20631,vulnerability--130724db-3d29-41ba-bd7b-d624bcf323f9 +vulnerability,CVE-2025-20642,vulnerability--6c493e55-a843-411b-9b4f-8ee8f764ec61 +vulnerability,CVE-2025-20638,vulnerability--8232d031-bbb1-4972-94fe-971673890a1d +vulnerability,CVE-2025-20635,vulnerability--6ea948ff-e496-4b11-8e4d-bea0b95291da +vulnerability,CVE-2025-20639,vulnerability--d61f87b1-a247-433b-b8ff-ee78e2e4c237 +vulnerability,CVE-2025-20633,vulnerability--89d32fd8-6a9d-4a1e-8942-f3247160f3b9 +vulnerability,CVE-2025-20641,vulnerability--e613311d-77e1-4062-b9b0-9c7fbbb9a75e +vulnerability,CVE-2025-20634,vulnerability--20ad7902-a3bb-496b-83a9-a2aa369291b8 +vulnerability,CVE-2025-20636,vulnerability--104ff45b-adbb-42a7-95dd-6e10ed60a629 +vulnerability,CVE-2025-20643,vulnerability--2831571c-5513-4623-890a-437f32e354c3 diff --git a/objects/vulnerability/vulnerability--00ea850d-ba1f-4841-a89b-b289b0d99e64.json b/objects/vulnerability/vulnerability--00ea850d-ba1f-4841-a89b-b289b0d99e64.json new file mode 100644 index 00000000000..f5b07d10142 --- /dev/null +++ b/objects/vulnerability/vulnerability--00ea850d-ba1f-4841-a89b-b289b0d99e64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--72a35f03-1edf-4cb4-890c-26f5e450d99d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--00ea850d-ba1f-4841-a89b-b289b0d99e64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.571121Z", + "modified": "2025-02-04T00:36:42.571121Z", + "name": "CVE-2025-24544", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexandros Georgiou Bitcoin and Altcoin Wallets allows Reflected XSS. This issue affects Bitcoin and Altcoin Wallets: from n/a through 6.3.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24544" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--01b8285e-0b78-421f-a939-0a27af9c7258.json b/objects/vulnerability/vulnerability--01b8285e-0b78-421f-a939-0a27af9c7258.json new file mode 100644 index 00000000000..a944aa8acc2 --- /dev/null +++ b/objects/vulnerability/vulnerability--01b8285e-0b78-421f-a939-0a27af9c7258.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c3a87e3b-486e-43f9-a7b9-440e9b55c556", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--01b8285e-0b78-421f-a939-0a27af9c7258", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.60476Z", + "modified": "2025-02-04T00:36:42.60476Z", + "name": "CVE-2025-0973", + "description": "A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument select[] leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0973" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--038cadeb-565b-46d1-9347-32559a82f35d.json b/objects/vulnerability/vulnerability--038cadeb-565b-46d1-9347-32559a82f35d.json new file mode 100644 index 00000000000..3de49a6e79a --- /dev/null +++ b/objects/vulnerability/vulnerability--038cadeb-565b-46d1-9347-32559a82f35d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1bb9c174-4de5-421d-812d-b10d3d94557c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--038cadeb-565b-46d1-9347-32559a82f35d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.210721Z", + "modified": "2025-02-04T00:36:32.210721Z", + "name": "CVE-2024-54840", + "description": "PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54840" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05657499-c450-4292-91e7-ef0465abacff.json b/objects/vulnerability/vulnerability--05657499-c450-4292-91e7-ef0465abacff.json new file mode 100644 index 00000000000..856c14af83f --- /dev/null +++ b/objects/vulnerability/vulnerability--05657499-c450-4292-91e7-ef0465abacff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1c6c3c9-c152-42a1-a0be-96f0450a136a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05657499-c450-4292-91e7-ef0465abacff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.46068Z", + "modified": "2025-02-04T00:36:32.46068Z", + "name": "CVE-2024-38418", + "description": "Memory corruption while parsing the memory map info in IOCTL calls.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38418" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05a86bb1-d37f-44e5-a5a2-0fc45cb27568.json b/objects/vulnerability/vulnerability--05a86bb1-d37f-44e5-a5a2-0fc45cb27568.json new file mode 100644 index 00000000000..e0ee3b9808a --- /dev/null +++ b/objects/vulnerability/vulnerability--05a86bb1-d37f-44e5-a5a2-0fc45cb27568.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41b2be80-d309-4f87-badd-57734dd091eb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05a86bb1-d37f-44e5-a5a2-0fc45cb27568", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.460781Z", + "modified": "2025-02-04T00:36:42.460781Z", + "name": "CVE-2025-23984", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainvireinfo Dynamic URL SEO allows Reflected XSS. This issue affects Dynamic URL SEO: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23984" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0719107a-969c-4aee-9105-e8b5a6e8ffc6.json b/objects/vulnerability/vulnerability--0719107a-969c-4aee-9105-e8b5a6e8ffc6.json new file mode 100644 index 00000000000..657cb7185ba --- /dev/null +++ b/objects/vulnerability/vulnerability--0719107a-969c-4aee-9105-e8b5a6e8ffc6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b03b9b90-a419-45e7-9d5d-1190c14a23e4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0719107a-969c-4aee-9105-e8b5a6e8ffc6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.418399Z", + "modified": "2025-02-04T00:36:32.418399Z", + "name": "CVE-2024-38411", + "description": "Memory corruption while registering a buffer from user-space to kernel-space using IOCTL calls.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38411" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0776f98c-8af8-4379-a966-a82b7e7f322c.json b/objects/vulnerability/vulnerability--0776f98c-8af8-4379-a966-a82b7e7f322c.json new file mode 100644 index 00000000000..6f9bf29fd4f --- /dev/null +++ b/objects/vulnerability/vulnerability--0776f98c-8af8-4379-a966-a82b7e7f322c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0ff5b8a3-6040-4682-b731-ef1c0475ee33", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0776f98c-8af8-4379-a966-a82b7e7f322c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.534554Z", + "modified": "2025-02-04T00:36:42.534554Z", + "name": "CVE-2025-24642", + "description": "Missing Authorization vulnerability in theme funda Setup Default Featured Image allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Setup Default Featured Image: from n/a through 1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24642" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--07d7e272-8d9d-4264-aa7b-84a2e62b54fe.json b/objects/vulnerability/vulnerability--07d7e272-8d9d-4264-aa7b-84a2e62b54fe.json new file mode 100644 index 00000000000..5d30e2585ba --- /dev/null +++ b/objects/vulnerability/vulnerability--07d7e272-8d9d-4264-aa7b-84a2e62b54fe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e85cfe9c-e007-418d-a4bd-b9431b9ec9d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--07d7e272-8d9d-4264-aa7b-84a2e62b54fe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.395784Z", + "modified": "2025-02-04T00:36:32.395784Z", + "name": "CVE-2024-57522", + "description": "SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57522" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--086b3bb7-e851-4d5f-bf2b-eb8b3b8edf5a.json b/objects/vulnerability/vulnerability--086b3bb7-e851-4d5f-bf2b-eb8b3b8edf5a.json new file mode 100644 index 00000000000..bd851b14864 --- /dev/null +++ b/objects/vulnerability/vulnerability--086b3bb7-e851-4d5f-bf2b-eb8b3b8edf5a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92ca1704-8425-4132-99b0-8eeee2de4c6b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--086b3bb7-e851-4d5f-bf2b-eb8b3b8edf5a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:34.202589Z", + "modified": "2025-02-04T00:36:34.202589Z", + "name": "CVE-2024-20142", + "description": "In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20142" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--09507438-76c6-450f-8663-e28d93a89238.json b/objects/vulnerability/vulnerability--09507438-76c6-450f-8663-e28d93a89238.json new file mode 100644 index 00000000000..93ca6f47e7f --- /dev/null +++ b/objects/vulnerability/vulnerability--09507438-76c6-450f-8663-e28d93a89238.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dcc54dcf-a96e-4773-b004-aea217c3607c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--09507438-76c6-450f-8663-e28d93a89238", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.332226Z", + "modified": "2025-02-04T00:36:42.332226Z", + "name": "CVE-2025-22292", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felipe Peixoto Powerful Auto Chat allows Stored XSS. This issue affects Powerful Auto Chat: from n/a through 1.9.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22292" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0a47c903-3953-4548-8a26-f93fb03ad03f.json b/objects/vulnerability/vulnerability--0a47c903-3953-4548-8a26-f93fb03ad03f.json new file mode 100644 index 00000000000..5ef9ccffd8f --- /dev/null +++ b/objects/vulnerability/vulnerability--0a47c903-3953-4548-8a26-f93fb03ad03f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ae83b31-1107-43fb-9e40-2aede4a2b390", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0a47c903-3953-4548-8a26-f93fb03ad03f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.729167Z", + "modified": "2025-02-04T00:36:31.729167Z", + "name": "CVE-2024-12859", + "description": "The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12859" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0a95a7e8-b0df-43b9-9938-ead9a32284fb.json b/objects/vulnerability/vulnerability--0a95a7e8-b0df-43b9-9938-ead9a32284fb.json new file mode 100644 index 00000000000..4546d943057 --- /dev/null +++ b/objects/vulnerability/vulnerability--0a95a7e8-b0df-43b9-9938-ead9a32284fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f7fcb84-c62f-4ebb-9606-5b739a437378", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0a95a7e8-b0df-43b9-9938-ead9a32284fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.486805Z", + "modified": "2025-02-04T00:36:42.486805Z", + "name": "CVE-2025-25063", + "description": "An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG tags. SVG images can contain clickable links and executable scripting, and using a crafted SVG, it is possible to execute scripting in the browser when an SVG image is viewed. This issue is mitigated by the attacker needing to be able to upload SVG images, and that Backdrop embeds all uploaded SVG images within <img> tags, which prevents scripting from executing. The SVG must be viewed directly by its URL in order to run any embedded scripting.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25063" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d103ac0-cb9a-49f2-a3d5-19d5086edc0f.json b/objects/vulnerability/vulnerability--0d103ac0-cb9a-49f2-a3d5-19d5086edc0f.json new file mode 100644 index 00000000000..bc4a227b025 --- /dev/null +++ b/objects/vulnerability/vulnerability--0d103ac0-cb9a-49f2-a3d5-19d5086edc0f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d393616-68b5-477d-ba14-0064f5da416e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d103ac0-cb9a-49f2-a3d5-19d5086edc0f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.459285Z", + "modified": "2025-02-04T00:36:42.459285Z", + "name": "CVE-2025-23591", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blu Logistics Pte. Ltd. blu Logistics allows Reflected XSS. This issue affects blu Logistics: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23591" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0dfd2d2c-fd4a-4f32-b143-ebd298e2222d.json b/objects/vulnerability/vulnerability--0dfd2d2c-fd4a-4f32-b143-ebd298e2222d.json new file mode 100644 index 00000000000..aabe2f405ba --- /dev/null +++ b/objects/vulnerability/vulnerability--0dfd2d2c-fd4a-4f32-b143-ebd298e2222d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2e08358-9483-451e-a066-0f194eef86d6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0dfd2d2c-fd4a-4f32-b143-ebd298e2222d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.42384Z", + "modified": "2025-02-04T00:36:42.42384Z", + "name": "CVE-2025-23594", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uzzal mondal Google Map With Fancybox allows Reflected XSS. This issue affects Google Map With Fancybox: from n/a through 2.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23594" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0f012650-c1f6-4bb6-9636-b47f81cbe736.json b/objects/vulnerability/vulnerability--0f012650-c1f6-4bb6-9636-b47f81cbe736.json new file mode 100644 index 00000000000..dbfafd78024 --- /dev/null +++ b/objects/vulnerability/vulnerability--0f012650-c1f6-4bb6-9636-b47f81cbe736.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f44cc365-5794-4a66-a1af-7c969139c41e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0f012650-c1f6-4bb6-9636-b47f81cbe736", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.491484Z", + "modified": "2025-02-04T00:36:42.491484Z", + "name": "CVE-2025-24629", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPGear Import Excel to Gravity Forms allows Reflected XSS. This issue affects Import Excel to Gravity Forms: from n/a through 1.18.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24629" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--104ff45b-adbb-42a7-95dd-6e10ed60a629.json b/objects/vulnerability/vulnerability--104ff45b-adbb-42a7-95dd-6e10ed60a629.json new file mode 100644 index 00000000000..97bc15787ca --- /dev/null +++ b/objects/vulnerability/vulnerability--104ff45b-adbb-42a7-95dd-6e10ed60a629.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--97f2eca7-03df-45ec-8f0c-603dddfa4a55", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--104ff45b-adbb-42a7-95dd-6e10ed60a629", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.676344Z", + "modified": "2025-02-04T00:36:42.676344Z", + "name": "CVE-2025-20636", + "description": "In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20636" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--130724db-3d29-41ba-bd7b-d624bcf323f9.json b/objects/vulnerability/vulnerability--130724db-3d29-41ba-bd7b-d624bcf323f9.json new file mode 100644 index 00000000000..a35c0cbff35 --- /dev/null +++ b/objects/vulnerability/vulnerability--130724db-3d29-41ba-bd7b-d624bcf323f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1f8c2a9b-c6c9-498d-b3d7-3da0a2657116", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--130724db-3d29-41ba-bd7b-d624bcf323f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.636856Z", + "modified": "2025-02-04T00:36:42.636856Z", + "name": "CVE-2025-20631", + "description": "In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20631" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--168f1a1a-fbaf-4217-85c2-f307c573e873.json b/objects/vulnerability/vulnerability--168f1a1a-fbaf-4217-85c2-f307c573e873.json new file mode 100644 index 00000000000..4125b6aa9aa --- /dev/null +++ b/objects/vulnerability/vulnerability--168f1a1a-fbaf-4217-85c2-f307c573e873.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee70ed4d-fa07-437f-8217-bb62900498cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--168f1a1a-fbaf-4217-85c2-f307c573e873", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.457934Z", + "modified": "2025-02-04T00:36:42.457934Z", + "name": "CVE-2025-23755", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PAFacile allows Reflected XSS. This issue affects PAFacile: from n/a through 2.6.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23755" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18fc97fc-fc6f-4548-84e7-abd00c9fe73a.json b/objects/vulnerability/vulnerability--18fc97fc-fc6f-4548-84e7-abd00c9fe73a.json new file mode 100644 index 00000000000..2c3edbd8689 --- /dev/null +++ b/objects/vulnerability/vulnerability--18fc97fc-fc6f-4548-84e7-abd00c9fe73a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--779a307f-ebb9-4565-9292-683aceabec3b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18fc97fc-fc6f-4548-84e7-abd00c9fe73a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.465248Z", + "modified": "2025-02-04T00:36:42.465248Z", + "name": "CVE-2025-23210", + "description": "phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1.8, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23210" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--19ed4503-6e07-4f9c-ab28-38011ccf9ba2.json b/objects/vulnerability/vulnerability--19ed4503-6e07-4f9c-ab28-38011ccf9ba2.json new file mode 100644 index 00000000000..627181108ff --- /dev/null +++ b/objects/vulnerability/vulnerability--19ed4503-6e07-4f9c-ab28-38011ccf9ba2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61bdc8ef-1a17-414d-8524-4cf8931aaa75", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--19ed4503-6e07-4f9c-ab28-38011ccf9ba2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.860643Z", + "modified": "2025-02-04T00:36:32.860643Z", + "name": "CVE-2024-56898", + "description": "Incorrect access control in Geovision GV-ASWeb version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to manage and create new user accounts via supplying a crafted HTTP request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56898" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1b37762f-0c57-41a9-b510-20cd959afd3a.json b/objects/vulnerability/vulnerability--1b37762f-0c57-41a9-b510-20cd959afd3a.json new file mode 100644 index 00000000000..252d15b5edc --- /dev/null +++ b/objects/vulnerability/vulnerability--1b37762f-0c57-41a9-b510-20cd959afd3a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6bd5d07e-c327-4a41-8f63-617e75fd5d65", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1b37762f-0c57-41a9-b510-20cd959afd3a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:33.855437Z", + "modified": "2025-02-04T00:36:33.855437Z", + "name": "CVE-2024-49833", + "description": "Memory corruption can occur in the camera when an invalid CID is used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49833" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1b51cd60-9acd-42cd-9b75-93212ead5996.json b/objects/vulnerability/vulnerability--1b51cd60-9acd-42cd-9b75-93212ead5996.json new file mode 100644 index 00000000000..6e76741319e --- /dev/null +++ b/objects/vulnerability/vulnerability--1b51cd60-9acd-42cd-9b75-93212ead5996.