diff --git a/mapping.csv b/mapping.csv
index 3f782a6181a..3c669bbd99b 100644
--- a/mapping.csv
+++ b/mapping.csv
@@ -266487,3 +266487,120 @@ vulnerability,CVE-2025-0158,vulnerability--cf5f0f62-d096-4e01-8a17-82b072b44363
vulnerability,CVE-2025-0994,vulnerability--95370c66-fe1b-4f09-ae2b-ac4d7fd4987f
vulnerability,CVE-2025-0859,vulnerability--f78ff995-a046-4dac-b117-4b452ff52240
vulnerability,CVE-2025-20094,vulnerability--40f88fd8-4f15-471c-892d-6a1fabbfd452
+vulnerability,CVE-2024-10383,vulnerability--a1fac2ca-6d2e-4ce5-8b25-12c6c3829d64
+vulnerability,CVE-2024-57357,vulnerability--4003ab90-bfa7-4cad-bbcd-01ab4451e0fd
+vulnerability,CVE-2024-57248,vulnerability--14f78fe7-1b15-47f8-a445-e8a3f9e21fc8
+vulnerability,CVE-2024-57279,vulnerability--69df44bf-eb5c-4e0a-a49d-1df284782207
+vulnerability,CVE-2024-57707,vulnerability--b93bf857-e23f-4ba5-ad98-594fe30ed96c
+vulnerability,CVE-2024-57249,vulnerability--f0bb2b75-6a84-4a77-b7a8-92134e785631
+vulnerability,CVE-2024-57278,vulnerability--1053604a-1610-49cb-b56d-43c4a1e82de7
+vulnerability,CVE-2024-57606,vulnerability--5d9b5137-3edb-4341-b684-7d080e5c9ef6
+vulnerability,CVE-2024-52881,vulnerability--d355dff2-86ab-4e86-96d3-f74fbac984c9
+vulnerability,CVE-2024-52882,vulnerability--3e896065-845d-48e8-b6e8-3a986aeee72d
+vulnerability,CVE-2024-52884,vulnerability--6610ba14-9cbf-42e5-80e4-c7934f2c3180
+vulnerability,CVE-2024-52883,vulnerability--064c74a0-3860-42a3-95fe-2f61fd90e7fa
+vulnerability,CVE-2024-35106,vulnerability--aa74f69d-bddd-4c9a-908f-cdf864e92641
+vulnerability,CVE-2024-13841,vulnerability--25503653-286c-4efb-8c7d-4a0c17f33cee
+vulnerability,CVE-2024-13492,vulnerability--71a0fda2-4077-4a1c-87d5-5e9562fc7c4f
+vulnerability,CVE-2024-13352,vulnerability--26684897-ce80-4d49-bca8-629c236e2e0d
+vulnerability,CVE-2024-9661,vulnerability--701ea93a-27ea-4538-b32e-321ca64fa2e0
+vulnerability,CVE-2024-9664,vulnerability--50651d6e-4fe6-4572-a90b-01bf06836712
+vulnerability,CVE-2024-7419,vulnerability--e0739796-3b5e-446d-bc51-82bb58c0b7ca
+vulnerability,CVE-2024-7425,vulnerability--30c5dffe-bc0c-46de-9221-dac088ab94d8
+vulnerability,CVE-2024-55630,vulnerability--cb2efbed-9dfd-45d7-af72-baffe4e3940c
+vulnerability,CVE-2024-55272,vulnerability--945d8e66-ea54-4aa6-afa0-4edc2263ea09
+vulnerability,CVE-2024-55213,vulnerability--0a82985b-8327-42a7-82f1-327833e35c9c
+vulnerability,CVE-2024-55215,vulnerability--713a2ca3-b715-4002-9b69-4f7fe596f96a
+vulnerability,CVE-2024-55214,vulnerability--3259af1e-1347-477c-9a4d-4fff4e284dec
+vulnerability,CVE-2024-48091,vulnerability--af315a22-4e61-41e9-bd98-0abbe4b9d374
+vulnerability,CVE-2022-26388,vulnerability--7fe6aad3-4efa-4777-b380-5dfb9fc67332
+vulnerability,CVE-2022-26389,vulnerability--35e30678-c8ff-4734-a6f6-3cc3c49ecade
+vulnerability,CVE-2025-1103,vulnerability--b8207abc-bf4c-4b40-95d8-ccf6669614f4
+vulnerability,CVE-2025-1072,vulnerability--4809059b-62e0-4836-90c3-575f91629d9d
+vulnerability,CVE-2025-1106,vulnerability--5025437a-80ad-47e1-8ea2-76ac4e097dbb
+vulnerability,CVE-2025-1114,vulnerability--1e97f392-2587-48c2-8446-a421826ab7d9
+vulnerability,CVE-2025-1077,vulnerability--9822e657-fbd2-4a52-aa74-112041eb2f85
+vulnerability,CVE-2025-1104,vulnerability--a2b3d9dd-0d26-46ba-a318-ab7f06aa93e7
+vulnerability,CVE-2025-1107,vulnerability--1f68a6af-daa1-49ed-a9f8-5814a7b6b895
+vulnerability,CVE-2025-1086,vulnerability--8fe83e48-cfd7-4174-97bf-0455602d6a1d
+vulnerability,CVE-2025-1105,vulnerability--4cbb1b91-2a9a-442b-9d8e-54547e18fb95
+vulnerability,CVE-2025-1108,vulnerability--545e5674-44c4-47ca-832f-921ddf4c42ec
+vulnerability,CVE-2025-1061,vulnerability--1e199a88-6be3-4705-8428-c6b481726617
+vulnerability,CVE-2025-1113,vulnerability--b6e8f8f1-f57f-4669-bdfa-0f3c4eb1d49d
+vulnerability,CVE-2025-1085,vulnerability--e987ea56-2dd7-44ed-988f-5b73ddc4f416
+vulnerability,CVE-2025-22402,vulnerability--085c93e7-e84a-4b8d-835c-2d4d0c554ffb
+vulnerability,CVE-2025-22880,vulnerability--89eaa675-b56c-4af4-b3ba-74e4bd22b618
+vulnerability,CVE-2025-23085,vulnerability--4121cc68-b61e-40a8-a874-18e1179441e0
+vulnerability,CVE-2025-25104,vulnerability--18e487b7-b16d-47b0-bb4e-8be610b265a2
+vulnerability,CVE-2025-25074,vulnerability--9d54904f-01df-44ca-af16-ddea6f4c41fb
+vulnerability,CVE-2025-25095,vulnerability--beeadec1-6eab-4a14-b57e-43020092a888
+vulnerability,CVE-2025-25075,vulnerability--97710d54-e684-4f5a-82be-a041d5311a9e
+vulnerability,CVE-2025-25183,vulnerability--3cd0d513-426a-4656-9210-11e6f3672c83
+vulnerability,CVE-2025-25085,vulnerability--cf34b41a-6ffc-42e5-8caf-6abc0a07c1c9
+vulnerability,CVE-2025-25076,vulnerability--bf1402a6-da8f-44b9-8f2d-b4083c440e5c
+vulnerability,CVE-2025-25072,vulnerability--cdbf3bbb-01be-4f08-bca2-1956c6f90b74
+vulnerability,CVE-2025-25143,vulnerability--02f363cd-a397-4bdd-a185-6ac0229bac5d
+vulnerability,CVE-2025-25151,vulnerability--0e750aea-95a1-4202-bc63-f4f64c54b6cc
+vulnerability,CVE-2025-25136,vulnerability--3b6b96d6-3c1d-4e21-ace9-837b79ad7260
+vulnerability,CVE-2025-25080,vulnerability--c027969d-f161-47ac-b41f-678dee518acf
+vulnerability,CVE-2025-25120,vulnerability--596ab3ce-81c2-448e-942b-f73114d6a8cf
+vulnerability,CVE-2025-25144,vulnerability--9deb46b4-7b9a-4530-9ee5-9ac0e17b9bcd
+vulnerability,CVE-2025-25094,vulnerability--70c19318-1b6b-4ae0-86fd-ec76239c1650
+vulnerability,CVE-2025-25125,vulnerability--aa92654e-0695-4d2f-89e9-443ed4bc5540
+vulnerability,CVE-2025-25069,vulnerability--13ee690c-1c6e-465b-b189-b900768efb37
+vulnerability,CVE-2025-25139,vulnerability--df0036d7-eb8e-496b-a90d-b5064e46e92b
+vulnerability,CVE-2025-25145,vulnerability--7dead7ba-23e1-4a4e-8985-bc5eebd10cad
+vulnerability,CVE-2025-25105,vulnerability--25548f51-7f58-4402-bc5e-dc5fead370a0
+vulnerability,CVE-2025-25082,vulnerability--8607d100-834f-46d2-8237-efa30bd8718d
+vulnerability,CVE-2025-25187,vulnerability--8ac3b602-8aeb-4ebf-9523-ae20dbf855de
+vulnerability,CVE-2025-25081,vulnerability--a8c43228-8e1a-48d3-9426-d1d3ffa4aaee
+vulnerability,CVE-2025-25140,vulnerability--1b13a5eb-125f-42c5-a7f2-97f22c12694c
+vulnerability,CVE-2025-25148,vulnerability--d41b5542-0849-42b5-8720-114a23d6cf93
+vulnerability,CVE-2025-25126,vulnerability--0098b859-3599-490d-97f4-adbb45eaca0b
+vulnerability,CVE-2025-25079,vulnerability--61777f73-a6b5-422d-bb70-9dee49e5025a
+vulnerability,CVE-2025-25166,vulnerability--5ddb9bf3-9fee-4741-a2ad-9423bdcb48c1
+vulnerability,CVE-2025-25111,vulnerability--28381931-6181-4e95-9ed4-3510be922ed1
+vulnerability,CVE-2025-25103,vulnerability--71ae323e-b946-438d-9e79-157fd8a508d5
+vulnerability,CVE-2025-25091,vulnerability--e1c6b038-c72a-4972-bb58-b934ec3e12cf
+vulnerability,CVE-2025-25160,vulnerability--626217be-45c7-4468-adfa-a6bd253df412
+vulnerability,CVE-2025-25117,vulnerability--b180a3f4-4ed7-4b51-b37b-88c252a940a9
+vulnerability,CVE-2025-25071,vulnerability--9b68ce1d-e6cc-4fad-9b11-de120592efc8
+vulnerability,CVE-2025-25154,vulnerability--bb446810-79e8-4a7f-b646-a1932a98f464
+vulnerability,CVE-2025-25167,vulnerability--7a9b685b-1cbd-4509-9f52-164c36e3aa4d