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db6a8263-3fc2-4075-aeb8-b3c2700ccd4a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1b51cd60-9acd-42cd-9b75-93212ead5996", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.562214Z", + "modified": "2025-02-04T00:36:32.562214Z", + "name": "CVE-2024-36437", + "description": "The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-36437" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1bbaff93-26f7-44f5-a61d-4c06eed7210d.json b/objects/vulnerability/vulnerability--1bbaff93-26f7-44f5-a61d-4c06eed7210d.json new file mode 100644 index 00000000000..1a112be719b --- /dev/null +++ b/objects/vulnerability/vulnerability--1bbaff93-26f7-44f5-a61d-4c06eed7210d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--564c5026-974e-4260-841c-bbce902dc0c7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1bbaff93-26f7-44f5-a61d-4c06eed7210d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.414464Z", + "modified": "2025-02-04T00:36:32.414464Z", + "name": "CVE-2024-38417", + "description": "Information disclosure while processing IO control commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38417" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c56b076-a64b-411a-a5a2-d4243e08c0f0.json b/objects/vulnerability/vulnerability--1c56b076-a64b-411a-a5a2-d4243e08c0f0.json new file mode 100644 index 00000000000..bd21b4c2af4 --- /dev/null +++ b/objects/vulnerability/vulnerability--1c56b076-a64b-411a-a5a2-d4243e08c0f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--26f7899b-5941-4a15-b5f9-d0d2e7c269db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c56b076-a64b-411a-a5a2-d4243e08c0f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.880246Z", + "modified": "2025-02-04T00:36:32.880246Z", + "name": "CVE-2024-56901", + "description": "A Cross-Site Request Forgery (CSRF) in the Account Management component of Geovision GV-ASWeb version 6.1.1.0 or less allows attackers to arbitrarily create Admin accounts via a crafted GET request method.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56901" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c764525-eb53-49d3-83b7-343f94983082.json b/objects/vulnerability/vulnerability--1c764525-eb53-49d3-83b7-343f94983082.json new file mode 100644 index 00000000000..41111d78679 --- /dev/null +++ b/objects/vulnerability/vulnerability--1c764525-eb53-49d3-83b7-343f94983082.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6df71f73-d2c2-4508-a5be-03f477090f31", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c764525-eb53-49d3-83b7-343f94983082", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.934574Z", + "modified": "2025-02-04T00:36:31.934574Z", + "name": "CVE-2024-45560", + "description": "Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45560" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1cdb7402-091f-4c66-8d3c-ca0b48e39d95.json b/objects/vulnerability/vulnerability--1cdb7402-091f-4c66-8d3c-ca0b48e39d95.json new file mode 100644 index 00000000000..5fa9b495d95 --- /dev/null +++ b/objects/vulnerability/vulnerability--1cdb7402-091f-4c66-8d3c-ca0b48e39d95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3df81c54-d64d-443b-aab7-8495e8f0bf51", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1cdb7402-091f-4c66-8d3c-ca0b48e39d95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.566115Z", + "modified": "2025-02-04T00:36:42.566115Z", + "name": "CVE-2025-24569", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RedefiningTheWeb PDF Generator Addon for Elementor Page Builder allows Path Traversal. This issue affects PDF Generator Addon for Elementor Page Builder: from n/a through 1.7.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24569" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e20075e-2140-4926-a18a-631f60082889.json b/objects/vulnerability/vulnerability--1e20075e-2140-4926-a18a-631f60082889.json new file mode 100644 index 00000000000..7e06ce61fef --- /dev/null +++ b/objects/vulnerability/vulnerability--1e20075e-2140-4926-a18a-631f60082889.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--511f5b12-b1e5-470c-8ef3-3fb633488172", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e20075e-2140-4926-a18a-631f60082889", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.682693Z", + "modified": "2025-02-04T00:36:32.682693Z", + "name": "CVE-2024-35177", + "description": "Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by placing one of the many DLL that are loaded and not present on the system in the installation folder of the agent OR by replacing the service executable binary itself with a malicious one. The root cause is an improper ACL applied on the installation folder when a non-default installation path is specified (e.g,: C:\\wazuh). Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUTHORITY\\SYSTEM. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-35177" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1e7aaacd-6328-4b1b-ad72-dd6360a81d61.json b/objects/vulnerability/vulnerability--1e7aaacd-6328-4b1b-ad72-dd6360a81d61.json new file mode 100644 index 00000000000..556c757b062 --- /dev/null +++ b/objects/vulnerability/vulnerability--1e7aaacd-6328-4b1b-ad72-dd6360a81d61.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c79dd4d3-f1b1-4f33-8d0f-1d2977c856f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1e7aaacd-6328-4b1b-ad72-dd6360a81d61", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.635608Z", + "modified": "2025-02-04T00:36:42.635608Z", + "name": "CVE-2025-20640", + "description": "In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20640" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1fbd3951-ef54-4cc0-8fe1-39266dd1097b.json b/objects/vulnerability/vulnerability--1fbd3951-ef54-4cc0-8fe1-39266dd1097b.json new file mode 100644 index 00000000000..d89b1b87cd5 --- /dev/null +++ b/objects/vulnerability/vulnerability--1fbd3951-ef54-4cc0-8fe1-39266dd1097b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--21f9d0ba-94e8-4e3f-82d6-60b6427fdb4d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1fbd3951-ef54-4cc0-8fe1-39266dd1097b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.507544Z", + "modified": "2025-02-04T00:36:42.507544Z", + "name": "CVE-2025-24631", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PhiloPress BP Email Assign Templates allows Reflected XSS. This issue affects BP Email Assign Templates: from n/a through 1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24631" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--202127f3-31a6-4880-80ba-808b77119485.json b/objects/vulnerability/vulnerability--202127f3-31a6-4880-80ba-808b77119485.json new file mode 100644 index 00000000000..d863adc36a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--202127f3-31a6-4880-80ba-808b77119485.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b8047d4b-faed-4bd8-8753-0cd9592a15ad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--202127f3-31a6-4880-80ba-808b77119485", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.403937Z", + "modified": "2025-02-04T00:36:42.403937Z", + "name": "CVE-2025-22690", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration allows Stored XSS. This issue affects DigiTimber cPanel Integration: from n/a through 1.4.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22690" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--20ad7902-a3bb-496b-83a9-a2aa369291b8.json b/objects/vulnerability/vulnerability--20ad7902-a3bb-496b-83a9-a2aa369291b8.json new file mode 100644 index 00000000000..9a7abaa2a0f --- /dev/null +++ b/objects/vulnerability/vulnerability--20ad7902-a3bb-496b-83a9-a2aa369291b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dbdd86ea-3b86-441d-9461-ec9e874a2289", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--20ad7902-a3bb-496b-83a9-a2aa369291b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.672424Z", + "modified": "2025-02-04T00:36:42.672424Z", + "name": "CVE-2025-20634", + "description": "In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20634" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--213b3e52-0338-4d4e-91c7-e56114c97559.json b/objects/vulnerability/vulnerability--213b3e52-0338-4d4e-91c7-e56114c97559.json new file mode 100644 index 00000000000..0b69044f551 --- /dev/null +++ b/objects/vulnerability/vulnerability--213b3e52-0338-4d4e-91c7-e56114c97559.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c0f1cb5-a52b-41bc-bf47-bdf9b706a68c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--213b3e52-0338-4d4e-91c7-e56114c97559", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.451105Z", + "modified": "2025-02-04T00:36:32.451105Z", + "name": "CVE-2024-38413", + "description": "Memory corruption while processing frame packets.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38413" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23ee648e-170e-4c2d-993c-b360408b2743.json b/objects/vulnerability/vulnerability--23ee648e-170e-4c2d-993c-b360408b2743.json new file mode 100644 index 00000000000..547262a5398 --- /dev/null +++ b/objects/vulnerability/vulnerability--23ee648e-170e-4c2d-993c-b360408b2743.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a8d7057-a216-4676-831b-410b386a23ad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23ee648e-170e-4c2d-993c-b360408b2743", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.851647Z", + "modified": "2025-02-04T00:36:32.851647Z", + "name": "CVE-2024-56921", + "description": "An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56921" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--240561e8-d303-4283-a3a7-a3c6090bd9bc.json b/objects/vulnerability/vulnerability--240561e8-d303-4283-a3a7-a3c6090bd9bc.json new file mode 100644 index 00000000000..913bdf6eafa --- /dev/null +++ b/objects/vulnerability/vulnerability--240561e8-d303-4283-a3a7-a3c6090bd9bc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92282862-654b-4069-ac50-b909dead4e45", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--240561e8-d303-4283-a3a7-a3c6090bd9bc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.521091Z", + "modified": "2025-02-04T00:36:42.521091Z", + "name": "CVE-2025-24898", + "description": "rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's lifetime is shorter than the `client` buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate`openssl` version 0.10.70 fixes the signature of `ssl::select_next_proto` to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of `ssl::select_next_proto` in the callback passed to `SslContextBuilder::set_alpn_select_callback`, code is only affected if the `server` buffer is constructed *within* the callback.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24898" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--250bbf3f-226b-452e-b41c-12c8687a7d74.json b/objects/vulnerability/vulnerability--250bbf3f-226b-452e-b41c-12c8687a7d74.json new file mode 100644 index 00000000000..8a4796ec195 --- /dev/null +++ b/objects/vulnerability/vulnerability--250bbf3f-226b-452e-b41c-12c8687a7d74.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b74c4d6e-6824-442c-b33b-466d36a4b432", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--250bbf3f-226b-452e-b41c-12c8687a7d74", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:33.592054Z", + "modified": "2025-02-04T00:36:33.592054Z", + "name": "CVE-2024-55456", + "description": "lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55456" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2660b7a5-0344-40d6-b4ca-2f7f0c36afa8.json b/objects/vulnerability/vulnerability--2660b7a5-0344-40d6-b4ca-2f7f0c36afa8.json new file mode 100644 index 00000000000..2fd916254b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--2660b7a5-0344-40d6-b4ca-2f7f0c36afa8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4a31a011-528a-4552-a6e7-6b8345e4f054", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2660b7a5-0344-40d6-b4ca-2f7f0c36afa8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.439981Z", + "modified": "2025-02-04T00:36:42.439981Z", + "name": "CVE-2025-23920", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApplicantPro ApplicantPro allows Reflected XSS. This issue affects ApplicantPro: from n/a through 1.3.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23920" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--269c9aef-6244-492f-873e-9d2891705ac9.json b/objects/vulnerability/vulnerability--269c9aef-6244-492f-873e-9d2891705ac9.json new file mode 100644 index 00000000000..6092a29c438 --- /dev/null +++ b/objects/vulnerability/vulnerability--269c9aef-6244-492f-873e-9d2891705ac9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a882c552-4ccd-4d35-b94d-62a08daa76c4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--269c9aef-6244-492f-873e-9d2891705ac9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.343499Z", + "modified": "2025-02-04T00:36:42.343499Z", + "name": "CVE-2025-22691", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel allows SQL Injection. This issue affects WP Travel: from n/a through 10.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22691" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2831571c-5513-4623-890a-437f32e354c3.json b/objects/vulnerability/vulnerability--2831571c-5513-4623-890a-437f32e354c3.json new file mode 100644 index 00000000000..aa6c32a6fef --- /dev/null +++ b/objects/vulnerability/vulnerability--2831571c-5513-4623-890a-437f32e354c3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--524922c7-bdab-4bf3-af38-d283b7174b6a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2831571c-5513-4623-890a-437f32e354c3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.681435Z", + "modified": "2025-02-04T00:36:42.681435Z", + "name": "CVE-2025-20643", + "description": "In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20643" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28e74f1e-df82-4be1-b3e8-c330023b70e4.json b/objects/vulnerability/vulnerability--28e74f1e-df82-4be1-b3e8-c330023b70e4.json new file mode 100644 index 00000000000..20474b6d7f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--28e74f1e-df82-4be1-b3e8-c330023b70e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2decd8cd-3ca4-4d3e-9bcd-f1b35454c1b0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28e74f1e-df82-4be1-b3e8-c330023b70e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.611954Z", + "modified": "2025-02-04T00:36:42.611954Z", + "name": "CVE-2025-0015", + "description": "Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0015" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2c4a4e34-b355-4055-b69f-a48735b3cd75.json b/objects/vulnerability/vulnerability--2c4a4e34-b355-4055-b69f-a48735b3cd75.json new file mode 100644 index 00000000000..d01c8f4e194 --- /dev/null +++ b/objects/vulnerability/vulnerability--2c4a4e34-b355-4055-b69f-a48735b3cd75.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--139c5973-60fa-4b48-9c6c-b9c2fea2e84d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2c4a4e34-b355-4055-b69f-a48735b3cd75", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.394372Z", + "modified": "2025-02-04T00:36:42.394372Z", + "name": "CVE-2025-22681", + "description": "Missing Authorization vulnerability in Xfinity Soft Content Cloner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Cloner: from n/a through 1.0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22681" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2cc05e86-bf8f-45b7-bfee-ab8bab0ca032.json b/objects/vulnerability/vulnerability--2cc05e86-bf8f-45b7-bfee-ab8bab0ca032.json new file mode 100644 index 00000000000..c9c5ce308f1 --- /dev/null +++ b/objects/vulnerability/vulnerability--2cc05e86-bf8f-45b7-bfee-ab8bab0ca032.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dcf11c23-0ad4-4021-9b25-a0b3ce065b22", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2cc05e86-bf8f-45b7-bfee-ab8bab0ca032", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.321021Z", + "modified": "2025-02-04T00:36:42.321021Z", + "name": "CVE-2025-22693", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery Contest Gallery allows SQL Injection. This issue affects Contest Gallery: from n/a through 25.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22693" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2cead0ea-4c84-4217-a8d8-faa1645122cc.json b/objects/vulnerability/vulnerability--2cead0ea-4c84-4217-a8d8-faa1645122cc.json new file mode 100644 index 00000000000..cc91e1a027e --- /dev/null +++ b/objects/vulnerability/vulnerability--2cead0ea-4c84-4217-a8d8-faa1645122cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ff93c74-4dfe-437a-b0db-daf4ebde57f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2cead0ea-4c84-4217-a8d8-faa1645122cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.392587Z", + "modified": "2025-02-04T00:36:42.392587Z", + "name": "CVE-2025-22677", + "description": "Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uix Shortcodes: from n/a through 2.0.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22677" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d182a05-c993-4561-a532-8a7b95f81da0.json b/objects/vulnerability/vulnerability--2d182a05-c993-4561-a532-8a7b95f81da0.json new file mode 100644 index 00000000000..94f38b16cd6 --- /dev/null +++ b/objects/vulnerability/vulnerability--2d182a05-c993-4561-a532-8a7b95f81da0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6a892296-e391-460c-81c0-f0a7cd262eb0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d182a05-c993-4561-a532-8a7b95f81da0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.54364Z", + "modified": "2025-02-04T00:36:42.54364Z", + "name": "CVE-2025-24370", + "description": "Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality `set_property_value`, which can be remotely triggered by users by crafting appropriate component requests and feeding in values of second and third parameter to the vulnerable function, leading to arbitrary changes to the python runtime status. With this finding at least five ways of vulnerability exploitation have been observed, stably resulting in Cross-Site Scripting (XSS), Denial of Service (DoS), and Authentication Bypass attacks in almost every Django-Unicorn-based application. This issue has been addressed in version 0.62.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24370" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e3469b1-29fc-4cda-9be1-d55f43ac9c09.json b/objects/vulnerability/vulnerability--2e3469b1-29fc-4cda-9be1-d55f43ac9c09.json new file mode 100644 index 00000000000..336ec06011e --- /dev/null +++ b/objects/vulnerability/vulnerability--2e3469b1-29fc-4cda-9be1-d55f43ac9c09.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3cc7a2ac-3b09-4a0f-891b-78e5888b9b9c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e3469b1-29fc-4cda-9be1-d55f43ac9c09", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.502468Z", + "modified": "2025-02-04T00:36:42.502468Z", + "name": "CVE-2025-24660", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership Custom Messages allows Reflected XSS. This issue affects Simple Membership Custom Messages: from n/a through 2.