+vulnerability,CVE-2025-25159,vulnerability--1f86ef0f-dc4e-4c62-bed8-f15b4868d44c
+vulnerability,CVE-2025-25147,vulnerability--eb98d0fc-6c76-4fa1-bc85-6b371bec6634
+vulnerability,CVE-2025-25135,vulnerability--94ff7836-c079-4864-8310-222575b1a9e9
+vulnerability,CVE-2025-25163,vulnerability--01bf6080-3764-4037-bd7f-354ac367b67c
+vulnerability,CVE-2025-25149,vulnerability--fe0a505a-4963-470f-9d8b-9f38cef746a7
+vulnerability,CVE-2025-25077,vulnerability--f93c59bf-af90-4904-b972-a3746d176e2b
+vulnerability,CVE-2025-25078,vulnerability--29b19847-1353-434b-9b83-e73f0bc9efcd
+vulnerability,CVE-2025-25110,vulnerability--6b74d131-e9f5-43df-bdca-606b1a7e764e
+vulnerability,CVE-2025-25096,vulnerability--4d7f97ce-b1a8-4ef2-9a2f-fc3200971210
+vulnerability,CVE-2025-25123,vulnerability--658ce61e-836b-4477-95f5-81bb032ef95f
+vulnerability,CVE-2025-25141,vulnerability--2b59dea6-55f0-4545-8b95-88652c09831a
+vulnerability,CVE-2025-25101,vulnerability--d2f851c6-0ab8-4ac5-80c7-33bfb3cd832c
+vulnerability,CVE-2025-25098,vulnerability--c7a6d6ef-6d3a-4659-be10-fb34a2c1764c
+vulnerability,CVE-2025-25153,vulnerability--0633dc0e-6bf7-4c92-bd66-7b26c3c8b2f2
+vulnerability,CVE-2025-25097,vulnerability--c74d49e6-1bc5-47a3-874d-97f8a2b60668
+vulnerability,CVE-2025-25088,vulnerability--c0319fee-557d-4fd8-bd1f-4ecf71943aa7
+vulnerability,CVE-2025-25152,vulnerability--4a6ec775-d1c6-41cf-b299-db5c253d22a3
+vulnerability,CVE-2025-25156,vulnerability--159d8bfd-381c-4c21-b27e-69bace1062c9
+vulnerability,CVE-2025-25168,vulnerability--654c1295-8eb2-462b-9992-dd026ee87b76
+vulnerability,CVE-2025-25106,vulnerability--e4bf5847-8026-4f8f-a454-07545eef3bd2
+vulnerability,CVE-2025-25093,vulnerability--777d2c4f-aa57-4ae8-8be5-b490f2d2ebfd
+vulnerability,CVE-2025-25116,vulnerability--528ba780-8be1-4ac9-83cf-d6d32db5f8ce
+vulnerability,CVE-2025-25107,vulnerability--5f2e5540-3cb4-4828-b143-cdf3ac249871
+vulnerability,CVE-2025-25146,vulnerability--6e2ab6c3-7a3b-4c54-9de9-4130a3923d06
+vulnerability,CVE-2025-25073,vulnerability--ba3b11b7-7b5d-4b07-92f7-5b13a58bff8b
+vulnerability,CVE-2025-25138,vulnerability--6dbd6243-ef5c-4831-88c1-8a71b780722c
+vulnerability,CVE-2025-25128,vulnerability--7a5dc316-7988-463e-aea1-43720bd33066
+vulnerability,CVE-2025-25155,vulnerability--06b3bbaf-f735-4797-aa96-9a7747457101
+vulnerability,CVE-2025-24366,vulnerability--7f8e48af-8727-4bc6-ac24-70731d667c2e
+vulnerability,CVE-2025-24980,vulnerability--080f3c87-ce92-4a3f-873c-f6d14d75cb27
+vulnerability,CVE-2025-24028,vulnerability--44543cbe-dc63-46f3-8bf4-58b375718681
+vulnerability,CVE-2025-0304,vulnerability--06f5befb-788d-4386-a961-eb2770ac0e45
+vulnerability,CVE-2025-0302,vulnerability--2e93952a-ba46-4408-9e8d-289def3a5b13
+vulnerability,CVE-2025-0303,vulnerability--2f14db10-e8e5-42a1-ba87-9510ac424135
+vulnerability,CVE-2021-27017,vulnerability--1e97c3ce-4af4-4081-baac-b0b9bc66e803
+vulnerability,CVE-2021-41527,vulnerability--1a39f557-a073-4b28-8791-9b02483eb6a9
+vulnerability,CVE-2021-41528,vulnerability--9f3563ac-84a9-43e0-99d5-ad264af5aa0f
diff --git a/objects/vulnerability/vulnerability--0098b859-3599-490d-97f4-adbb45eaca0b.json b/objects/vulnerability/vulnerability--0098b859-3599-490d-97f4-adbb45eaca0b.json
new file mode 100644
index 00000000000..647b2981fa2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0098b859-3599-490d-97f4-adbb45eaca0b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bad35ca7-237e-4169-85cc-26d16711fa03",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0098b859-3599-490d-97f4-adbb45eaca0b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.147791Z",
+ "modified": "2025-02-08T00:36:04.147791Z",
+ "name": "CVE-2025-25126",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO allows Stored XSS. This issue affects ZMSEO: from n/a through 1.14.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25126"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--01bf6080-3764-4037-bd7f-354ac367b67c.json b/objects/vulnerability/vulnerability--01bf6080-3764-4037-bd7f-354ac367b67c.json
new file mode 100644
index 00000000000..e563eb87ffe
--- /dev/null
+++ b/objects/vulnerability/vulnerability--01bf6080-3764-4037-bd7f-354ac367b67c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b1768fae-4a4b-46f3-832d-9194ab6bfc7f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--01bf6080-3764-4037-bd7f-354ac367b67c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.170631Z",
+ "modified": "2025-02-08T00:36:04.170631Z",
+ "name": "CVE-2025-25163",
+ "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25163"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--02f363cd-a397-4bdd-a185-6ac0229bac5d.json b/objects/vulnerability/vulnerability--02f363cd-a397-4bdd-a185-6ac0229bac5d.json
new file mode 100644
index 00000000000..36e3c6fdb16
--- /dev/null
+++ b/objects/vulnerability/vulnerability--02f363cd-a397-4bdd-a185-6ac0229bac5d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b0077a1b-2b4d-418d-8d31-d536166db049",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--02f363cd-a397-4bdd-a185-6ac0229bac5d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.109287Z",
+ "modified": "2025-02-08T00:36:04.109287Z",
+ "name": "CVE-2025-25143",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran allows Cross Site Request Forgery. This issue affects GlobalQuran: from n/a through 1.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25143"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0633dc0e-6bf7-4c92-bd66-7b26c3c8b2f2.json b/objects/vulnerability/vulnerability--0633dc0e-6bf7-4c92-bd66-7b26c3c8b2f2.json
new file mode 100644
index 00000000000..a0efd017080
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0633dc0e-6bf7-4c92-bd66-7b26c3c8b2f2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4da416dd-9a6e-4a69-95d4-db0cc64d7a6c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0633dc0e-6bf7-4c92-bd66-7b26c3c8b2f2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.184369Z",
+ "modified": "2025-02-08T00:36:04.184369Z",
+ "name": "CVE-2025-25153",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag allows Stored XSS. This issue affects Simple Auto Tag: from n/a through 1.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25153"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--064c74a0-3860-42a3-95fe-2f61fd90e7fa.json b/objects/vulnerability/vulnerability--064c74a0-3860-42a3-95fe-2f61fd90e7fa.json
new file mode 100644
index 00000000000..07718d7b754
--- /dev/null
+++ b/objects/vulnerability/vulnerability--064c74a0-3860-42a3-95fe-2f61fd90e7fa.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2c8ca32b-5900-43b1-92d8-aac297e11231",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--064c74a0-3860-42a3-95fe-2f61fd90e7fa",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:54.008807Z",
+ "modified": "2025-02-08T00:35:54.008807Z",
+ "name": "CVE-2024-52883",
+ "description": "An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52883"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--06b3bbaf-f735-4797-aa96-9a7747457101.json b/objects/vulnerability/vulnerability--06b3bbaf-f735-4797-aa96-9a7747457101.json