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24660" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2f4e95bf-9d88-4933-a264-69d67d880662.json b/objects/vulnerability/vulnerability--2f4e95bf-9d88-4933-a264-69d67d880662.json new file mode 100644 index 00000000000..98ce844ce55 --- /dev/null +++ b/objects/vulnerability/vulnerability--2f4e95bf-9d88-4933-a264-69d67d880662.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be82e958-974b-4253-bcb3-846d0cc285ae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2f4e95bf-9d88-4933-a264-69d67d880662", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.083903Z", + "modified": "2025-02-04T00:36:32.083903Z", + "name": "CVE-2024-44449", + "description": "Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44449" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--30347b27-7fdb-4722-a29b-179abf250b40.json b/objects/vulnerability/vulnerability--30347b27-7fdb-4722-a29b-179abf250b40.json new file mode 100644 index 00000000000..96869fb43d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--30347b27-7fdb-4722-a29b-179abf250b40.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--679bc934-15a6-4ecc-8935-fa241822a9cb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--30347b27-7fdb-4722-a29b-179abf250b40", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.518572Z", + "modified": "2025-02-04T00:36:42.518572Z", + "name": "CVE-2025-24902", + "description": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24902" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--327c7630-e3e3-4960-93df-508391b71766.json b/objects/vulnerability/vulnerability--327c7630-e3e3-4960-93df-508391b71766.json new file mode 100644 index 00000000000..f0a5cf63082 --- /dev/null +++ b/objects/vulnerability/vulnerability--327c7630-e3e3-4960-93df-508391b71766.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9ad5ac5-0b45-4123-a359-cae4aef7d1d7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--327c7630-e3e3-4960-93df-508391b71766", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.563417Z", + "modified": "2025-02-04T00:36:42.563417Z", + "name": "CVE-2025-24959", + "description": "zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through `dotenv.stringify` are particularly vulnerable. This issue has been patched in version 8.3.2. Users should immediately upgrade to this version to mitigate the vulnerability. If upgrading is not feasible, users can mitigate the vulnerability by sanitizing user-controlled environment variable values before passing them to `dotenv.stringify`. Specifically, avoid using `\"`, `'`, and backticks in values, or enforce strict validation of environment variables before usage.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24959" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--330969e8-e0be-4b19-a22e-5c5869c05860.json b/objects/vulnerability/vulnerability--330969e8-e0be-4b19-a22e-5c5869c05860.json new file mode 100644 index 00000000000..9d06eb4b198 --- /dev/null +++ b/objects/vulnerability/vulnerability--330969e8-e0be-4b19-a22e-5c5869c05860.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2fb2706d-0395-4daf-89cb-32544e43c477", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--330969e8-e0be-4b19-a22e-5c5869c05860", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.349798Z", + "modified": "2025-02-04T00:36:42.349798Z", + "name": "CVE-2025-22683", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper NotificationX allows Stored XSS. This issue affects NotificationX: from n/a through 2.9.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22683" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--379cb12d-850d-4406-bcd0-984b1bd79de2.json b/objects/vulnerability/vulnerability--379cb12d-850d-4406-bcd0-984b1bd79de2.json new file mode 100644 index 00000000000..3d552a1c27b --- /dev/null +++ b/objects/vulnerability/vulnerability--379cb12d-850d-4406-bcd0-984b1bd79de2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dc84bd83-e87b-4694-a02d-4609d2d363dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--379cb12d-850d-4406-bcd0-984b1bd79de2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.615978Z", + "modified": "2025-02-04T00:36:42.615978Z", + "name": "CVE-2025-0974", + "description": "A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0974" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--38a3e829-b31c-449d-8f4d-10e3be3e7f6a.json b/objects/vulnerability/vulnerability--38a3e829-b31c-449d-8f4d-10e3be3e7f6a.json new file mode 100644 index 00000000000..eb99e444111 --- /dev/null +++ b/objects/vulnerability/vulnerability--38a3e829-b31c-449d-8f4d-10e3be3e7f6a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d88cf12c-612a-47c3-934b-8b91278ee59b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--38a3e829-b31c-449d-8f4d-10e3be3e7f6a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.407578Z", + "modified": "2025-02-04T00:36:42.407578Z", + "name": "CVE-2025-23561", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MLL Audio Player MP3 Ajax allows Stored XSS. This issue affects MLL Audio Player MP3 Ajax: from n/a through 0.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23561" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--393a0e8f-03f0-491a-aca2-1895fe00846a.json b/objects/vulnerability/vulnerability--393a0e8f-03f0-491a-aca2-1895fe00846a.json new file mode 100644 index 00000000000..ad82d828e32 --- /dev/null +++ b/objects/vulnerability/vulnerability--393a0e8f-03f0-491a-aca2-1895fe00846a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f5b2acb-888d-4f13-95a8-39bc6e11cee5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--393a0e8f-03f0-491a-aca2-1895fe00846a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.464338Z", + "modified": "2025-02-04T00:36:32.464338Z", + "name": "CVE-2024-38404", + "description": "Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38404" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3b81344b-b48b-48de-b04e-a4712804dfbb.json b/objects/vulnerability/vulnerability--3b81344b-b48b-48de-b04e-a4712804dfbb.json new file mode 100644 index 00000000000..76911bc4fcf --- /dev/null +++ b/objects/vulnerability/vulnerability--3b81344b-b48b-48de-b04e-a4712804dfbb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0f24e0b1-c1d1-4aab-acaa-16986da8849b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3b81344b-b48b-48de-b04e-a4712804dfbb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.53756Z", + "modified": "2025-02-04T00:36:42.53756Z", + "name": "CVE-2025-24639", + "description": "Insertion of Sensitive Information Into Sent Data vulnerability in GREYS Korea for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Korea for WooCommerce: from n/a through 1.1.11.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24639" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c6d5136-8050-4cd8-8490-d64a594d97f2.json b/objects/vulnerability/vulnerability--3c6d5136-8050-4cd8-8490-d64a594d97f2.json new file mode 100644 index 00000000000..cdf92fffe0c --- /dev/null +++ b/objects/vulnerability/vulnerability--3c6d5136-8050-4cd8-8490-d64a594d97f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e7260d0-0311-444c-b512-339697b9fed7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c6d5136-8050-4cd8-8490-d64a594d97f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.472454Z", + "modified": "2025-02-04T00:36:42.472454Z", + "name": "CVE-2025-23685", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound RomanCart allows Reflected XSS. This issue affects RomanCart: from n/a through 0.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23685" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3cf6ed12-4527-4725-994c-0df5fee5353f.json b/objects/vulnerability/vulnerability--3cf6ed12-4527-4725-994c-0df5fee5353f.json new file mode 100644 index 00000000000..00929f11c95 --- /dev/null +++ b/objects/vulnerability/vulnerability--3cf6ed12-4527-4725-994c-0df5fee5353f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--729c4975-ba4f-4560-89d7-e87add0df723", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3cf6ed12-4527-4725-994c-0df5fee5353f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.509028Z", + "modified": "2025-02-04T00:36:42.509028Z", + "name": "CVE-2025-24697", + "description": "Missing Authorization vulnerability in Realwebcare Image Gallery – Responsive Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Gallery – Responsive Photo Gallery: from n/a through 1.0.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24697" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d185a34-02f3-400f-8ab4-d89a97646faf.json b/objects/vulnerability/vulnerability--3d185a34-02f3-400f-8ab4-d89a97646faf.json new file mode 100644 index 00000000000..311928de410 --- /dev/null +++ b/objects/vulnerability/vulnerability--3d185a34-02f3-400f-8ab4-d89a97646faf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4c51ba14-f9d0-4fba-bca8-af8e92033519", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d185a34-02f3-400f-8ab4-d89a97646faf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.515599Z", + "modified": "2025-02-04T00:36:42.515599Z", + "name": "CVE-2025-24559", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.15.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24559" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--404a3963-c743-49c4-a37f-0bbe5a5a173c.json b/objects/vulnerability/vulnerability--404a3963-c743-49c4-a37f-0bbe5a5a173c.json new file mode 100644 index 00000000000..a547aa8255a --- /dev/null +++ b/objects/vulnerability/vulnerability--404a3963-c743-49c4-a37f-0bbe5a5a173c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d85612b4-5294-4fcd-b135-bbc8da00d4b2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--404a3963-c743-49c4-a37f-0bbe5a5a173c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.723518Z", + "modified": "2025-02-04T00:36:31.723518Z", + "name": "CVE-2024-12510", + "description": "If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12510" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--405a5c9b-b25f-418e-9f5f-89d09c928e23.json b/objects/vulnerability/vulnerability--405a5c9b-b25f-418e-9f5f-89d09c928e23.json new file mode 100644 index 00000000000..183fba5c2e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--405a5c9b-b25f-418e-9f5f-89d09c928e23.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--763912f7-0eb7-4e4f-a9a8-ba0275c9da0c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--405a5c9b-b25f-418e-9f5f-89d09c928e23", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.376957Z", + "modified": "2025-02-04T00:36:32.376957Z", + "name": "CVE-2024-57498", + "description": "Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57498" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41afc89d-cd40-447c-bb9b-6e4057216471.json b/objects/vulnerability/vulnerability--41afc89d-cd40-447c-bb9b-6e4057216471.json new file mode 100644 index 00000000000..42ab4776faf --- /dev/null +++ b/objects/vulnerability/vulnerability--41afc89d-cd40-447c-bb9b-6e4057216471.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0edfdf82-097b-4743-aa7a-d4898c40d9ab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41afc89d-cd40-447c-bb9b-6e4057216471", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.752098Z", + "modified": "2025-02-04T00:36:32.752098Z", + "name": "CVE-2024-13347", + "description": "The Essential WP Real Estate WordPress plugin through 1.1.3 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13347" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--43a0ec15-95bf-4e33-8cd2-5805940961dd.json b/objects/vulnerability/vulnerability--43a0ec15-95bf-4e33-8cd2-5805940961dd.json new file mode 100644 index 00000000000..7efbf70a9ac --- /dev/null +++ b/objects/vulnerability/vulnerability--43a0ec15-95bf-4e33-8cd2-5805940961dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--889b64d7-cc74-48c1-93ef-a0a6ad3e50bc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--43a0ec15-95bf-4e33-8cd2-5805940961dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.371256Z", + "modified": "2025-02-04T00:36:42.371256Z", + "name": "CVE-2025-22260", + "description": "Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22260" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45754ac4-328d-4477-976c-204a466abfef.json b/objects/vulnerability/vulnerability--45754ac4-328d-4477-976c-204a466abfef.json new file mode 100644 index 00000000000..4ae5b953000 --- /dev/null +++ b/objects/vulnerability/vulnerability--45754ac4-328d-4477-976c-204a466abfef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2421aaa-17ba-4731-8a27-0f971fb925d2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45754ac4-328d-4477-976c-204a466abfef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.345046Z", + "modified": "2025-02-04T00:36:32.345046Z", + "name": "CVE-2024-57238", + "description": "Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57238" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4929795a-16c8-4cbd-8a41-b9d467144ea7.json b/objects/vulnerability/vulnerability--4929795a-16c8-4cbd-8a41-b9d467144ea7.json new file mode 100644 index 00000000000..d8abcc66b85 --- /dev/null +++ b/objects/vulnerability/vulnerability--4929795a-16c8-4cbd-8a41-b9d467144ea7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ae8d4cd0-20f2-47eb-b929-021201bcdca2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4929795a-16c8-4cbd-8a41-b9d467144ea7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.498955Z", + "modified": "2025-02-04T00:36:42.498955Z", + "name": "CVE-2025-24707", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3 Photo Gallery Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery allows Reflected XSS. This issue affects Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery: from n/a through 2.7.7.24.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24707" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a82dc6c-2049-46b1-b243-07a98ca66bcc.json b/objects/vulnerability/vulnerability--4a82dc6c-2049-46b1-b243-07a98ca66bcc.json new file mode 100644 index 00000000000..75cb4eac2f6 --- /dev/null +++ b/objects/vulnerability/vulnerability--4a82dc6c-2049-46b1-b243-07a98ca66bcc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cbde89f2-d168-424b-ab78-53e9018a33f4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a82dc6c-2049-46b1-b243-07a98ca66bcc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:33.834288Z", + "modified": "2025-02-04T00:36:33.834288Z", + "name": "CVE-2024-49837", + "description": "Memory corruption while reading CPU state data during guest VM suspend.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49837" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c02bb01-8e1f-49b0-8548-5090eb3898db.json b/objects/vulnerability/vulnerability--4c02bb01-8e1f-49b0-8548-5090eb3898db.json new file mode 100644 index 00000000000..f6322b9bcd4 --- /dev/null +++ b/objects/vulnerability/vulnerability--4c02bb01-8e1f-49b0-8548-5090eb3898db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2f808a0-2165-4c57-a047-db2d45a1f433", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c02bb01-8e1f-49b0-8548-5090eb3898db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.482422Z", + "modified": "2025-02-04T00:36:42.482422Z", + "name": "CVE-2025-25065", + "description": "SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25065" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d233d6e-eaef-4f1c-8a8d-baf19d4de7ef.json b/objects/vulnerability/vulnerability--4d233d6e-eaef-4f1c-8a8d-baf19d4de7ef.json new file mode 100644 index 00000000000..ca5fd83ddc0 --- /dev/null +++ b/objects/vulnerability/vulnerability--4d233d6e-eaef-4f1c-8a8d-baf19d4de7ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4705d46d-3764-419c-a91d-c90fa1cce381", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d233d6e-eaef-4f1c-8a8d-baf19d4de7ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:34.143455Z", + "modified": "2025-02-04T00:36:34.143455Z", + "name": "CVE-2024-11132", + "description": "The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11132" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d48da99-d331-44be-8a7d-bc109591abc6.json b/objects/vulnerability/vulnerability--4d48da99-d331-44be-8a7d-bc109591abc6.json new file mode 100644 index 00000000000..1b47f95d960 --- /dev/null +++ b/objects/vulnerability/vulnerability--4d48da99-d331-44be-8a7d-bc109591abc6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dc35f102-b795-4094-a289-a2cf810a4980", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d48da99-d331-44be-8a7d-bc109591abc6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.859015Z", + "modified": "2025-02-04T00:36:32.859015Z", + "name": "CVE-2024-56161", + "description": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56161" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5162f8ad-2b4f-41aa-a6e1-f913e12c2eb2.json b/objects/vulnerability/vulnerability--5162f8ad-2b4f-41aa-a6e1-f913e12c2eb2.json new file mode 100644 index 00000000000..5eb06d70677 --- /dev/null +++ b/objects/vulnerability/vulnerability--5162f8ad-2b4f-41aa-a6e1-f913e12c2eb2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a3b54e9f-47ca-43d4-9d4d-8827c27de2c9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5162f8ad-2b4f-41aa-a6e1-f913e12c2eb2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.55862Z", + "modified": "2025-02-04T00:36:42.55862Z", + "name": "CVE-2025-24676", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metatagg Inc Custom WP Store Locator allows Reflected XSS. This issue affects Custom WP Store Locator: from n/a through 1.4.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24676" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5247c33e-c2cd-444e-8535-06fdc10a47e2.json b/objects/vulnerability/vulnerability--5247c33e-c2cd-444e-8535-06fdc10a47e2.json new file mode 100644 index 00000000000..1cd37b34602 --- /dev/null +++ b/objects/vulnerability/vulnerability--5247c33e-c2cd-444e-8535-06fdc10a47e2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--264b7300-1d7c-4ec4-bfca-7a12753e6b00", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5247c33e-c2cd-444e-8535-06fdc10a47e2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.352218Z", + "modified": "2025-02-04T00:36:32.352218Z", + "name": "CVE-2024-57451", + "description": "ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57451" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--533cb943-31b2-4941-90cb-d3fd4624e255.json b/objects/vulnerability/vulnerability--533cb943-31b2-4941-90cb-d3fd4624e255.json new file mode 100644 index 00000000000..d7fe24b6bd7 --- /dev/null +++ b/objects/vulnerability/vulnerability--533cb943-31b2-4941-90cb-d3fd4624e255.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b24c951-0161-48d1-a0f7-3313cca80173", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--533cb943-31b2-4941-90cb-d3fd4624e255", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.530409Z", + "modified": "2025-02-04T00:36:42.530409Z", + "name": "CVE-2025-24962", + "description": "reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user input and monitor the project for a new release.