new file mode 100644
index 00000000000..c5a96ae5e40
--- /dev/null
+++ b/objects/vulnerability/vulnerability--06b3bbaf-f735-4797-aa96-9a7747457101.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7fd8025d-65be-406d-b8fe-387946bc39fd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--06b3bbaf-f735-4797-aa96-9a7747457101",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.203216Z",
+ "modified": "2025-02-08T00:36:04.203216Z",
+ "name": "CVE-2025-25155",
+ "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in efreja Music Sheet Viewer allows Path Traversal. This issue affects Music Sheet Viewer: from n/a through 4.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25155"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--06f5befb-788d-4386-a961-eb2770ac0e45.json b/objects/vulnerability/vulnerability--06f5befb-788d-4386-a961-eb2770ac0e45.json
new file mode 100644
index 00000000000..ca175c90600
--- /dev/null
+++ b/objects/vulnerability/vulnerability--06f5befb-788d-4386-a961-eb2770ac0e45.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a6be6407-951b-4013-99e0-11f309ceef8f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--06f5befb-788d-4386-a961-eb2770ac0e45",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.265284Z",
+ "modified": "2025-02-08T00:36:04.265284Z",
+ "name": "CVE-2025-0304",
+ "description": "in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-0304"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--080f3c87-ce92-4a3f-873c-f6d14d75cb27.json b/objects/vulnerability/vulnerability--080f3c87-ce92-4a3f-873c-f6d14d75cb27.json
new file mode 100644
index 00000000000..a9e28a54dd9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--080f3c87-ce92-4a3f-873c-f6d14d75cb27.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--04a9ab7d-eccc-467a-9cea-ff75d3b22ef4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--080f3c87-ce92-4a3f-873c-f6d14d75cb27",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.215383Z",
+ "modified": "2025-02-08T00:36:04.215383Z",
+ "name": "CVE-2025-24980",
+ "description": "pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via \"Forgot password\" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-24980"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--085c93e7-e84a-4b8d-835c-2d4d0c554ffb.json b/objects/vulnerability/vulnerability--085c93e7-e84a-4b8d-835c-2d4d0c554ffb.json
new file mode 100644
index 00000000000..71f1766a9a9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--085c93e7-e84a-4b8d-835c-2d4d0c554ffb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--18222e35-ce02-4fc3-9891-3f83947f5aa8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--085c93e7-e84a-4b8d-835c-2d4d0c554ffb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.002386Z",
+ "modified": "2025-02-08T00:36:04.002386Z",
+ "name": "CVE-2025-22402",
+ "description": "Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-22402"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0a82985b-8327-42a7-82f1-327833e35c9c.json b/objects/vulnerability/vulnerability--0a82985b-8327-42a7-82f1-327833e35c9c.json
new file mode 100644
index 00000000000..d45f7d22a7d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0a82985b-8327-42a7-82f1-327833e35c9c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0bd7718e-8079-48ee-97e0-3b9eaf865202",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0a82985b-8327-42a7-82f1-327833e35c9c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:55.004697Z",
+ "modified": "2025-02-08T00:35:55.004697Z",
+ "name": "CVE-2024-55213",
+ "description": "Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-55213"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--0e750aea-95a1-4202-bc63-f4f64c54b6cc.json b/objects/vulnerability/vulnerability--0e750aea-95a1-4202-bc63-f4f64c54b6cc.json
new file mode 100644
index 00000000000..8f110238e28
--- /dev/null
+++ b/objects/vulnerability/vulnerability--0e750aea-95a1-4202-bc63-f4f64c54b6cc.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--34bf6398-985f-4072-8077-58912ef6341f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--0e750aea-95a1-4202-bc63-f4f64c54b6cc",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.111563Z",
+ "modified": "2025-02-08T00:36:04.111563Z",
+ "name": "CVE-2025-25151",
+ "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes uListing allows SQL Injection. This issue affects uListing: from n/a through 2.1.6.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25151"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1053604a-1610-49cb-b56d-43c4a1e82de7.json b/objects/vulnerability/vulnerability--1053604a-1610-49cb-b56d-43c4a1e82de7.json
new file mode 100644
index 00000000000..ee4f59375a8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1053604a-1610-49cb-b56d-43c4a1e82de7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4149532e-42da-4cf9-983a-e962675b0b46",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1053604a-1610-49cb-b56d-43c4a1e82de7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:53.789757Z",
+ "modified": "2025-02-08T00:35:53.789757Z",
+ "name": "CVE-2024-57278",
+ "description": "A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript payloads. When a victim accesses a crafted URL containing the malicious input, the script executes in the victim's browser context.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-57278"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--13ee690c-1c6e-465b-b189-b900768efb37.json b/objects/vulnerability/vulnerability--13ee690c-1c6e-465b-b189-b900768efb37.json
new file mode 100644
index 00000000000..47a9e5eb70b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--13ee690c-1c6e-465b-b189-b900768efb37.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0723589f-d14a-47f5-82b7-5e1435748a65",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--13ee690c-1c6e-465b-b189-b900768efb37",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.131022Z",
+ "modified": "2025-02-08T00:36:04.131022Z",
+ "name": "CVE-2025-25069",
+ "description": "A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks.\n\nSince Kvrocks didn't detect if \"Host:\" or \"POST\" appears in RESP requests,\na valid HTTP request can also be sent to Kvrocks as a valid RESP request \nand trigger some database operations, which can be dangerous when \nit is chained with SSRF.\n\nIt is similiar to CVE-2016-10517 in Redis.\n\nThis issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0.\n\nUsers are recommended to upgrade to version 2.11.1, which fixes the issue.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25069"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--14f78fe7-1b15-47f8-a445-e8a3f9e21fc8.json b/objects/vulnerability/vulnerability--14f78fe7-1b15-47f8-a445-e8a3f9e21fc8.json
new file mode 100644