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24962" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--55ae5c95-434d-4645-bd76-94dc9e5fd961.json b/objects/vulnerability/vulnerability--55ae5c95-434d-4645-bd76-94dc9e5fd961.json new file mode 100644 index 00000000000..7d2fb5bc90f --- /dev/null +++ b/objects/vulnerability/vulnerability--55ae5c95-434d-4645-bd76-94dc9e5fd961.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f70dba13-fec9-42fa-9d3c-949d8191d5a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--55ae5c95-434d-4645-bd76-94dc9e5fd961", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.936429Z", + "modified": "2025-02-04T00:36:31.936429Z", + "name": "CVE-2024-45571", + "description": "Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45571" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--57b01de3-fb49-4a79-8d6c-7136822546d1.json b/objects/vulnerability/vulnerability--57b01de3-fb49-4a79-8d6c-7136822546d1.json new file mode 100644 index 00000000000..60978932a6d --- /dev/null +++ b/objects/vulnerability/vulnerability--57b01de3-fb49-4a79-8d6c-7136822546d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36b7e356-bcfa-44c1-ac24-b51ab461138e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57b01de3-fb49-4a79-8d6c-7136822546d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.596403Z", + "modified": "2025-02-04T00:36:42.596403Z", + "name": "CVE-2025-0148", + "description": "Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0148" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--57ebeec9-d99b-415e-a251-b489354f1511.json b/objects/vulnerability/vulnerability--57ebeec9-d99b-415e-a251-b489354f1511.json new file mode 100644 index 00000000000..35de0572f70 --- /dev/null +++ b/objects/vulnerability/vulnerability--57ebeec9-d99b-415e-a251-b489354f1511.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aed7af57-3b68-43a5-bf59-a5c4b401b2db", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57ebeec9-d99b-415e-a251-b489354f1511", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.547944Z", + "modified": "2025-02-04T00:36:42.547944Z", + "name": "CVE-2025-24901", + "description": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24901" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5af08757-ac8b-4c75-9ccc-6fcc82e95496.json b/objects/vulnerability/vulnerability--5af08757-ac8b-4c75-9ccc-6fcc82e95496.json new file mode 100644 index 00000000000..dad5f5c2bdc --- /dev/null +++ b/objects/vulnerability/vulnerability--5af08757-ac8b-4c75-9ccc-6fcc82e95496.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d513b4b-8ff6-4376-9d64-c789353091c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5af08757-ac8b-4c75-9ccc-6fcc82e95496", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.332243Z", + "modified": "2025-02-04T00:36:32.332243Z", + "name": "CVE-2024-10395", + "description": "No proper validation of the length of user input in http_server_get_content_type_from_extension.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10395" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b5153b7-8be1-4967-b7ec-f487643e190c.json b/objects/vulnerability/vulnerability--5b5153b7-8be1-4967-b7ec-f487643e190c.json new file mode 100644 index 00000000000..0498e500c08 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b5153b7-8be1-4967-b7ec-f487643e190c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--64aebc54-dea5-4034-be38-89599a8e2347", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b5153b7-8be1-4967-b7ec-f487643e190c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:34.153711Z", + "modified": "2025-02-04T00:36:34.153711Z", + "name": "CVE-2024-11133", + "description": "The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11133" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5ce237cf-90df-4577-a8b5-e86c4b514f7e.json b/objects/vulnerability/vulnerability--5ce237cf-90df-4577-a8b5-e86c4b514f7e.json new file mode 100644 index 00000000000..d8914caeb1a --- /dev/null +++ b/objects/vulnerability/vulnerability--5ce237cf-90df-4577-a8b5-e86c4b514f7e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ed3cdbf-500b-49ee-882e-f9d1d4d79a4f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5ce237cf-90df-4577-a8b5-e86c4b514f7e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.553016Z", + "modified": "2025-02-04T00:36:42.553016Z", + "name": "CVE-2025-24905", + "description": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_codigobarras_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24905" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5df686d6-2514-4256-b97f-07f1cf5e192f.json b/objects/vulnerability/vulnerability--5df686d6-2514-4256-b97f-07f1cf5e192f.json new file mode 100644 index 00000000000..5b6a7411050 --- /dev/null +++ b/objects/vulnerability/vulnerability--5df686d6-2514-4256-b97f-07f1cf5e192f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ab62cee7-7f92-477e-baf5-ed8bfed7e46b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5df686d6-2514-4256-b97f-07f1cf5e192f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.387911Z", + "modified": "2025-02-04T00:36:32.387911Z", + "name": "CVE-2024-57450", + "description": "ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57450" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61e8ed77-cbed-4786-befb-31e8fdf7f2ef.json b/objects/vulnerability/vulnerability--61e8ed77-cbed-4786-befb-31e8fdf7f2ef.json new file mode 100644 index 00000000000..e288c79b8bf --- /dev/null +++ b/objects/vulnerability/vulnerability--61e8ed77-cbed-4786-befb-31e8fdf7f2ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1cf0f71c-f3c3-4707-b2ce-1d2b350d080a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61e8ed77-cbed-4786-befb-31e8fdf7f2ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.965026Z", + "modified": "2025-02-04T00:36:31.965026Z", + "name": "CVE-2024-45582", + "description": "Memory corruption while validating number of devices in Camera kernel .", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45582" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--633e56fa-0483-45d3-94e6-e17c902b8933.json b/objects/vulnerability/vulnerability--633e56fa-0483-45d3-94e6-e17c902b8933.json new file mode 100644 index 00000000000..ac01830eae1 --- /dev/null +++ b/objects/vulnerability/vulnerability--633e56fa-0483-45d3-94e6-e17c902b8933.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b3d5cca-cf9f-48a8-b606-3be48eb0b11e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--633e56fa-0483-45d3-94e6-e17c902b8933", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.375802Z", + "modified": "2025-02-04T00:36:42.375802Z", + "name": "CVE-2025-22695", + "description": "Authorization Bypass Through User-Controlled Key vulnerability in NirWp Team Nirweb support. This issue affects Nirweb support: from n/a through 3.0.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22695" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--678d4706-e2e9-4111-9c59-3ed6b6c394d9.json b/objects/vulnerability/vulnerability--678d4706-e2e9-4111-9c59-3ed6b6c394d9.json new file mode 100644 index 00000000000..8d3dc91b00c --- /dev/null +++ b/objects/vulnerability/vulnerability--678d4706-e2e9-4111-9c59-3ed6b6c394d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d4a6fd32-03fa-432d-9fb4-3ad383f4631f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--678d4706-e2e9-4111-9c59-3ed6b6c394d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.506283Z", + "modified": "2025-02-04T00:36:42.506283Z", + "name": "CVE-2025-24541", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emili Castells DK White Label allows Reflected XSS. This issue affects DK White Label: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24541" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6b7aaa9a-45ec-430e-b57c-77284ee2ea9e.json b/objects/vulnerability/vulnerability--6b7aaa9a-45ec-430e-b57c-77284ee2ea9e.json new file mode 100644 index 00000000000..2c2211b877e --- /dev/null +++ b/objects/vulnerability/vulnerability--6b7aaa9a-45ec-430e-b57c-77284ee2ea9e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0e878222-e7f8-4a15-8238-a9e2f38ab222", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6b7aaa9a-45ec-430e-b57c-77284ee2ea9e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.790504Z", + "modified": "2025-02-04T00:36:32.790504Z", + "name": "CVE-2024-53943", + "description": "An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID field. If an administrator logs into the device, the injected script runs in their browser, executing the malicious payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53943" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c0e205f-5d1a-412b-9d2c-ee14bd5eedd2.json b/objects/vulnerability/vulnerability--6c0e205f-5d1a-412b-9d2c-ee14bd5eedd2.json new file mode 100644 index 00000000000..9721785274e --- /dev/null +++ b/objects/vulnerability/vulnerability--6c0e205f-5d1a-412b-9d2c-ee14bd5eedd2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79d39006-dd2e-4245-a193-28a9969ff231", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c0e205f-5d1a-412b-9d2c-ee14bd5eedd2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.489464Z", + "modified": "2025-02-04T00:36:42.489464Z", + "name": "CVE-2025-24630", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Sikshya LMS allows Reflected XSS. This issue affects Sikshya LMS: from n/a through 0.0.21.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24630" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c493e55-a843-411b-9b4f-8ee8f764ec61.json b/objects/vulnerability/vulnerability--6c493e55-a843-411b-9b4f-8ee8f764ec61.json new file mode 100644 index 00000000000..a824cc0676e --- /dev/null +++ b/objects/vulnerability/vulnerability--6c493e55-a843-411b-9b4f-8ee8f764ec61.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84bb4dde-6e63-4223-8abc-1e6ef1280c69", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c493e55-a843-411b-9b4f-8ee8f764ec61", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.640265Z", + "modified": "2025-02-04T00:36:42.640265Z", + "name": "CVE-2025-20642", + "description": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20642" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6ea948ff-e496-4b11-8e4d-bea0b95291da.json b/objects/vulnerability/vulnerability--6ea948ff-e496-4b11-8e4d-bea0b95291da.json new file mode 100644 index 00000000000..b00a22e0e66 --- /dev/null +++ b/objects/vulnerability/vulnerability--6ea948ff-e496-4b11-8e4d-bea0b95291da.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7771c15-9dd8-4a17-81e8-c8bc8574931b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6ea948ff-e496-4b11-8e4d-bea0b95291da", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.652842Z", + "modified": "2025-02-04T00:36:42.652842Z", + "name": "CVE-2025-20635", + "description": "In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20635" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7091b74d-e16e-432d-96f2-045b83284a98.json b/objects/vulnerability/vulnerability--7091b74d-e16e-432d-96f2-045b83284a98.json new file mode 100644 index 00000000000..3d530980c85 --- /dev/null +++ b/objects/vulnerability/vulnerability--7091b74d-e16e-432d-96f2-045b83284a98.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41628ec1-1103-47ab-88f6-23eb9b9eeacf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7091b74d-e16e-432d-96f2-045b83284a98", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.495636Z", + "modified": "2025-02-04T00:36:42.495636Z", + "name": "CVE-2025-24661", + "description": "Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Object Injection. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.1.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24661" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72175004-ed3f-4fe2-8d7c-629b124ae870.json b/objects/vulnerability/vulnerability--72175004-ed3f-4fe2-8d7c-629b124ae870.json new file mode 100644 index 00000000000..28fba0aa490 --- /dev/null +++ b/objects/vulnerability/vulnerability--72175004-ed3f-4fe2-8d7c-629b124ae870.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a356ca79-0c2b-4d68-94bf-69839eac7f52", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72175004-ed3f-4fe2-8d7c-629b124ae870", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.475921Z", + "modified": "2025-02-04T00:36:42.475921Z", + "name": "CVE-2025-25064", + "description": "SQL injection vulnerability in the ZimbraSyncService SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25064" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--72eacb6c-a7e4-4fbc-98fe-3d32486e8fa1.json b/objects/vulnerability/vulnerability--72eacb6c-a7e4-4fbc-98fe-3d32486e8fa1.json new file mode 100644 index 00000000000..856b087a5e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--72eacb6c-a7e4-4fbc-98fe-3d32486e8fa1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--acbd77b4-0e87-4523-a5d0-f5dd614516fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--72eacb6c-a7e4-4fbc-98fe-3d32486e8fa1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.634382Z", + "modified": "2025-02-04T00:36:42.634382Z", + "name": "CVE-2025-20637", + "description": "In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID: MSV-2380.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20637" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--738664d1-6377-443f-879d-80a13a856ea0.json b/objects/vulnerability/vulnerability--738664d1-6377-443f-879d-80a13a856ea0.json new file mode 100644 index 00000000000..3f78b03d53a --- /dev/null +++ b/objects/vulnerability/vulnerability--738664d1-6377-443f-879d-80a13a856ea0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36dde769-a442-4c09-8a34-d6e1fe3541f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--738664d1-6377-443f-879d-80a13a856ea0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.528155Z", + "modified": "2025-02-04T00:36:42.528155Z", + "name": "CVE-2025-24781", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WPJobBoard allows Reflected XSS. This issue affects WPJobBoard: from n/a through 5.10.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24781" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--746fc469-3f91-4883-bb84-db14e74f4562.json b/objects/vulnerability/vulnerability--746fc469-3f91-4883-bb84-db14e74f4562.json new file mode 100644 index 00000000000..522cafaa48d --- /dev/null +++ b/objects/vulnerability/vulnerability--746fc469-3f91-4883-bb84-db14e74f4562.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7cbb0f65-5835-4863-9eda-b0e99c8b95e5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--746fc469-3f91-4883-bb84-db14e74f4562", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:33.851352Z", + "modified": "2025-02-04T00:36:33.851352Z", + "name": "CVE-2024-49832", + "description": "Memory corruption in Camera due to unusually high number of nodes passed to AXI port.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49832" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--74d1a8e7-35f3-4d8c-a980-18812594ab3d.json b/objects/vulnerability/vulnerability--74d1a8e7-35f3-4d8c-a980-18812594ab3d.json new file mode 100644 index 00000000000..a8f8fb53e2c --- /dev/null +++ b/objects/vulnerability/vulnerability--74d1a8e7-35f3-4d8c-a980-18812594ab3d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--60037bd9-ccb9-4cc3-a50b-de229fdd95e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--74d1a8e7-35f3-4d8c-a980-18812594ab3d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.865437Z", + "modified": "2025-02-04T00:36:32.865437Z", + "name": "CVE-2024-56903", + "description": "A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to execute arbitrary operations via supplying a crafted HTTP request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56903" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--758d4c68-dffc-4e04-8eb2-d938698c9183.json b/objects/vulnerability/vulnerability--758d4c68-dffc-4e04-8eb2-d938698c9183.json new file mode 100644 index 00000000000..631e36cbc1a --- /dev/null +++ b/objects/vulnerability/vulnerability--758d4c68-dffc-4e04-8eb2-d938698c9183.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc29dc35-b6ad-4977-9df0-725a9a3fb7f0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--758d4c68-dffc-4e04-8eb2-d938698c9183", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:34.261738Z", + "modified": "2025-02-04T00:36:34.261738Z", + "name": "CVE-2024-43333", + "description": "Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.2.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43333" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--76abc95f-f4c3-4809-a2c8-8658d479389e.json b/objects/vulnerability/vulnerability--76abc95f-f4c3-4809-a2c8-8658d479389e.json new file mode 100644 index 00000000000..8186fe9b61e --- /dev/null +++ b/objects/vulnerability/vulnerability--76abc95f-f4c3-4809-a2c8-8658d479389e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6faa849e-98b4-4e7a-9197-98794228e332", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--76abc95f-f4c3-4809-a2c8-8658d479389e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.369445Z", + "modified": "2025-02-04T00:36:32.369445Z", + "name": "CVE-2024-57099", + "description": "ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57099" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c18e639-6f22-41f6-83dd-18a818854ccb.json b/objects/vulnerability/vulnerability--7c18e639-6f22-41f6-83dd-18a818854ccb.json new file mode 100644 index 00000000000..75e202646c0 --- /dev/null +++ b/objects/vulnerability/vulnerability--7c18e639-6f22-41f6-83dd-18a818854ccb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--670a3260-db44-4749-89ef-de21e75aaff0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c18e639-6f22-41f6-83dd-18a818854ccb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.361905Z", + "modified": "2025-02-04T00:36:42.361905Z", + "name": "CVE-2025-22775", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in idIA Tech Catalog Importer, Scraper & Crawler allows Reflected XSS. This issue affects Catalog Importer, Scraper & Crawler: from n/a through 5.1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22775" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d17001f-b367-4a21-9a04-4347d7bb33a0.json b/objects/vulnerability/vulnerability--7d17001f-b367-4a21-9a04-4347d7bb33a0.json new file mode 100644 index 00000000000..f7386a51e26 --- /dev/null +++ b/objects/vulnerability/vulnerability--7d17001f-b367-4a21-9a04-4347d7bb33a0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9ffc8e7b-2192-4e1d-81c8-1dc977b16b33", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d17001f-b367-4a21-9a04-4347d7bb33a0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.356283Z", + "modified": "2025-02-04T00:36:42.356283Z", + "name": "CVE-2025-22701", + "description": "Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22701" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ffa85c6-7dc9-431e-9ed5-fdc20a3da98b.json b/objects/vulnerability/vulnerability--7ffa85c6-7dc9-431e-9ed5-fdc20a3da98b.json new file mode 100644 index 00000000000..6ddc76f9f32 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ffa85c6-7dc9-431e-9ed5-fdc20a3da98b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--335e52a7-2df4-4944-b5a1-7f1deb0d5b2e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ffa85c6-7dc9-431e-9ed5-fdc20a3da98b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.855986Z", + "modified": "2025-02-04T00:36:32.855986Z", + "name": "CVE-2024-56902", + "description": "An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to be able to request information about other accounts via a crafted HTTP request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56902" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8232d031-bbb1-4972-94fe-971673890a1d.json b/objects/vulnerability/vulnerability--8232d031-bbb1-4972-94fe-971673890a1d.json new file mode 100644 index 00000000000..2ed73f425f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--8232d031-bbb1-4972-94fe-971673890a1d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e655f60d-bda8-42c4-ac19-434df39a983b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8232d031-bbb1-4972-94fe-971673890a1d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.649339Z", + "modified": "2025-02-04T00:36:42.649339Z", + "name": "CVE-2025-20638", + "description": "In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20638" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--84e1cda9-a0f1-429f-9c90-dcd065d424d6.json b/objects/vulnerability/vulnerability--84e1cda9-a0f1-429f-9c90-dcd065d424d6.json new file mode 100644 index 00000000000..18c8c1008ce --- /dev/null +++ b/objects/vulnerability/vulnerability--84e1cda9-a0f1-429f-9c90-dcd065d424d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--36af9a8a-00da-4e11-8720-52503fcfe4f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--84e1cda9-a0f1-429f-9c90-dcd065d424d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.383031Z", + "modified": "2025-02-04T00:36:32.383031Z", + "name": "CVE-2024-57175", + "description": "A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57175" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--880e6eba-f000-421c-a12b-1606753a5718.json b/objects/vulnerability/vulnerability--880e6eba-f000-421c-a12b-1606753a5718.json new file mode 100644 index 00000000000..dc6583e067e --- /dev/null +++ b/objects/vulnerability/vulnerability--880e6eba-f000-421c-a12b-1606753a5718.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fce11fdd-f4f6-4342-bcf1-ed2244b2c0cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--880e6eba-f000-421c-a12b-1606753a5718", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.350832Z", + "modified": "2025-02-04T00:36:32.350832Z", + "name": "CVE-2024-57098", + "description": "Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57098" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8887b25b-bebf-42e2-bc4a-e40a6d412ea6.json b/objects/vulnerability/vulnerability--8887b25b-bebf-42e2-bc4a-e40a6d412ea6.json new file mode 100644 index 00000000000..f9ed024bec7 --- /dev/null +++ b/objects/vulnerability/vulnerability--8887b25b-bebf-42e2-bc4a-e40a6d412ea6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82112f80-2c77-4457-865a-9441deedc698", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8887b25b-bebf-42e2-bc4a-e40a6d412ea6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.545986Z", + "modified": "2025-02-04T00:36:42.545986Z", + "name": "CVE-2025-24656", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Realtyna Realtyna Provisioning allows Reflected XSS. This issue affects Realtyna Provisioning: from n/a through 1.2.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24656" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--889cb56a-91d8-4710-ad41-44ecffa2fb54.json b/objects/vulnerability/vulnerability--889cb56a-91d8-4710-ad41-44ecffa2fb54.json new file mode 100644 index 00000000000..dada560390b --- /dev/null +++ b/objects/vulnerability/vulnerability--889cb56a-91d8-4710-ad41-44ecffa2fb54.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7543fe6d-5b44-41e9-b850-06ca6347478e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--889cb56a-91d8-4710-ad41-44ecffa2fb54", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.569789Z", + "modified": "2025-02-04T00:36:42.569789Z", + "name": "CVE-2025-24556", + "description": "Insertion of Sensitive Information into Log File vulnerability in DualCube MooWoodle allows Retrieve Embedded Sensitive Data. This issue affects MooWoodle: from n/a through 3.2.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24556" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--89d32fd8-6a9d-4a1e-8942-f3247160f3b9.json b/objects/vulnerability/vulnerability--89d32fd8-6a9d-4a1e-8942-f3247160f3b9.json new file mode 100644 index 00000000000..92388d98f5c --- /dev/null +++ b/objects/vulnerability/vulnerability--89d32fd8-6a9d-4a1e-8942-f3247160f3b9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d39e924-ed3e-486e-ba71-400c339ace5e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--89d32fd8-6a9d-4a1e-8942-f3247160f3b9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.665505Z", + "modified": "2025-02-04T00:36:42.665505Z", + "name": "CVE-2025-20633", + "description": "In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00400889; Issue ID: MSV-2491.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20633" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8ac8aa6c-034d-4beb-aedd-ab752f512562.json b/objects/vulnerability/vulnerability--8ac8aa6c-034d-4beb-aedd-ab752f512562.json new file mode 100644 index 00000000000..73e565a4913 --- /dev/null +++ b/objects/vulnerability/vulnerability--8ac8aa6c-034d-4beb-aedd-ab752f512562.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b7233d2-ce8a-435b-9c2c-42469e1f42af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8ac8aa6c-034d-4beb-aedd-ab752f512562", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:34.160501Z", + "modified": "2025-02-04T00:36:34.160501Z", + "name": "CVE-2024-11134", + "description": "The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to download bookings, which contains customers' personal data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11134" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8b077b07-c888-42ec-bed1-b7e372d3a527.json b/objects/vulnerability/vulnerability--8b077b07-c888-42ec-bed1-b7e372d3a527.json new file mode 100644 index 00000000000..3aaae811045 --- /dev/null +++ b/objects/vulnerability/vulnerability--8b077b07-c888-42ec-bed1-b7e372d3a527.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6de983e1-bb4a-455c-9919-75cea440c2da", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8b077b07-c888-42ec-bed1-b7e372d3a527", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.359679Z", + "modified": "2025-02-04T00:36:32.359679Z", + "name": "CVE-2024-57097", + "description": "ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57097" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8b2bf415-1b64-43bf-ae77-15ab070dcf6f.json b/objects/vulnerability/vulnerability--8b2bf415-1b64-43bf-ae77-15ab070dcf6f.json new file mode 100644 index 00000000000..4d280189b89 --- /dev/null +++ b/objects/vulnerability/vulnerability--8b2bf415-1b64-43bf-ae77-15ab070dcf6f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--06ade591-a802-41f2-b517-701bcc8780b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8b2bf415-1b64-43bf-ae77-15ab070dcf6f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.377644Z", + "modified": "2025-02-04T00:36:42.377644Z", + "name": "CVE-2025-22703", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder allows Stored XSS. This issue affects Forge – Front-End Page Builder: from n/a through 1.4.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22703" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8f6fec8d-a8f4-471a-b01c-5c47bf8ccb5b.json b/objects/vulnerability/vulnerability--8f6fec8d-a8f4-471a-b01c-5c47bf8ccb5b.json new file mode 100644 index 00000000000..059516df242 --- /dev/null +++ b/objects/vulnerability/vulnerability--8f6fec8d-a8f4-471a-b01c-5c47bf8ccb5b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--12a8daa0-aa13-42b8-83ae-b639c28515e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8f6fec8d-a8f4-471a-b01c-5c47bf8ccb5b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.492588Z", + "modified": "2025-02-04T00:36:42.492588Z", + "name": "CVE-2025-24961", + "description": "org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been addressed in version 2.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24961" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8f709251-797f-4746-a403-f8cda00e34b6.json b/objects/vulnerability/vulnerability--8f709251-797f-4746-a403-f8cda00e34b6.json new file mode 100644 index 00000000000..ff52d0b048b --- /dev/null +++ b/objects/vulnerability/vulnerability--8f709251-797f-4746-a403-f8cda00e34b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d2defc7-9d73-4503-b48f-8b1bbb663a1e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8f709251-797f-4746-a403-f8cda00e34b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.358274Z", + "modified": "2025-02-04T00:36:42.358274Z", + "name": "CVE-2025-22684", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hakan Ozevin WP BASE Booking allows Stored XSS. This issue affects WP BASE Booking: from n/a through 5.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22684" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--909b84be-ebc0-4de1-8de0-734929872e83.json b/objects/vulnerability/vulnerability--909b84be-ebc0-4de1-8de0-734929872e83.json new file mode 100644 index 00000000000..662d8191725 --- /dev/null +++ b/objects/vulnerability/vulnerability--909b84be-ebc0-4de1-8de0-734929872e83.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ab80060-b3a3-4236-8509-1ad00e3adbe1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--909b84be-ebc0-4de1-8de0-734929872e83", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:33.886345Z", + "modified": "2025-02-04T00:36:33.886345Z", + "name": "CVE-2024-49843", + "description": "Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49843" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--917adc7b-8a49-4e84-a8e4-bd387e6730ff.json b/objects/vulnerability/vulnerability--917adc7b-8a49-4e84-a8e4-bd387e6730ff.json new file mode 100644 index 00000000000..d27f7ea81c4 --- /dev/null +++ b/objects/vulnerability/vulnerability--917adc7b-8a49-4e84-a8e4-bd387e6730ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--642cfb1f-121a-4f59-bfaf-a2b9eb93b92a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--917adc7b-8a49-4e84-a8e4-bd387e6730ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.350868Z", + "modified": "2025-02-04T00:36:42.350868Z", + "name": "CVE-2025-22686", + "description": "Missing Authorization vulnerability in GSheetConnector CF7 Google Sheets Connector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CF7 Google Sheets Connector: from n/a through 5.0.17.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22686" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--92cca811-91a9-49b4-abb5-43b55a532430.json b/objects/vulnerability/vulnerability--92cca811-91a9-49b4-abb5-43b55a532430.json new file mode 100644 index 00000000000..5768e7b3314 --- /dev/null +++ b/objects/vulnerability/vulnerability--92cca811-91a9-49b4-abb5-43b55a532430.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--31a97a41-887a-4105-a855-f9814ea49e2c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--92cca811-91a9-49b4-abb5-43b55a532430", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.392652Z", + "modified": "2025-02-04T00:36:32.392652Z", + "name": "CVE-2024-57968", + "description": "Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57968" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--94254347-0ef8-40d3-a54c-dc403033bcbb.json b/objects/vulnerability/vulnerability--94254347-0ef8-40d3-a54c-dc403033bcbb.json new file mode 100644 index 00000000000..a3021c55856 --- /dev/null +++ b/objects/vulnerability/vulnerability--94254347-0ef8-40d3-a54c-dc403033bcbb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff68ecde-5ea7-4608-b0d5-f4323e926215", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--94254347-0ef8-40d3-a54c-dc403033bcbb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.564795Z", + "modified": "2025-02-04T00:36:42.564795Z", + "name": "CVE-2025-24574", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pepro Dev. Group PeproDev WooCommerce Receipt Uploader allows Reflected XSS. This issue affects PeproDev WooCommerce Receipt Uploader: from n/a through 2.6.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24574" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96fd3555-08c8-47fd-a833-12400896ce82.json b/objects/vulnerability/vulnerability--96fd3555-08c8-47fd-a833-12400896ce82.json new file mode 100644 index 00000000000..17833b6ff66 --- /dev/null +++ b/objects/vulnerability/vulnerability--96fd3555-08c8-47fd-a833-12400896ce82.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9a8ded9-af71-4250-996a-abcdeecfac32", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96fd3555-08c8-47fd-a833-12400896ce82", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.462518Z", + "modified": "2025-02-04T00:36:42.462518Z", + "name": "CVE-2025-23527", + "description": "Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WC Wallet: from n/a through 2.2.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23527" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--97c33bc5-900d-4103-bc2a-a80125ddc56c.json b/objects/vulnerability/vulnerability--97c33bc5-900d-4103-bc2a-a80125ddc56c.json new file mode 100644 index 00000000000..d3cb705e5c2 --- /dev/null +++ b/objects/vulnerability/vulnerability--97c33bc5-900d-4103-bc2a-a80125ddc56c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ee316392-3bac-4565-9132-6c6fe786d1f7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--97c33bc5-900d-4103-bc2a-a80125ddc56c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.374546Z", + "modified": "2025-02-04T00:36:32.374546Z", + "name": "CVE-2024-57967", + "description": "PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57967" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9899f57c-e3f6-4378-b38e-0936f447e2b6.json b/objects/vulnerability/vulnerability--9899f57c-e3f6-4378-b38e-0936f447e2b6.json new file mode 100644 index 00000000000..218a58a2d4f --- /dev/null +++ b/objects/vulnerability/vulnerability--9899f57c-e3f6-4378-b38e-0936f447e2b6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--676ae07d-fc54-4383-96d9-231887f28ee7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9899f57c-e3f6-4378-b38e-0936f447e2b6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.504537Z", + "modified": "2025-02-04T00:36:42.504537Z", + "name": "CVE-2025-24620", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound AIO Shortcodes allows Stored XSS. This issue affects AIO Shortcodes: from n/a through 1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24620" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--998363c2-9b86-445f-9ccc-ad237cdb0eab.json b/objects/vulnerability/vulnerability--998363c2-9b86-445f-9ccc-ad237cdb0eab.json new file mode 100644 index 00000000000..cf5b636e06e --- /dev/null +++ b/objects/vulnerability/vulnerability--998363c2-9b86-445f-9ccc-ad237cdb0eab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--285ffcb8-cb52-44ef-bce7-859ae8338ef5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--998363c2-9b86-445f-9ccc-ad237cdb0eab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:33.862376Z", + "modified": "2025-02-04T00:36:33.862376Z", + "name": "CVE-2024-49839", + "description": "Memory corruption during management frame processing due to mismatch in T2LM info element.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49839" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99854090-5ab8-46ae-89f2-9131702e6c20.json b/objects/vulnerability/vulnerability--99854090-5ab8-46ae-89f2-9131702e6c20.json new file mode 100644 index 00000000000..d601e1f4fa8 --- /dev/null +++ b/objects/vulnerability/vulnerability--99854090-5ab8-46ae-89f2-9131702e6c20.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8e9933cb-d917-486e-825f-9d2204436a99", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99854090-5ab8-46ae-89f2-9131702e6c20", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.523278Z", + "modified": "2025-02-04T00:36:42.523278Z", + "name": "CVE-2025-24899", + "description": "reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24899" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9af849a1-877b-4b06-bd76-5e91641ef349.json b/objects/vulnerability/vulnerability--9af849a1-877b-4b06-bd76-5e91641ef349.json new file mode 100644 index 00000000000..013d3c156be --- /dev/null +++ b/objects/vulnerability/vulnerability--9af849a1-877b-4b06-bd76-5e91641ef349.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--92ded8cd-8d52-4840-9539-a68ff31ba5e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9af849a1-877b-4b06-bd76-5e91641ef349", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.435149Z", + "modified": "2025-02-04T00:36:42.435149Z", + "name": "CVE-2025-23582", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Haider Ali Bulk Categories Assign allows Reflected XSS. This issue affects Bulk Categories Assign: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23582" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e57486d-e453-496d-bd9c-24e6c3bfa8ce.json b/objects/vulnerability/vulnerability--9e57486d-e453-496d-bd9c-24e6c3bfa8ce.json new file mode 100644 index 00000000000..9365a9d65c5 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e57486d-e453-496d-bd9c-24e6c3bfa8ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e06934c6-9ba8-45ca-961e-cab55726985f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e57486d-e453-496d-bd9c-24e6c3bfa8ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.480198Z", + "modified": "2025-02-04T00:36:31.480198Z", + "name": "CVE-2024-6790", + "description": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a non-privileged user process to make valid GPU memory processing operations, including via WebGL or WebGPU, to cause the whole system to become unresponsive.This issue affects Bifrost GPU Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0; Valhall GPU Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0; Arm 5th Gen GPU Architecture Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6790" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9eac4fe9-8e51-4674-9294-b5e8aa4499bc.json b/objects/vulnerability/vulnerability--9eac4fe9-8e51-4674-9294-b5e8aa4499bc.json new file mode 100644 index 00000000000..2d80fe6f151 --- /dev/null +++ b/objects/vulnerability/vulnerability--9eac4fe9-8e51-4674-9294-b5e8aa4499bc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--70835378-f61f-4b7a-a2f5-a1f17d1d7755", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9eac4fe9-8e51-4674-9294-b5e8aa4499bc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.425564Z", + "modified": "2025-02-04T00:36:32.425564Z", + "name": "CVE-2024-38414", + "description": "Information disclosure while processing information on firmware image during core initialization.