index 00000000000..3e1581d8df4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--14f78fe7-1b15-47f8-a445-e8a3f9e21fc8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1b80e0ac-e714-4ebf-906f-4b1f03c38611",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--14f78fe7-1b15-47f8-a445-e8a3f9e21fc8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:53.753761Z",
+ "modified": "2025-02-08T00:35:53.753761Z",
+ "name": "CVE-2024-57248",
+ "description": "Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass access controls, and upload malicious files.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-57248"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--159d8bfd-381c-4c21-b27e-69bace1062c9.json b/objects/vulnerability/vulnerability--159d8bfd-381c-4c21-b27e-69bace1062c9.json
new file mode 100644
index 00000000000..486108622cf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--159d8bfd-381c-4c21-b27e-69bace1062c9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5d680dda-3e42-4bab-af1f-c77c85e9f852",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--159d8bfd-381c-4c21-b27e-69bace1062c9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.190622Z",
+ "modified": "2025-02-08T00:36:04.190622Z",
+ "name": "CVE-2025-25156",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments allows Stored XSS. This issue affects Quote Comments: from n/a through 2.2.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25156"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--18e487b7-b16d-47b0-bb4e-8be610b265a2.json b/objects/vulnerability/vulnerability--18e487b7-b16d-47b0-bb4e-8be610b265a2.json
new file mode 100644
index 00000000000..2b4ebf1b1bd
--- /dev/null
+++ b/objects/vulnerability/vulnerability--18e487b7-b16d-47b0-bb4e-8be610b265a2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--278a827f-82a1-47aa-80c6-fbe451112c83",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--18e487b7-b16d-47b0-bb4e-8be610b265a2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.096778Z",
+ "modified": "2025-02-08T00:36:04.096778Z",
+ "name": "CVE-2025-25104",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box allows Cross Site Request Forgery. This issue affects URL-Preview-Box: from n/a through 1.20.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25104"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1a39f557-a073-4b28-8791-9b02483eb6a9.json b/objects/vulnerability/vulnerability--1a39f557-a073-4b28-8791-9b02483eb6a9.json
new file mode 100644
index 00000000000..d83bd7173b2
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1a39f557-a073-4b28-8791-9b02483eb6a9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7b35a296-071b-402e-8ed9-81c1a2437e0e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1a39f557-a073-4b28-8791-9b02483eb6a9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:07.080545Z",
+ "modified": "2025-02-08T00:36:07.080545Z",
+ "name": "CVE-2021-41527",
+ "description": "An error related to the 2-factor authorization (2FA) on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2021-41527"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1b13a5eb-125f-42c5-a7f2-97f22c12694c.json b/objects/vulnerability/vulnerability--1b13a5eb-125f-42c5-a7f2-97f22c12694c.json
new file mode 100644
index 00000000000..95ea3272f12
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1b13a5eb-125f-42c5-a7f2-97f22c12694c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f3e8f20b-7e49-401e-87c1-cccd13a94c51",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1b13a5eb-125f-42c5-a7f2-97f22c12694c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.144032Z",
+ "modified": "2025-02-08T00:36:04.144032Z",
+ "name": "CVE-2025-25140",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25140"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1e199a88-6be3-4705-8428-c6b481726617.json b/objects/vulnerability/vulnerability--1e199a88-6be3-4705-8428-c6b481726617.json
new file mode 100644
index 00000000000..bbc7db44c97
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1e199a88-6be3-4705-8428-c6b481726617.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--252851aa-473b-4661-a7dd-e212b4282610",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1e199a88-6be3-4705-8428-c6b481726617",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.993817Z",
+ "modified": "2025-02-08T00:36:03.993817Z",
+ "name": "CVE-2025-1061",
+ "description": "The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1061"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1e97c3ce-4af4-4081-baac-b0b9bc66e803.json b/objects/vulnerability/vulnerability--1e97c3ce-4af4-4081-baac-b0b9bc66e803.json
new file mode 100644
index 00000000000..b3903469867
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1e97c3ce-4af4-4081-baac-b0b9bc66e803.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--79d2b569-31ff-4982-b902-a52a1f7aa7ed",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1e97c3ce-4af4-4081-baac-b0b9bc66e803",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:06.047242Z",
+ "modified": "2025-02-08T00:36:06.047242Z",
+ "name": "CVE-2021-27017",
+ "description": "Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2021-27017"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1e97f392-2587-48c2-8446-a421826ab7d9.json b/objects/vulnerability/vulnerability--1e97f392-2587-48c2-8446-a421826ab7d9.json
new file mode 100644
index 00000000000..c7eca253137
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1e97f392-2587-48c2-8446-a421826ab7d9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1059578a-ac6c-4f3c-9525-584e9931d78e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1e97f392-2587-48c2-8446-a421826ab7d9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.985411Z",
+ "modified": "2025-02-08T00:36:03.985411Z",
+ "name": "CVE-2025-1114",
+ "description": "A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1114"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1f68a6af-daa1-49ed-a9f8-5814a7b6b895.json b/objects/vulnerability/vulnerability--1f68a6af-daa1-49ed-a9f8-5814a7b6b895.json
new file mode 100644
index 00000000000..32ce6ac2e40
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1f68a6af-daa1-49ed-a9f8-5814a7b6b895.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--adc63a82-0570-4613-b156-f1d1c1165f55",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1f68a6af-daa1-49ed-a9f8-5814a7b6b895",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.988888Z",
+ "modified": "2025-02-08T00:36:03.988888Z",
+ "name": "CVE-2025-1107",
+ "description": "Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1107"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--1f86ef0f-dc4e-4c62-bed8-f15b4868d44c.json b/objects/vulnerability/vulnerability--1f86ef0f-dc4e-4c62-bed8-f15b4868d44c.json
new file mode 100644
index 00000000000..471e6f9e911
--- /dev/null
+++ b/objects/vulnerability/vulnerability--1f86ef0f-dc4e-4c62-bed8-f15b4868d44c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5261ce68-e031-4cc3-b35b-c22500422e22",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--1f86ef0f-dc4e-4c62-bed8-f15b4868d44c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.164643Z",
+ "modified": "2025-02-08T00:36:04.164643Z",
+ "name": "CVE-2025-25159",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robert_kolatzek WP doodlez allows Stored XSS. This issue affects WP doodlez: from n/a through 1.0.10.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25159"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--25503653-286c-4efb-8c7d-4a0c17f33cee.json b/objects/vulnerability/vulnerability--25503653-286c-4efb-8c7d-4a0c17f33cee.json
new file mode 100644
index 00000000000..1665317ceca
--- /dev/null
+++ b/objects/vulnerability/vulnerability--25503653-286c-4efb-8c7d-4a0c17f33cee.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3670521d-09a0-4c82-b92f-9859870fabbe",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--25503653-286c-4efb-8c7d-4a0c17f33cee",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:54.136433Z",
+ "modified": "2025-02-08T00:35:54.136433Z",
+ "name": "CVE-2024-13841",
+ "description": "The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-13841"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--25548f51-7f58-4402-bc5e-dc5fead370a0.json b/objects/vulnerability/vulnerability--25548f51-7f58-4402-bc5e-dc5fead370a0.json
new file mode 100644
index 00000000000..e441cd29e1f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--25548f51-7f58-4402-bc5e-dc5fead370a0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ea6ef148-3244-46a2-931b-5a85bfa4fe67",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--25548f51-7f58-4402-bc5e-dc5fead370a0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.13581Z",
+ "modified": "2025-02-08T00:36:04.13581Z",
+ "name": "CVE-2025-25105",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in coffeestudios Pop Up allows Stored XSS. This issue affects Pop Up: from n/a through 0.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25105"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--26684897-ce80-4d49-bca8-629c236e2e0d.json b/objects/vulnerability/vulnerability--26684897-ce80-4d49-bca8-629c236e2e0d.json
new file mode 100644
index 00000000000..76739132b03
--- /dev/null
+++ b/objects/vulnerability/vulnerability--26684897-ce80-4d49-bca8-629c236e2e0d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b25654e1-c4f2-4d00-8bbc-d63e494bae5e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--26684897-ce80-4d49-bca8-629c236e2e0d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:54.1736Z",
+ "modified": "2025-02-08T00:35:54.1736Z",
+ "name": "CVE-2024-13352",
+ "description": "The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-13352"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--28381931-6181-4e95-9ed4-3510be922ed1.json b/objects/vulnerability/vulnerability--28381931-6181-4e95-9ed4-3510be922ed1.json
new file mode 100644
index 00000000000..46ffeccd51c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--28381931-6181-4e95-9ed4-3510be922ed1.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--db6ebe5e-0a67-4a8b-9359-9e68c7f1f88a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--28381931-6181-4e95-9ed4-3510be922ed1",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.151267Z",
+ "modified": "2025-02-08T00:36:04.151267Z",
+ "name": "CVE-2025-25111",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross Site Request Forgery. This issue affects WP Spell Check: from n/a through 9.21.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25111"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--29b19847-1353-434b-9b83-e73f0bc9efcd.json b/objects/vulnerability/vulnerability--29b19847-1353-434b-9b83-e73f0bc9efcd.json
new file mode 100644
index 00000000000..ee9b249d39f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--29b19847-1353-434b-9b83-e73f0bc9efcd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dda60aeb-2a7c-445d-990d-01f84ab0a94f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--29b19847-1353-434b-9b83-e73f0bc9efcd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.17578Z",
+ "modified": "2025-02-08T00:36:04.17578Z",
+ "name": "CVE-2025-25078",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrew Norcross Google Earth Embed allows Stored XSS. This issue affects Google Earth Embed: from n/a through 1.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25078"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2b59dea6-55f0-4545-8b95-88652c09831a.json b/objects/vulnerability/vulnerability--2b59dea6-55f0-4545-8b95-88652c09831a.json
new file mode 100644
index 00000000000..e0b48f57484
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2b59dea6-55f0-4545-8b95-88652c09831a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--369f7375-44b9-48a2-b462-7b1b966a80fd",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2b59dea6-55f0-4545-8b95-88652c09831a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.181166Z",
+ "modified": "2025-02-08T00:36:04.181166Z",
+ "name": "CVE-2025-25141",
+ "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami Sales Popup allows PHP Local File Inclusion. This issue affects Fami Sales Popup: from n/a through 2.0.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25141"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2e93952a-ba46-4408-9e8d-289def3a5b13.json b/objects/vulnerability/vulnerability--2e93952a-ba46-4408-9e8d-289def3a5b13.json
new file mode 100644
index 00000000000..f8aa58d49c6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2e93952a-ba46-4408-9e8d-289def3a5b13.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--74165459-d14b-4271-b4b2-c697907af2ce",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2e93952a-ba46-4408-9e8d-289def3a5b13",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.275934Z",
+ "modified": "2025-02-08T00:36:04.275934Z",
+ "name": "CVE-2025-0302",
+ "description": "in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-0302"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--2f14db10-e8e5-42a1-ba87-9510ac424135.json b/objects/vulnerability/vulnerability--2f14db10-e8e5-42a1-ba87-9510ac424135.json
new file mode 100644
index 00000000000..9788a6732f8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--2f14db10-e8e5-42a1-ba87-9510ac424135.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--cb3698b9-8727-44d3-8975-16cbb670d381",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--2f14db10-e8e5-42a1-ba87-9510ac424135",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.30128Z",
+ "modified": "2025-02-08T00:36:04.30128Z",
+ "name": "CVE-2025-0303",
+ "description": "in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-0303"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--30c5dffe-bc0c-46de-9221-dac088ab94d8.json b/objects/vulnerability/vulnerability--30c5dffe-bc0c-46de-9221-dac088ab94d8.json
new file mode 100644
index 00000000000..c8ff776e9b8
--- /dev/null
+++ b/objects/vulnerability/vulnerability--30c5dffe-bc0c-46de-9221-dac088ab94d8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--082a1ce3-0429-4589-b0b1-fb80e88240bc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--30c5dffe-bc0c-46de-9221-dac088ab94d8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:54.889169Z",