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38414" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a1aa9afb-4010-40dd-be0c-8b83dbca37f6.json b/objects/vulnerability/vulnerability--a1aa9afb-4010-40dd-be0c-8b83dbca37f6.json new file mode 100644 index 00000000000..4b432552744 --- /dev/null +++ b/objects/vulnerability/vulnerability--a1aa9afb-4010-40dd-be0c-8b83dbca37f6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ffaf3d0c-fcd4-4f48-9259-75ab7f1695b7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a1aa9afb-4010-40dd-be0c-8b83dbca37f6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.431625Z", + "modified": "2025-02-04T00:36:42.431625Z", + "name": "CVE-2025-23581", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Zoom Studio Demo User DZS allows Stored XSS. This issue affects Demo User DZS: from n/a through 1.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23581" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3b05b0c-2c6d-42e2-bca6-8e092b47746f.json b/objects/vulnerability/vulnerability--a3b05b0c-2c6d-42e2-bca6-8e092b47746f.json new file mode 100644 index 00000000000..ea09f109db4 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3b05b0c-2c6d-42e2-bca6-8e092b47746f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c6a51696-3991-46ce-bb6d-f77ed2c98c94", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3b05b0c-2c6d-42e2-bca6-8e092b47746f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.409867Z", + "modified": "2025-02-04T00:36:42.409867Z", + "name": "CVE-2025-23799", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in .TUBE gTLD .TUBE Video Curator allows Reflected XSS. This issue affects .TUBE Video Curator: from n/a through 1.1.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23799" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3cd3aea-d06f-4bc9-bfdd-82ab944e096d.json b/objects/vulnerability/vulnerability--a3cd3aea-d06f-4bc9-bfdd-82ab944e096d.json new file mode 100644 index 00000000000..4c0fa65ca92 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3cd3aea-d06f-4bc9-bfdd-82ab944e096d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--98adaf3b-186f-4921-bbce-8ff76bd2aa1e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3cd3aea-d06f-4bc9-bfdd-82ab944e096d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.354124Z", + "modified": "2025-02-04T00:36:42.354124Z", + "name": "CVE-2025-22918", + "description": "Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22918" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a44afcfe-dade-456b-b2dd-b8cf8bd510cc.json b/objects/vulnerability/vulnerability--a44afcfe-dade-456b-b2dd-b8cf8bd510cc.json new file mode 100644 index 00000000000..5896751ac9d --- /dev/null +++ b/objects/vulnerability/vulnerability--a44afcfe-dade-456b-b2dd-b8cf8bd510cc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--049c929a-b23b-4149-8637-34759cad3fe6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a44afcfe-dade-456b-b2dd-b8cf8bd510cc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:37.617301Z", + "modified": "2025-02-04T00:36:37.617301Z", + "name": "CVE-2023-52163", + "description": "** UNSUPPORTED WHEN ASSIGNED ** Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52163" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a49ddb3e-cdaf-40bb-92d4-b2e39a699531.json b/objects/vulnerability/vulnerability--a49ddb3e-cdaf-40bb-92d4-b2e39a699531.json new file mode 100644 index 00000000000..5758e881d75 --- /dev/null +++ b/objects/vulnerability/vulnerability--a49ddb3e-cdaf-40bb-92d4-b2e39a699531.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55c89994-ef56-4e9f-aa0a-2feff1fa69cc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a49ddb3e-cdaf-40bb-92d4-b2e39a699531", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.352919Z", + "modified": "2025-02-04T00:36:42.352919Z", + "name": "CVE-2025-22694", + "description": "Missing Authorization vulnerability in theDotstore Hide Shipping Method For WooCommerce. This issue affects Hide Shipping Method For WooCommerce: from n/a through 1.5.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22694" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a4c56e30-2263-46bc-8bfa-4e42755801c1.json b/objects/vulnerability/vulnerability--a4c56e30-2263-46bc-8bfa-4e42755801c1.json new file mode 100644 index 00000000000..c7f5f65a20d --- /dev/null +++ b/objects/vulnerability/vulnerability--a4c56e30-2263-46bc-8bfa-4e42755801c1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f4aa5736-1cd5-4bff-b0d3-66e63f9a4f45", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a4c56e30-2263-46bc-8bfa-4e42755801c1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.702288Z", + "modified": "2025-02-04T00:36:31.702288Z", + "name": "CVE-2024-34896", + "description": "An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users who are disconnected from a previous peer-to-peer connection with the device to still have access to live video feed.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34896" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a86ff656-dac2-4264-bea4-5d526ef61150.json b/objects/vulnerability/vulnerability--a86ff656-dac2-4264-bea4-5d526ef61150.json new file mode 100644 index 00000000000..e737b6f49ac --- /dev/null +++ b/objects/vulnerability/vulnerability--a86ff656-dac2-4264-bea4-5d526ef61150.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aef5ed0e-f60b-4098-8031-3c24ace2578e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a86ff656-dac2-4264-bea4-5d526ef61150", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.952329Z", + "modified": "2025-02-04T00:36:31.952329Z", + "name": "CVE-2024-45561", + "description": "Memory corruption while handling IOCTL call from user-space to set latency level.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45561" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a90508d5-79c9-49d2-8fb7-3f865fd43dfc.json b/objects/vulnerability/vulnerability--a90508d5-79c9-49d2-8fb7-3f865fd43dfc.json new file mode 100644 index 00000000000..c19f1ae9563 --- /dev/null +++ b/objects/vulnerability/vulnerability--a90508d5-79c9-49d2-8fb7-3f865fd43dfc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18f48ef2-b8de-43fe-9b84-73e094474c69", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a90508d5-79c9-49d2-8fb7-3f865fd43dfc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.63293Z", + "modified": "2025-02-04T00:36:42.63293Z", + "name": "CVE-2025-20632", + "description": "In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397139; Issue ID: MSV-2188.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20632" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a90c770d-496f-4f5d-b5ab-dd64547f9bea.json b/objects/vulnerability/vulnerability--a90c770d-496f-4f5d-b5ab-dd64547f9bea.json new file mode 100644 index 00000000000..497722c08ed --- /dev/null +++ b/objects/vulnerability/vulnerability--a90c770d-496f-4f5d-b5ab-dd64547f9bea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b0b6e29-ab70-4685-94a6-fb83a39c5dbe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a90c770d-496f-4f5d-b5ab-dd64547f9bea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.560709Z", + "modified": "2025-02-04T00:36:42.560709Z", + "name": "CVE-2025-24545", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BannerSky.com BSK Forms Validation allows Reflected XSS. This issue affects BSK Forms Validation: from n/a through 1.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24545" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a91b6aaa-052a-403e-a2c1-647135120e3d.json b/objects/vulnerability/vulnerability--a91b6aaa-052a-403e-a2c1-647135120e3d.json new file mode 100644 index 00000000000..22a699d95c1 --- /dev/null +++ b/objects/vulnerability/vulnerability--a91b6aaa-052a-403e-a2c1-647135120e3d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--575f7e94-d300-43ed-9080-410c5c7917b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a91b6aaa-052a-403e-a2c1-647135120e3d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.362435Z", + "modified": "2025-02-04T00:36:32.362435Z", + "name": "CVE-2024-57669", + "description": "Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57669" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab09252c-9706-4383-8327-757094e26d11.json b/objects/vulnerability/vulnerability--ab09252c-9706-4383-8327-757094e26d11.json new file mode 100644 index 00000000000..2ce6437c85e --- /dev/null +++ b/objects/vulnerability/vulnerability--ab09252c-9706-4383-8327-757094e26d11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1fa15f9c-87cc-452a-90e9-1991136b1faa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab09252c-9706-4383-8327-757094e26d11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.366801Z", + "modified": "2025-02-04T00:36:32.366801Z", + "name": "CVE-2024-57966", + "description": "libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57966" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ace65a03-808a-4731-ae37-1585311e9dbd.json b/objects/vulnerability/vulnerability--ace65a03-808a-4731-ae37-1585311e9dbd.json new file mode 100644 index 00000000000..2a3b1044b84 --- /dev/null +++ b/objects/vulnerability/vulnerability--ace65a03-808a-4731-ae37-1585311e9dbd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4fdcc03b-b2ad-4fa1-9373-d60852cb6386", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ace65a03-808a-4731-ae37-1585311e9dbd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.444665Z", + "modified": "2025-02-04T00:36:32.444665Z", + "name": "CVE-2024-38412", + "description": "Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38412" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad45d3f6-15d7-4e25-8a12-363a51af8fd5.json b/objects/vulnerability/vulnerability--ad45d3f6-15d7-4e25-8a12-363a51af8fd5.json new file mode 100644 index 00000000000..16e47221afc --- /dev/null +++ b/objects/vulnerability/vulnerability--ad45d3f6-15d7-4e25-8a12-363a51af8fd5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f11e359-9ac6-46b7-be34-ac056081217a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad45d3f6-15d7-4e25-8a12-363a51af8fd5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.688376Z", + "modified": "2025-02-04T00:36:31.688376Z", + "name": "CVE-2024-34897", + "description": "Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-34897" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aee9749b-1003-4282-83c0-5de62e90f115.json b/objects/vulnerability/vulnerability--aee9749b-1003-4282-83c0-5de62e90f115.json new file mode 100644 index 00000000000..a7a9443ff2d --- /dev/null +++ b/objects/vulnerability/vulnerability--aee9749b-1003-4282-83c0-5de62e90f115.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--96c0345c-2732-496f-a763-004f0bdb912b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aee9749b-1003-4282-83c0-5de62e90f115", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.481418Z", + "modified": "2025-02-04T00:36:42.481418Z", + "name": "CVE-2025-25066", + "description": "nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25066" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af49d753-d4cb-4521-a6b4-54d80bdd8527.json b/objects/vulnerability/vulnerability--af49d753-d4cb-4521-a6b4-54d80bdd8527.json new file mode 100644 index 00000000000..b6edbcd40ee --- /dev/null +++ b/objects/vulnerability/vulnerability--af49d753-d4cb-4521-a6b4-54d80bdd8527.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a145e682-6f7e-4614-91b3-11d2c2d99c09", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af49d753-d4cb-4521-a6b4-54d80bdd8527", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.52429Z", + "modified": "2025-02-04T00:36:42.52429Z", + "name": "CVE-2025-24371", + "description": "CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send their `base` and `latest` heights when they connect to a new node (`A`), which is syncing to the tip of a network. `base` acts as a lower ground and informs `A` that the peer only has blocks starting from height `base`. `latest` height informs `A` about the latest block in a network. Normally, nodes would only report increasing heights. If `B` fails to provide the latest block, `B` is removed and the `latest` height (target height) is recalculated based on other nodes `latest` heights. The existing code however doesn't check for the case where `B` first reports `latest` height `X` and immediately after height `Y`, where `X > Y`. `A` will be trying to catch up to 2000 indefinitely. This condition requires the introduction of malicious code in the full node first reporting some non-existing `latest` height, then reporting lower `latest` height and nodes which are syncing using `blocksync` protocol. This issue has been patched in versions 1.0.1 and 0.38.17 and all users are advised to upgrade. Operators may attempt to ban malicious peers from the network as a workaround.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24371" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b211e5d5-6e18-4314-a80d-72c4635f9dc0.json b/objects/vulnerability/vulnerability--b211e5d5-6e18-4314-a80d-72c4635f9dc0.json new file mode 100644 index 00000000000..e1f85ff691e --- /dev/null +++ b/objects/vulnerability/vulnerability--b211e5d5-6e18-4314-a80d-72c4635f9dc0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b7c2c52-fa6c-4ce0-9c8b-4fc3477d540f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b211e5d5-6e18-4314-a80d-72c4635f9dc0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.557333Z", + "modified": "2025-02-04T00:36:42.557333Z", + "name": "CVE-2025-24557", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in plainware.com PlainInventory allows Reflected XSS. This issue affects PlainInventory: from n/a through 3.1.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24557" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b3394368-c4b4-4023-bce5-da38f6d109f9.json b/objects/vulnerability/vulnerability--b3394368-c4b4-4023-bce5-da38f6d109f9.json new file mode 100644 index 00000000000..6a198644172 --- /dev/null +++ b/objects/vulnerability/vulnerability--b3394368-c4b4-4023-bce5-da38f6d109f9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2321210a-c735-4baa-8556-758baad7c475", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b3394368-c4b4-4023-bce5-da38f6d109f9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.572439Z", + "modified": "2025-02-04T00:36:42.572439Z", + "name": "CVE-2025-24960", + "description": "Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the route(s). This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admin(s), there is very little scope for abuse. However, the `DELETE` `files/:filename` can be used to delete any file. This issue has been addressed in version 1.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24960" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b5ac8eae-22fd-4199-b78e-29bb502b95df.json b/objects/vulnerability/vulnerability--b5ac8eae-22fd-4199-b78e-29bb502b95df.json new file mode 100644 index 00000000000..ddd7f1acb09 --- /dev/null +++ b/objects/vulnerability/vulnerability--b5ac8eae-22fd-4199-b78e-29bb502b95df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d7dd4c49-2f7b-4ec0-a2a0-8e71f06a4885", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b5ac8eae-22fd-4199-b78e-29bb502b95df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.31816Z", + "modified": "2025-02-04T00:36:42.31816Z", + "name": "CVE-2025-1003", + "description": "A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-1003" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b5ba4a7f-86bb-4e25-b31e-4ab2371daeea.json b/objects/vulnerability/vulnerability--b5ba4a7f-86bb-4e25-b31e-4ab2371daeea.json new file mode 100644 index 00000000000..a94423da92a --- /dev/null +++ b/objects/vulnerability/vulnerability--b5ba4a7f-86bb-4e25-b31e-4ab2371daeea.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f72dd6b-b80a-4a61-9445-3750c66e7e14", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b5ba4a7f-86bb-4e25-b31e-4ab2371daeea", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.55158Z", + "modified": "2025-02-04T00:36:42.55158Z", + "name": "CVE-2025-24643", + "description": "Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPGuppy: from n/a through 1.1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24643" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bd817af2-ef94-429d-a795-121b4162a332.json b/objects/vulnerability/vulnerability--bd817af2-ef94-429d-a795-121b4162a332.json new file mode 100644 index 00000000000..25416fc4276 --- /dev/null +++ b/objects/vulnerability/vulnerability--bd817af2-ef94-429d-a795-121b4162a332.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--006bcbba-a971-4139-8632-b6f04f79d99c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bd817af2-ef94-429d-a795-121b4162a332", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.500307Z", + "modified": "2025-02-04T00:36:42.500307Z", + "name": "CVE-2025-24958", + "description": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_tag.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24958" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bdcab286-d9f6-4eea-8614-8a6fc7eb888a.json b/objects/vulnerability/vulnerability--bdcab286-d9f6-4eea-8614-8a6fc7eb888a.json new file mode 100644 index 00000000000..b944ff24517 --- /dev/null +++ b/objects/vulnerability/vulnerability--bdcab286-d9f6-4eea-8614-8a6fc7eb888a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f83a2d19-0620-4326-8290-71b6fe5f2bca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bdcab286-d9f6-4eea-8614-8a6fc7eb888a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.454306Z", + "modified": "2025-02-04T00:36:32.454306Z", + "name": "CVE-2024-38416", + "description": "Information disclosure during audio playback.