+ "modified": "2025-02-08T00:35:54.889169Z",
+ "name": "CVE-2024-7425",
+ "description": "The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7425"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3259af1e-1347-477c-9a4d-4fff4e284dec.json b/objects/vulnerability/vulnerability--3259af1e-1347-477c-9a4d-4fff4e284dec.json
new file mode 100644
index 00000000000..38d05c4dc97
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3259af1e-1347-477c-9a4d-4fff4e284dec.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--6bd7a1ea-c19f-49d7-897a-137daa6b96e9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3259af1e-1347-477c-9a4d-4fff4e284dec",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:55.01446Z",
+ "modified": "2025-02-08T00:35:55.01446Z",
+ "name": "CVE-2024-55214",
+ "description": "Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-55214"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--35e30678-c8ff-4734-a6f6-3cc3c49ecade.json b/objects/vulnerability/vulnerability--35e30678-c8ff-4734-a6f6-3cc3c49ecade.json
new file mode 100644
index 00000000000..311f557d853
--- /dev/null
+++ b/objects/vulnerability/vulnerability--35e30678-c8ff-4734-a6f6-3cc3c49ecade.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--32481506-09b7-4989-a31e-bebdc0f8515e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--35e30678-c8ff-4734-a6f6-3cc3c49ecade",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:57.766604Z",
+ "modified": "2025-02-08T00:35:57.766604Z",
+ "name": "CVE-2022-26389",
+ "description": "An improper access control vulnerability may allow privilege escalation.This issue affects: \n\n * ELI 380 Resting Electrocardiograph:\n\nVersions 2.6.0 and prior; \n * ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:\n\nVersions 2.3.1 and prior; \n * ELI 250c/BUR 250c Resting Electrocardiograph: Versions 2.1.2 and prior; \n * ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: \n\nVersions 2.2.0 and prior.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-26389"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3b6b96d6-3c1d-4e21-ace9-837b79ad7260.json b/objects/vulnerability/vulnerability--3b6b96d6-3c1d-4e21-ace9-837b79ad7260.json
new file mode 100644
index 00000000000..9d66ebcb2a5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3b6b96d6-3c1d-4e21-ace9-837b79ad7260.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f3a8130a-d684-4249-b98d-961d08854581",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3b6b96d6-3c1d-4e21-ace9-837b79ad7260",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.112896Z",
+ "modified": "2025-02-08T00:36:04.112896Z",
+ "name": "CVE-2025-25136",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shujahat21 Optimate Ads allows Stored XSS. This issue affects Optimate Ads: from n/a through 1.0.3.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25136"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3cd0d513-426a-4656-9210-11e6f3672c83.json b/objects/vulnerability/vulnerability--3cd0d513-426a-4656-9210-11e6f3672c83.json
new file mode 100644
index 00000000000..a6e04fadd48
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3cd0d513-426a-4656-9210-11e6f3672c83.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--891252ee-b217-4bc9-a249-3c0b0007d32c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3cd0d513-426a-4656-9210-11e6f3672c83",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.1048Z",
+ "modified": "2025-02-08T00:36:04.1048Z",
+ "name": "CVE-2025-25183",
+ "description": "vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25183"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--3e896065-845d-48e8-b6e8-3a986aeee72d.json b/objects/vulnerability/vulnerability--3e896065-845d-48e8-b6e8-3a986aeee72d.json
new file mode 100644
index 00000000000..6b51a70327c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--3e896065-845d-48e8-b6e8-3a986aeee72d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4e2db7e0-3585-4f97-aaeb-149700d282a1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--3e896065-845d-48e8-b6e8-3a986aeee72d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:53.998473Z",
+ "modified": "2025-02-08T00:35:53.998473Z",
+ "name": "CVE-2024-52882",
+ "description": "An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52882"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4003ab90-bfa7-4cad-bbcd-01ab4451e0fd.json b/objects/vulnerability/vulnerability--4003ab90-bfa7-4cad-bbcd-01ab4451e0fd.json
new file mode 100644
index 00000000000..7c41b5f1812
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4003ab90-bfa7-4cad-bbcd-01ab4451e0fd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--55eb3cbe-fa0f-4875-805e-571151dc0f27",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4003ab90-bfa7-4cad-bbcd-01ab4451e0fd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:53.739009Z",
+ "modified": "2025-02-08T00:35:53.739009Z",
+ "name": "CVE-2024-57357",
+ "description": "An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-57357"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4121cc68-b61e-40a8-a874-18e1179441e0.json b/objects/vulnerability/vulnerability--4121cc68-b61e-40a8-a874-18e1179441e0.json
new file mode 100644
index 00000000000..898291ce4d4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4121cc68-b61e-40a8-a874-18e1179441e0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--42cd8a6d-ae43-4412-b52e-f13687e613b8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4121cc68-b61e-40a8-a874-18e1179441e0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.06014Z",
+ "modified": "2025-02-08T00:36:04.06014Z",
+ "name": "CVE-2025-23085",
+ "description": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-23085"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--44543cbe-dc63-46f3-8bf4-58b375718681.json b/objects/vulnerability/vulnerability--44543cbe-dc63-46f3-8bf4-58b375718681.json
new file mode 100644
index 00000000000..d8655ccd0b4
--- /dev/null
+++ b/objects/vulnerability/vulnerability--44543cbe-dc63-46f3-8bf4-58b375718681.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b1a370e4-430d-4b04-bb43-c3f980d80de3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--44543cbe-dc63-46f3-8bf4-58b375718681",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.250879Z",
+ "modified": "2025-02-08T00:36:04.250879Z",
+ "name": "CVE-2025-24028",
+ "description": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handles comments. This affects both the Rich Text Editor and the Markdown viewer. However, unlike the Rich Text Editor, the Markdown viewer is `cross-origin isolated`, which prevents JavaScript from directly accessing functions/variables in the toplevel Joplin `window`. This issue is not present in Joplin 3.1.24 and may have been introduced in `9b50539`. This is an XSS vulnerability that impacts users that open untrusted notes in the Rich Text Editor. This vulnerability has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-24028"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4809059b-62e0-4836-90c3-575f91629d9d.json b/objects/vulnerability/vulnerability--4809059b-62e0-4836-90c3-575f91629d9d.json