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38416" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be3c9fc2-143d-4907-9557-75412104f2df.json b/objects/vulnerability/vulnerability--be3c9fc2-143d-4907-9557-75412104f2df.json new file mode 100644 index 00000000000..bf295aaf680 --- /dev/null +++ b/objects/vulnerability/vulnerability--be3c9fc2-143d-4907-9557-75412104f2df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e5077e1a-cab3-4839-9336-fd5b780fa276", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be3c9fc2-143d-4907-9557-75412104f2df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.962593Z", + "modified": "2025-02-04T00:36:31.962593Z", + "name": "CVE-2024-45569", + "description": "Memory corruption while parsing the ML IE due to invalid frame content.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45569" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be4965de-fb47-4103-be88-81ad219faf3e.json b/objects/vulnerability/vulnerability--be4965de-fb47-4103-be88-81ad219faf3e.json new file mode 100644 index 00000000000..d4d39bf40e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--be4965de-fb47-4103-be88-81ad219faf3e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d3dd214e-4308-491a-82b1-15c95799280c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be4965de-fb47-4103-be88-81ad219faf3e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.330491Z", + "modified": "2025-02-04T00:36:42.330491Z", + "name": "CVE-2025-22682", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hesabfa Hesabfa Accounting allows Reflected XSS. This issue affects Hesabfa Accounting: from n/a through 2.1.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22682" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bea753e8-97c4-440b-985c-0e071da95ed6.json b/objects/vulnerability/vulnerability--bea753e8-97c4-440b-985c-0e071da95ed6.json new file mode 100644 index 00000000000..f4d64d1a701 --- /dev/null +++ b/objects/vulnerability/vulnerability--bea753e8-97c4-440b-985c-0e071da95ed6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--de192e19-3350-4fab-94c2-de6b336bc817", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bea753e8-97c4-440b-985c-0e071da95ed6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.391432Z", + "modified": "2025-02-04T00:36:32.391432Z", + "name": "CVE-2024-57452", + "description": "ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57452" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c2a28bbd-60eb-4109-8171-08624555df13.json b/objects/vulnerability/vulnerability--c2a28bbd-60eb-4109-8171-08624555df13.json new file mode 100644 index 00000000000..3c4facd944a --- /dev/null +++ b/objects/vulnerability/vulnerability--c2a28bbd-60eb-4109-8171-08624555df13.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b9f77230-4ccc-4611-9b82-e2f220d2471f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c2a28bbd-60eb-4109-8171-08624555df13", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.811402Z", + "modified": "2025-02-04T00:36:32.811402Z", + "name": "CVE-2024-53942", + "description": "An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device (with root-level permissions) via crafted input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-53942" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c7808ae2-b873-4f39-96c3-e10445a6d34d.json b/objects/vulnerability/vulnerability--c7808ae2-b873-4f39-96c3-e10445a6d34d.json new file mode 100644 index 00000000000..f87ccb5d754 --- /dev/null +++ b/objects/vulnerability/vulnerability--c7808ae2-b873-4f39-96c3-e10445a6d34d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a1fb5c56-f862-472f-a55d-1cacfb6d0d21", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c7808ae2-b873-4f39-96c3-e10445a6d34d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.954258Z", + "modified": "2025-02-04T00:36:32.954258Z", + "name": "CVE-2024-47770", + "description": "Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47770" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c7a326d5-963d-4ce5-aaf7-13391181c419.json b/objects/vulnerability/vulnerability--c7a326d5-963d-4ce5-aaf7-13391181c419.json new file mode 100644 index 00000000000..6e2b0268571 --- /dev/null +++ b/objects/vulnerability/vulnerability--c7a326d5-963d-4ce5-aaf7-13391181c419.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5ddc7534-7fb6-4ce9-ade1-58083f227836", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c7a326d5-963d-4ce5-aaf7-13391181c419", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:34.17609Z", + "modified": "2025-02-04T00:36:34.17609Z", + "name": "CVE-2024-20147", + "description": "In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20147" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c7ee488b-e5d6-4d47-9d0a-41c6665a62bd.json b/objects/vulnerability/vulnerability--c7ee488b-e5d6-4d47-9d0a-41c6665a62bd.json new file mode 100644 index 00000000000..44e5c02d9a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--c7ee488b-e5d6-4d47-9d0a-41c6665a62bd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b202792a-0b5a-4cb9-8b7c-ccffa1b9a9b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c7ee488b-e5d6-4d47-9d0a-41c6665a62bd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.454029Z", + "modified": "2025-02-04T00:36:42.454029Z", + "name": "CVE-2025-23593", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound EmailPress allows Reflected XSS. This issue affects EmailPress: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23593" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c8475575-56d0-4da9-ad85-5d0c13874a81.json b/objects/vulnerability/vulnerability--c8475575-56d0-4da9-ad85-5d0c13874a81.json new file mode 100644 index 00000000000..a7cdb4857a9 --- /dev/null +++ b/objects/vulnerability/vulnerability--c8475575-56d0-4da9-ad85-5d0c13874a81.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--45c524b4-a260-4fa8-bfab-027040608a24", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c8475575-56d0-4da9-ad85-5d0c13874a81", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.618708Z", + "modified": "2025-02-04T00:36:42.618708Z", + "name": "CVE-2025-0972", + "description": "A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0972" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c9fff7a3-1e8e-495d-9a0a-d7834705677a.json b/objects/vulnerability/vulnerability--c9fff7a3-1e8e-495d-9a0a-d7834705677a.json new file mode 100644 index 00000000000..7eac755fe65 --- /dev/null +++ b/objects/vulnerability/vulnerability--c9fff7a3-1e8e-495d-9a0a-d7834705677a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--365951f6-ed71-4659-9143-d7a040e09ef9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c9fff7a3-1e8e-495d-9a0a-d7834705677a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.420949Z", + "modified": "2025-02-04T00:36:32.420949Z", + "name": "CVE-2024-38420", + "description": "Memory corruption while configuring a Hypervisor based input virtual device.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38420" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ca69d285-4e99-4519-8070-fc9c2fa59e45.json b/objects/vulnerability/vulnerability--ca69d285-4e99-4519-8070-fc9c2fa59e45.json new file mode 100644 index 00000000000..40c1809d49c --- /dev/null +++ b/objects/vulnerability/vulnerability--ca69d285-4e99-4519-8070-fc9c2fa59e45.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--16372756-c02b-4d2a-a618-4bb7ffb63115", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ca69d285-4e99-4519-8070-fc9c2fa59e45", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.348754Z", + "modified": "2025-02-04T00:36:32.348754Z", + "name": "CVE-2024-57004", + "description": "Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57004" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cba6d924-24fe-4916-804b-72481ee2c913.json b/objects/vulnerability/vulnerability--cba6d924-24fe-4916-804b-72481ee2c913.json new file mode 100644 index 00000000000..4bff7b0e9bf --- /dev/null +++ b/objects/vulnerability/vulnerability--cba6d924-24fe-4916-804b-72481ee2c913.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a84155d4-c548-4677-b152-26161dab1da8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cba6d924-24fe-4916-804b-72481ee2c913", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.366637Z", + "modified": "2025-02-04T00:36:42.366637Z", + "name": "CVE-2025-22978", + "description": "eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22978" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d153b43b-e1bf-4a96-a4ac-92d68a049ba1.json b/objects/vulnerability/vulnerability--d153b43b-e1bf-4a96-a4ac-92d68a049ba1.json new file mode 100644 index 00000000000..c87b73c41b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--d153b43b-e1bf-4a96-a4ac-92d68a049ba1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14dddd1f-ee70-4414-9fc7-c56a0427ec86", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d153b43b-e1bf-4a96-a4ac-92d68a049ba1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:34.170831Z", + "modified": "2025-02-04T00:36:34.170831Z", + "name": "CVE-2024-20141", + "description": "In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-20141" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d61f87b1-a247-433b-b8ff-ee78e2e4c237.json b/objects/vulnerability/vulnerability--d61f87b1-a247-433b-b8ff-ee78e2e4c237.json new file mode 100644 index 00000000000..9d75c8d0d0d --- /dev/null +++ b/objects/vulnerability/vulnerability--d61f87b1-a247-433b-b8ff-ee78e2e4c237.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c7af896-4093-4df7-a44b-3e51e23dc5ab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d61f87b1-a247-433b-b8ff-ee78e2e4c237", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.657539Z", + "modified": "2025-02-04T00:36:42.657539Z", + "name": "CVE-2025-20639", + "description": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20639" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d62a6abf-bbca-401b-a0d4-d6a7906a2d34.json b/objects/vulnerability/vulnerability--d62a6abf-bbca-401b-a0d4-d6a7906a2d34.json new file mode 100644 index 00000000000..223b95575db --- /dev/null +++ b/objects/vulnerability/vulnerability--d62a6abf-bbca-401b-a0d4-d6a7906a2d34.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e40ada48-ff44-4215-8107-55a627d6418c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d62a6abf-bbca-401b-a0d4-d6a7906a2d34", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.525949Z", + "modified": "2025-02-04T00:36:42.525949Z", + "name": "CVE-2025-24684", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS. This issue affects Media Downloader: from n/a through 0.4.7.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24684" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d63c5583-606a-48d6-a81a-8757fe91d942.json b/objects/vulnerability/vulnerability--d63c5583-606a-48d6-a81a-8757fe91d942.json new file mode 100644 index 00000000000..4d4afaf0416 --- /dev/null +++ b/objects/vulnerability/vulnerability--d63c5583-606a-48d6-a81a-8757fe91d942.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9d1250a1-df37-4d96-a15a-dd4068d89ea5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d63c5583-606a-48d6-a81a-8757fe91d942", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.755372Z", + "modified": "2025-02-04T00:36:31.755372Z", + "name": "CVE-2024-12511", + "description": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12511" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d6655b79-e77e-4419-8b57-e6047382e656.json b/objects/vulnerability/vulnerability--d6655b79-e77e-4419-8b57-e6047382e656.json new file mode 100644 index 00000000000..7bcfe021136 --- /dev/null +++ b/objects/vulnerability/vulnerability--d6655b79-e77e-4419-8b57-e6047382e656.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c135729-87df-4ad2-bba2-0fa8c823b901", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d6655b79-e77e-4419-8b57-e6047382e656", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.479147Z", + "modified": "2025-02-04T00:36:42.479147Z", + "name": "CVE-2025-25062", + "description": "An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an administrator attempts to edit a piece of content. This vulnerability is mitigated by the fact that an attacker must have the ability to create long text content (such as through the node or comment forms) and an administrator must edit (not view) the content that contains the malicious content. This problem only exists when using the CKEditor 5 module.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25062" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d82014a6-d899-4f88-b30c-2cca2a8b749e.json b/objects/vulnerability/vulnerability--d82014a6-d899-4f88-b30c-2cca2a8b749e.json new file mode 100644 index 00000000000..4d21ba4611f --- /dev/null +++ b/objects/vulnerability/vulnerability--d82014a6-d899-4f88-b30c-2cca2a8b749e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--341256ce-157c-451a-99be-4867422864fe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d82014a6-d899-4f88-b30c-2cca2a8b749e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:33.892089Z", + "modified": "2025-02-04T00:36:33.892089Z", + "name": "CVE-2024-49838", + "description": "Information disclosure while parsing the OCI IE with invalid length.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49838" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d8863ed7-c5a3-43c1-aed8-12f28f24e263.json b/objects/vulnerability/vulnerability--d8863ed7-c5a3-43c1-aed8-12f28f24e263.json new file mode 100644 index 00000000000..acd4470aba2 --- /dev/null +++ b/objects/vulnerability/vulnerability--d8863ed7-c5a3-43c1-aed8-12f28f24e263.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1574084f-1977-4712-aa33-161b05867052", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d8863ed7-c5a3-43c1-aed8-12f28f24e263", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.416672Z", + "modified": "2025-02-04T00:36:42.416672Z", + "name": "CVE-2025-23747", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nitesh Singh Awesome Timeline allows Stored XSS. This issue affects Awesome Timeline: from n/a through 1.0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23747" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dac2e380-4f00-48c5-9a1b-43659b71b2ba.json b/objects/vulnerability/vulnerability--dac2e380-4f00-48c5-9a1b-43659b71b2ba.json new file mode 100644 index 00000000000..d30566c8d6c --- /dev/null +++ b/objects/vulnerability/vulnerability--dac2e380-4f00-48c5-9a1b-43659b71b2ba.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--585e1db2-2861-4974-aa7d-796810bfcd1b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dac2e380-4f00-48c5-9a1b-43659b71b2ba", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.335306Z", + "modified": "2025-02-04T00:36:42.335306Z", + "name": "CVE-2025-22704", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri WordPress Signature allows Cross Site Request Forgery. This issue affects WordPress Signature: from n/a through 0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22704" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dd8fd835-dd31-4a4b-a553-8a3459ecdf2c.json b/objects/vulnerability/vulnerability--dd8fd835-dd31-4a4b-a553-8a3459ecdf2c.json new file mode 100644 index 00000000000..9532e9b4e0f --- /dev/null +++ b/objects/vulnerability/vulnerability--dd8fd835-dd31-4a4b-a553-8a3459ecdf2c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0c186178-4e58-416b-93cc-62356252f299", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dd8fd835-dd31-4a4b-a553-8a3459ecdf2c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.364247Z", + "modified": "2025-02-04T00:36:42.364247Z", + "name": "CVE-2025-22679", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Job Board Manager allows Reflected XSS. This issue affects Job Board Manager: from n/a through 2.1.60.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22679" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e0c659e0-5bd6-4978-a8c1-25ff628bc9d1.json b/objects/vulnerability/vulnerability--e0c659e0-5bd6-4978-a8c1-25ff628bc9d1.json new file mode 100644 index 00000000000..3c3c528c3c4 --- /dev/null +++ b/objects/vulnerability/vulnerability--e0c659e0-5bd6-4978-a8c1-25ff628bc9d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0a491b60-043e-499f-af81-f93f16d26f4f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e0c659e0-5bd6-4978-a8c1-25ff628bc9d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.356835Z", + "modified": "2025-02-04T00:36:32.356835Z", + "name": "CVE-2024-57237", + "description": "Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the browser to execute injected JavaScript code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57237" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e102564b-252f-468e-ac0a-564decd7d3b7.json b/objects/vulnerability/vulnerability--e102564b-252f-468e-ac0a-564decd7d3b7.json new file mode 100644 index 00000000000..87cbced5b8c --- /dev/null +++ b/objects/vulnerability/vulnerability--e102564b-252f-468e-ac0a-564decd7d3b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a1ac20c4-02d2-49fc-82fb-661115e26c5f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e102564b-252f-468e-ac0a-564decd7d3b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.51384Z", + "modified": "2025-02-04T00:36:42.51384Z", + "name": "CVE-2025-24536", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThriveDesk ThriveDesk allows Reflected XSS. This issue affects ThriveDesk: from n/a through 2.0.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24536" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e4a826d6-c569-4ec6-a9a7-4d3917ccdcd9.json b/objects/vulnerability/vulnerability--e4a826d6-c569-4ec6-a9a7-4d3917ccdcd9.json new file mode 100644 index 00000000000..6d748d75f50 --- /dev/null +++ b/objects/vulnerability/vulnerability--e4a826d6-c569-4ec6-a9a7-4d3917ccdcd9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--15e69921-51b3-44e3-9129-14df10a972ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e4a826d6-c569-4ec6-a9a7-4d3917ccdcd9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.451578Z", + "modified": "2025-02-04T00:36:42.451578Z", + "name": "CVE-2025-23491", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikashsrivastava1111989 VSTEMPLATE Creator allows Reflected XSS. This issue affects VSTEMPLATE Creator: from n/a through 2.