new file mode 100644
index 00000000000..38a4b3aff96
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4809059b-62e0-4836-90c3-575f91629d9d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--51f1a3b5-7a03-41d4-8688-39c78efe9ae3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4809059b-62e0-4836-90c3-575f91629d9d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.974327Z",
+ "modified": "2025-02-08T00:36:03.974327Z",
+ "name": "CVE-2025-1072",
+ "description": "A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1072"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4a6ec775-d1c6-41cf-b299-db5c253d22a3.json b/objects/vulnerability/vulnerability--4a6ec775-d1c6-41cf-b299-db5c253d22a3.json
new file mode 100644
index 00000000000..2e8e60ae955
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4a6ec775-d1c6-41cf-b299-db5c253d22a3.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9e9e84a2-ae60-4422-8883-c6c0cdf98484",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4a6ec775-d1c6-41cf-b299-db5c253d22a3",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.189003Z",
+ "modified": "2025-02-08T00:36:04.189003Z",
+ "name": "CVE-2025-25152",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow allows Stored XSS. This issue affects Smart DoFollow: from n/a through 1.0.2.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25152"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4cbb1b91-2a9a-442b-9d8e-54547e18fb95.json b/objects/vulnerability/vulnerability--4cbb1b91-2a9a-442b-9d8e-54547e18fb95.json
new file mode 100644
index 00000000000..9a27fd9fddb
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4cbb1b91-2a9a-442b-9d8e-54547e18fb95.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--46f2672e-8889-4f34-907b-8668c64082cb",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4cbb1b91-2a9a-442b-9d8e-54547e18fb95",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.991687Z",
+ "modified": "2025-02-08T00:36:03.991687Z",
+ "name": "CVE-2025-1105",
+ "description": "A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1105"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--4d7f97ce-b1a8-4ef2-9a2f-fc3200971210.json b/objects/vulnerability/vulnerability--4d7f97ce-b1a8-4ef2-9a2f-fc3200971210.json
new file mode 100644
index 00000000000..2c9740defa5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--4d7f97ce-b1a8-4ef2-9a2f-fc3200971210.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0029e715-e92d-4db9-b22b-111a132e6d8e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--4d7f97ce-b1a8-4ef2-9a2f-fc3200971210",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.178723Z",
+ "modified": "2025-02-08T00:36:04.178723Z",
+ "name": "CVE-2025-25096",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titusbicknell RSS in Page allows Stored XSS. This issue affects RSS in Page: from n/a through 2.9.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25096"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5025437a-80ad-47e1-8ea2-76ac4e097dbb.json b/objects/vulnerability/vulnerability--5025437a-80ad-47e1-8ea2-76ac4e097dbb.json
new file mode 100644
index 00000000000..fda29902d8f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5025437a-80ad-47e1-8ea2-76ac4e097dbb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2e4088d5-60b6-45f3-9f5f-0ba1d92d15ff",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5025437a-80ad-47e1-8ea2-76ac4e097dbb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.984377Z",
+ "modified": "2025-02-08T00:36:03.984377Z",
+ "name": "CVE-2025-1106",
+ "description": "A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1106"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--50651d6e-4fe6-4572-a90b-01bf06836712.json b/objects/vulnerability/vulnerability--50651d6e-4fe6-4572-a90b-01bf06836712.json
new file mode 100644
index 00000000000..519d4b05845
--- /dev/null
+++ b/objects/vulnerability/vulnerability--50651d6e-4fe6-4572-a90b-01bf06836712.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4972c18e-ca6d-4955-bfbf-a591975c950c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--50651d6e-4fe6-4572-a90b-01bf06836712",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:54.569742Z",
+ "modified": "2025-02-08T00:35:54.569742Z",
+ "name": "CVE-2024-9664",
+ "description": "The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9664"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--528ba780-8be1-4ac9-83cf-d6d32db5f8ce.json b/objects/vulnerability/vulnerability--528ba780-8be1-4ac9-83cf-d6d32db5f8ce.json
new file mode 100644
index 00000000000..3c233b24011
--- /dev/null
+++ b/objects/vulnerability/vulnerability--528ba780-8be1-4ac9-83cf-d6d32db5f8ce.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2b2514ea-50e4-4a45-8217-3dc7f5245c9e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--528ba780-8be1-4ac9-83cf-d6d32db5f8ce",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.196095Z",
+ "modified": "2025-02-08T00:36:04.196095Z",
+ "name": "CVE-2025-25116",
+ "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sudipto Link to URL / Post allows Blind SQL Injection. This issue affects Link to URL / Post: from n/a through 1.3.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25116"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--545e5674-44c4-47ca-832f-921ddf4c42ec.json b/objects/vulnerability/vulnerability--545e5674-44c4-47ca-832f-921ddf4c42ec.json
new file mode 100644
index 00000000000..13bc94654ae
--- /dev/null
+++ b/objects/vulnerability/vulnerability--545e5674-44c4-47ca-832f-921ddf4c42ec.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--eac5320f-1961-45f0-8ea3-f7e14c880e25",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--545e5674-44c4-47ca-832f-921ddf4c42ec",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.992866Z",
+ "modified": "2025-02-08T00:36:03.992866Z",
+ "name": "CVE-2025-1108",
+ "description": "Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into the ‘Xml’ parameter on the ‘/public/cgi/Gateway.php’ endpoint.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1108"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--596ab3ce-81c2-448e-942b-f73114d6a8cf.json b/objects/vulnerability/vulnerability--596ab3ce-81c2-448e-942b-f73114d6a8cf.json
new file mode 100644
index 00000000000..acb150470bf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--596ab3ce-81c2-448e-942b-f73114d6a8cf.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--321ca0d1-0722-4981-8f7d-6b9cf32dba92",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--596ab3ce-81c2-448e-942b-f73114d6a8cf",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.124329Z",
+ "modified": "2025-02-08T00:36:04.124329Z",
+ "name": "CVE-2025-25120",