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23491" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e613311d-77e1-4062-b9b0-9c7fbbb9a75e.json b/objects/vulnerability/vulnerability--e613311d-77e1-4062-b9b0-9c7fbbb9a75e.json new file mode 100644 index 00000000000..11510221498 --- /dev/null +++ b/objects/vulnerability/vulnerability--e613311d-77e1-4062-b9b0-9c7fbbb9a75e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d1991e31-4f71-4c3a-842d-36b8291647da", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e613311d-77e1-4062-b9b0-9c7fbbb9a75e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.67094Z", + "modified": "2025-02-04T00:36:42.67094Z", + "name": "CVE-2025-20641", + "description": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-20641" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e650d5f4-0011-4d3b-8f4f-087a4c3ff4c5.json b/objects/vulnerability/vulnerability--e650d5f4-0011-4d3b-8f4f-087a4c3ff4c5.json new file mode 100644 index 00000000000..8d51fc8ba0b --- /dev/null +++ b/objects/vulnerability/vulnerability--e650d5f4-0011-4d3b-8f4f-087a4c3ff4c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--58b0e4c3-b132-4ee9-8bbc-00f67782bab3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e650d5f4-0011-4d3b-8f4f-087a4c3ff4c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:37.615298Z", + "modified": "2025-02-04T00:36:37.615298Z", + "name": "CVE-2023-52164", + "description": "** UNSUPPORTED WHEN ASSIGNED ** access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52164" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6ce21ec-9b13-4196-86fc-1e2cdf7924b5.json b/objects/vulnerability/vulnerability--e6ce21ec-9b13-4196-86fc-1e2cdf7924b5.json new file mode 100644 index 00000000000..061046b3898 --- /dev/null +++ b/objects/vulnerability/vulnerability--e6ce21ec-9b13-4196-86fc-1e2cdf7924b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--43657d80-ce52-4aa2-aea5-29a39c2ac301", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6ce21ec-9b13-4196-86fc-1e2cdf7924b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.426099Z", + "modified": "2025-02-04T00:36:42.426099Z", + "name": "CVE-2025-23819", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound WP Cloud allows Absolute Path Traversal. This issue affects WP Cloud: from n/a through 1.4.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23819" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6e9f9f1-7a8a-4d00-8871-e07338edfb08.json b/objects/vulnerability/vulnerability--e6e9f9f1-7a8a-4d00-8871-e07338edfb08.json new file mode 100644 index 00000000000..2a5e411120b --- /dev/null +++ b/objects/vulnerability/vulnerability--e6e9f9f1-7a8a-4d00-8871-e07338edfb08.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b7f0b877-9a9a-452c-99e2-c45a251f3727", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6e9f9f1-7a8a-4d00-8871-e07338edfb08", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.607355Z", + "modified": "2025-02-04T00:36:31.607355Z", + "name": "CVE-2024-50656", + "description": "itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50656" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e81bdb22-d945-412a-a808-176ee868745a.json b/objects/vulnerability/vulnerability--e81bdb22-d945-412a-a808-176ee868745a.json new file mode 100644 index 00000000000..6c13aa3d1f5 --- /dev/null +++ b/objects/vulnerability/vulnerability--e81bdb22-d945-412a-a808-176ee868745a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--614ead12-a639-45c8-878b-f94eb6fe302d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e81bdb22-d945-412a-a808-176ee868745a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.369543Z", + "modified": "2025-02-04T00:36:42.369543Z", + "name": "CVE-2025-22685", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in CheGevara Tags to Keywords allows Stored XSS. This issue affects Tags to Keywords: from n/a through 1.0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22685" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9f3d764-c3a9-4c89-87f7-a43603dcdfcb.json b/objects/vulnerability/vulnerability--e9f3d764-c3a9-4c89-87f7-a43603dcdfcb.json new file mode 100644 index 00000000000..0ff04a16808 --- /dev/null +++ b/objects/vulnerability/vulnerability--e9f3d764-c3a9-4c89-87f7-a43603dcdfcb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--296cba7a-1842-4f79-999f-c06a8bd2df4d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9f3d764-c3a9-4c89-87f7-a43603dcdfcb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.985409Z", + "modified": "2025-02-04T00:36:31.985409Z", + "name": "CVE-2024-45584", + "description": "Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45584" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea3d408a-1daf-4c38-a873-0972fd22809f.json b/objects/vulnerability/vulnerability--ea3d408a-1daf-4c38-a873-0972fd22809f.json new file mode 100644 index 00000000000..df0f66ff296 --- /dev/null +++ b/objects/vulnerability/vulnerability--ea3d408a-1daf-4c38-a873-0972fd22809f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--860b65c7-ec05-4de0-9409-cabb51710d8b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea3d408a-1daf-4c38-a873-0972fd22809f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.943187Z", + "modified": "2025-02-04T00:36:31.943187Z", + "name": "CVE-2024-45573", + "description": "Memory corruption may occour while generating test pattern due to negative indexing of display ID.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45573" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eb042d97-cc67-4984-bf5e-98a0a90480e0.json b/objects/vulnerability/vulnerability--eb042d97-cc67-4984-bf5e-98a0a90480e0.json new file mode 100644 index 00000000000..cba66213c10 --- /dev/null +++ b/objects/vulnerability/vulnerability--eb042d97-cc67-4984-bf5e-98a0a90480e0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--06448b68-9c03-4dc9-9b73-abb5f232c882", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eb042d97-cc67-4984-bf5e-98a0a90480e0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:33.87798Z", + "modified": "2025-02-04T00:36:33.87798Z", + "name": "CVE-2024-49834", + "description": "Memory corruption while power-up or power-down sequence of the camera sensor.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49834" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ebcb7d47-cab5-411b-b68e-88ab814cb87f.json b/objects/vulnerability/vulnerability--ebcb7d47-cab5-411b-b68e-88ab814cb87f.json new file mode 100644 index 00000000000..478828e6d57 --- /dev/null +++ b/objects/vulnerability/vulnerability--ebcb7d47-cab5-411b-b68e-88ab814cb87f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d6f56d89-83ac-43fb-8998-b215bec21c65", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ebcb7d47-cab5-411b-b68e-88ab814cb87f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:32.836839Z", + "modified": "2025-02-04T00:36:32.836839Z", + "name": "CVE-2024-56946", + "description": "Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56946" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ebf7203a-7ec7-42d3-85fe-d4f6b5a520d7.json b/objects/vulnerability/vulnerability--ebf7203a-7ec7-42d3-85fe-d4f6b5a520d7.json new file mode 100644 index 00000000000..62fec0e222b --- /dev/null +++ b/objects/vulnerability/vulnerability--ebf7203a-7ec7-42d3-85fe-d4f6b5a520d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--601631ec-69fb-431a-8266-ffd33e732744", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ebf7203a-7ec7-42d3-85fe-d4f6b5a520d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.53184Z", + "modified": "2025-02-04T00:36:42.53184Z", + "name": "CVE-2025-24605", + "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal. This issue affects WOLF: from n/a through 1.0.8.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24605" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ed64e154-e976-4418-8ba7-753a4b5b7935.json b/objects/vulnerability/vulnerability--ed64e154-e976-4418-8ba7-753a4b5b7935.json new file mode 100644 index 00000000000..6f42833a916 --- /dev/null +++ b/objects/vulnerability/vulnerability--ed64e154-e976-4418-8ba7-753a4b5b7935.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7aff2a4f-335c-4189-9e1a-9f5d9385ed9a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ed64e154-e976-4418-8ba7-753a4b5b7935", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.421431Z", + "modified": "2025-02-04T00:36:42.421431Z", + "name": "CVE-2025-23588", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WOW WordPress WOW Best CSS Compiler allows Reflected XSS. This issue affects WOW Best CSS Compiler: from n/a through 2.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23588" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edfa6c1c-16fe-4a64-ae62-531d8b411bfe.json b/objects/vulnerability/vulnerability--edfa6c1c-16fe-4a64-ae62-531d8b411bfe.json new file mode 100644 index 00000000000..1cc91502f42 --- /dev/null +++ b/objects/vulnerability/vulnerability--edfa6c1c-16fe-4a64-ae62-531d8b411bfe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dcc80393-8d5e-40db-a2ac-75fe420e1222", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edfa6c1c-16fe-4a64-ae62-531d8b411bfe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.397313Z", + "modified": "2025-02-04T00:36:42.397313Z", + "name": "CVE-2025-22129", + "description": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22129" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edfdcc97-32a4-40fd-a501-9eb378465d00.json b/objects/vulnerability/vulnerability--edfdcc97-32a4-40fd-a501-9eb378465d00.json new file mode 100644 index 00000000000..b70f794e595 --- /dev/null +++ b/objects/vulnerability/vulnerability--edfdcc97-32a4-40fd-a501-9eb378465d00.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ba61884c-70d6-4f05-8c4c-527ca26b42b5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edfdcc97-32a4-40fd-a501-9eb378465d00", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.53323Z", + "modified": "2025-02-04T00:36:42.53323Z", + "name": "CVE-2025-24029", + "description": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24029" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f03dcc13-bd13-4be9-bc92-5a2d8ecf8cfa.json b/objects/vulnerability/vulnerability--f03dcc13-bd13-4be9-bc92-5a2d8ecf8cfa.json new file mode 100644 index 00000000000..69dfabe717f --- /dev/null +++ b/objects/vulnerability/vulnerability--f03dcc13-bd13-4be9-bc92-5a2d8ecf8cfa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c55cfc08-1049-4ddb-8be2-0ea3b068d246", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f03dcc13-bd13-4be9-bc92-5a2d8ecf8cfa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:33.860282Z", + "modified": "2025-02-04T00:36:33.860282Z", + "name": "CVE-2024-49840", + "description": "Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-49840" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f086c035-cdc6-4f44-a8da-2f648f9d5fa5.json b/objects/vulnerability/vulnerability--f086c035-cdc6-4f44-a8da-2f648f9d5fa5.json new file mode 100644 index 00000000000..0e4737f44ac --- /dev/null +++ b/objects/vulnerability/vulnerability--f086c035-cdc6-4f44-a8da-2f648f9d5fa5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb79533a-c315-451a-99c3-6920edce54f6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f086c035-cdc6-4f44-a8da-2f648f9d5fa5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.455944Z", + "modified": "2025-02-04T00:36:42.455944Z", + "name": "CVE-2025-23614", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nik Sudan WordPress Additional Logins allows Reflected XSS. This issue affects WordPress Additional Logins: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23614" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f1927cf3-11df-4c59-b4ba-7b8f13e47ce2.json b/objects/vulnerability/vulnerability--f1927cf3-11df-4c59-b4ba-7b8f13e47ce2.json new file mode 100644 index 00000000000..f981a1d8f93 --- /dev/null +++ b/objects/vulnerability/vulnerability--f1927cf3-11df-4c59-b4ba-7b8f13e47ce2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d7449f31-cd47-4bae-b06f-6a9036175537", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f1927cf3-11df-4c59-b4ba-7b8f13e47ce2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.561912Z", + "modified": "2025-02-04T00:36:42.561912Z", + "name": "CVE-2025-24646", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxim Glazunov XML for Avito allows Reflected XSS. This issue affects XML for Avito: from n/a through 2.5.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24646" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f1d0850a-fc92-4837-af69-f90972e52c64.json b/objects/vulnerability/vulnerability--f1d0850a-fc92-4837-af69-f90972e52c64.json new file mode 100644 index 00000000000..31f2820cb57 --- /dev/null +++ b/objects/vulnerability/vulnerability--f1d0850a-fc92-4837-af69-f90972e52c64.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8cb60b63-05c5-43aa-985e-e7296a449a7a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f1d0850a-fc92-4837-af69-f90972e52c64", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.484694Z", + "modified": "2025-02-04T00:36:42.484694Z", + "name": "CVE-2025-25181", + "description": "A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-25181" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f47f4c58-ef3b-4a18-be9b-770a04c1ea53.json b/objects/vulnerability/vulnerability--f47f4c58-ef3b-4a18-be9b-770a04c1ea53.json new file mode 100644 index 00000000000..3644ad75992 --- /dev/null +++ b/objects/vulnerability/vulnerability--f47f4c58-ef3b-4a18-be9b-770a04c1ea53.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--76de200c-b913-4007-8c87-0a7a02ba5293", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f47f4c58-ef3b-4a18-be9b-770a04c1ea53", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.442141Z", + "modified": "2025-02-04T00:36:42.442141Z", + "name": "CVE-2025-23590", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Burtay Arat Dezdy allows Reflected XSS. This issue affects Dezdy: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23590" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f5295106-f78f-4bcb-8469-e135ae2d35df.json b/objects/vulnerability/vulnerability--f5295106-f78f-4bcb-8469-e135ae2d35df.json new file mode 100644 index 00000000000..7f1b130364c --- /dev/null +++ b/objects/vulnerability/vulnerability--f5295106-f78f-4bcb-8469-e135ae2d35df.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2ce131aa-3498-4b91-bff6-8da66912a38c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f5295106-f78f-4bcb-8469-e135ae2d35df", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.556308Z", + "modified": "2025-02-04T00:36:42.556308Z", + "name": "CVE-2025-24906", + "description": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_cobranca.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24906" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f669cd48-d380-43ac-a182-23115cd2986e.json b/objects/vulnerability/vulnerability--f669cd48-d380-43ac-a182-23115cd2986e.json new file mode 100644 index 00000000000..a0581a0266f --- /dev/null +++ b/objects/vulnerability/vulnerability--f669cd48-d380-43ac-a182-23115cd2986e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9632bfcc-7d7b-4ea2-80f8-6cda396799c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f669cd48-d380-43ac-a182-23115cd2986e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.412307Z", + "modified": "2025-02-04T00:36:42.412307Z", + "name": "CVE-2025-23599", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound eMarksheet allows Reflected XSS. This issue affects eMarksheet: from n/a through 5.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23599" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f6daa590-3ca2-4c9d-bd2d-513cbb0beb0a.json b/objects/vulnerability/vulnerability--f6daa590-3ca2-4c9d-bd2d-513cbb0beb0a.json new file mode 100644 index 00000000000..83fae2def54 --- /dev/null +++ b/objects/vulnerability/vulnerability--f6daa590-3ca2-4c9d-bd2d-513cbb0beb0a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5d8e5a8-4353-4a79-82ef-a3369c3b4090", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f6daa590-3ca2-4c9d-bd2d-513cbb0beb0a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.536076Z", + "modified": "2025-02-04T00:36:42.536076Z", + "name": "CVE-2025-24576", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fatcat Apps Landing Page Cat allows Reflected XSS. This issue affects Landing Page Cat: from n/a through 1.7.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24576" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f751b327-738b-48d4-8313-f5442a9d1123.json b/objects/vulnerability/vulnerability--f751b327-738b-48d4-8313-f5442a9d1123.json new file mode 100644 index 00000000000..52e0e3d196d --- /dev/null +++ b/objects/vulnerability/vulnerability--f751b327-738b-48d4-8313-f5442a9d1123.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--52fcd417-6f54-4859-a50b-79c787b71fbc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f751b327-738b-48d4-8313-f5442a9d1123", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.39095Z", + "modified": "2025-02-04T00:36:42.39095Z", + "name": "CVE-2025-22688", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars allows Stored XSS. This issue affects Unlimited Page Sidebars: from n/a through 0.2.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22688" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8b419b6-ca6d-4511-b58f-36fab5d56f3e.json b/objects/vulnerability/vulnerability--f8b419b6-ca6d-4511-b58f-36fab5d56f3e.json new file mode 100644 index 00000000000..4eff2eaffd4 --- /dev/null +++ b/objects/vulnerability/vulnerability--f8b419b6-ca6d-4511-b58f-36fab5d56f3e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--64ab3a4e-3705-4e3e-be6c-959cb1e32999", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8b419b6-ca6d-4511-b58f-36fab5d56f3e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.470753Z", + "modified": "2025-02-04T00:36:42.470753Z", + "name": "CVE-2025-23923", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Lockets allows Reflected XSS. This issue affects Lockets: from n/a through 0.999.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23923" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fe1b5bf5-f227-48f6-a81e-ba6bb22e80d6.json b/objects/vulnerability/vulnerability--fe1b5bf5-f227-48f6-a81e-ba6bb22e80d6.json new file mode 100644 index 00000000000..9181beabe1a --- /dev/null +++ b/objects/vulnerability/vulnerability--fe1b5bf5-f227-48f6-a81e-ba6bb22e80d6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a63f51ec-46df-4a68-8cef-fdf51100b449", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fe1b5bf5-f227-48f6-a81e-ba6bb22e80d6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:31.560626Z", + "modified": "2025-02-04T00:36:31.560626Z", + "name": "CVE-2024-50500", + "description": "Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50500" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fe8ff985-22b2-47c6-9988-464a84d06f0c.json b/objects/vulnerability/vulnerability--fe8ff985-22b2-47c6-9988-464a84d06f0c.json new file mode 100644 index 00000000000..1c37fe804fa --- /dev/null +++ b/objects/vulnerability/vulnerability--fe8ff985-22b2-47c6-9988-464a84d06f0c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eb1916c0-6dd8-4754-b73a-c573ede91a28", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fe8ff985-22b2-47c6-9988-464a84d06f0c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-02-04T00:36:42.496931Z", + "modified": "2025-02-04T00:36:42.496931Z", + "name": "CVE-2025-24957", + "description": "WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `get_detalhes_socio.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24957" + } + ] + } + ] +} \ No newline at end of file