+ "description": "Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25120"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5d9b5137-3edb-4341-b684-7d080e5c9ef6.json b/objects/vulnerability/vulnerability--5d9b5137-3edb-4341-b684-7d080e5c9ef6.json
new file mode 100644
index 00000000000..413878df43c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5d9b5137-3edb-4341-b684-7d080e5c9ef6.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2b77a9db-7a1d-4c58-9584-1092a2930880",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5d9b5137-3edb-4341-b684-7d080e5c9ef6",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:53.795017Z",
+ "modified": "2025-02-08T00:35:53.795017Z",
+ "name": "CVE-2024-57606",
+ "description": "SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-57606"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5ddb9bf3-9fee-4741-a2ad-9423bdcb48c1.json b/objects/vulnerability/vulnerability--5ddb9bf3-9fee-4741-a2ad-9423bdcb48c1.json
new file mode 100644
index 00000000000..e634f808e18
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5ddb9bf3-9fee-4741-a2ad-9423bdcb48c1.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8abb9bd2-a697-4768-a994-a349612bff9d",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5ddb9bf3-9fee-4741-a2ad-9423bdcb48c1",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.149934Z",
+ "modified": "2025-02-08T00:36:04.149934Z",
+ "name": "CVE-2025-25166",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation allows Stored XSS. This issue affects InLocation: from n/a through 1.8.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25166"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--5f2e5540-3cb4-4828-b143-cdf3ac249871.json b/objects/vulnerability/vulnerability--5f2e5540-3cb4-4828-b143-cdf3ac249871.json
new file mode 100644
index 00000000000..a38cfb799e9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--5f2e5540-3cb4-4828-b143-cdf3ac249871.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a31ab891-6a33-4d95-8ded-8a0e1db87161",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--5f2e5540-3cb4-4828-b143-cdf3ac249871",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.197375Z",
+ "modified": "2025-02-08T00:36:04.197375Z",
+ "name": "CVE-2025-25107",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25107"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--61777f73-a6b5-422d-bb70-9dee49e5025a.json b/objects/vulnerability/vulnerability--61777f73-a6b5-422d-bb70-9dee49e5025a.json
new file mode 100644
index 00000000000..d2352d5e137
--- /dev/null
+++ b/objects/vulnerability/vulnerability--61777f73-a6b5-422d-bb70-9dee49e5025a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--dfca7e88-e7bc-4170-bec2-8be37b575475",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--61777f73-a6b5-422d-bb70-9dee49e5025a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.148877Z",
+ "modified": "2025-02-08T00:36:04.148877Z",
+ "name": "CVE-2025-25079",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Select All Text Box allows Stored XSS. This issue affects Simple Select All Text Box: from n/a through 3.2.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25079"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--626217be-45c7-4468-adfa-a6bd253df412.json b/objects/vulnerability/vulnerability--626217be-45c7-4468-adfa-a6bd253df412.json
new file mode 100644
index 00000000000..d3472bb9e59
--- /dev/null
+++ b/objects/vulnerability/vulnerability--626217be-45c7-4468-adfa-a6bd253df412.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--08a8c144-6afa-4baf-ad2f-878327fad856",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--626217be-45c7-4468-adfa-a6bd253df412",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.155957Z",
+ "modified": "2025-02-08T00:36:04.155957Z",
+ "name": "CVE-2025-25160",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25160"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--654c1295-8eb2-462b-9992-dd026ee87b76.json b/objects/vulnerability/vulnerability--654c1295-8eb2-462b-9992-dd026ee87b76.json
new file mode 100644
index 00000000000..c96a3ff45f5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--654c1295-8eb2-462b-9992-dd026ee87b76.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7d0af7f0-48c6-4c80-836a-5e39e25efad6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--654c1295-8eb2-462b-9992-dd026ee87b76",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.191846Z",
+ "modified": "2025-02-08T00:36:04.191846Z",
+ "name": "CVE-2025-25168",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25168"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--658ce61e-836b-4477-95f5-81bb032ef95f.json b/objects/vulnerability/vulnerability--658ce61e-836b-4477-95f5-81bb032ef95f.json
new file mode 100644
index 00000000000..5e64e92cc6c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--658ce61e-836b-4477-95f5-81bb032ef95f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--a9cc8ade-df97-4961-86b2-860d3d96e313",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--658ce61e-836b-4477-95f5-81bb032ef95f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.179785Z",
+ "modified": "2025-02-08T00:36:04.179785Z",
+ "name": "CVE-2025-25123",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts allows Stored XSS. This issue affects Easy Related Posts: from n/a through 2.0.2.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25123"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6610ba14-9cbf-42e5-80e4-c7934f2c3180.json b/objects/vulnerability/vulnerability--6610ba14-9cbf-42e5-80e4-c7934f2c3180.json
new file mode 100644
index 00000000000..899be8f7228
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6610ba14-9cbf-42e5-80e4-c7934f2c3180.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--85a100d2-182c-4e06-a2b7-b8b383c6b519",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6610ba14-9cbf-42e5-80e4-c7934f2c3180",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:54.001423Z",
+ "modified": "2025-02-08T00:35:54.001423Z",
+ "name": "CVE-2024-52884",
+ "description": "An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52884"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--69df44bf-eb5c-4e0a-a49d-1df284782207.json b/objects/vulnerability/vulnerability--69df44bf-eb5c-4e0a-a49d-1df284782207.json
new file mode 100644
index 00000000000..9ab22816d74
--- /dev/null
+++ b/objects/vulnerability/vulnerability--69df44bf-eb5c-4e0a-a49d-1df284782207.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9708d420-720f-4619-a891-9ae956db29c5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--69df44bf-eb5c-4e0a-a49d-1df284782207",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:53.762085Z",
+ "modified": "2025-02-08T00:35:53.762085Z",
+ "name": "CVE-2024-57279",
+ "description": "A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the LDAP User Manager <= ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input, allowing an attacker to inject malicious JavaScript.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-57279"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6b74d131-e9f5-43df-bdca-606b1a7e764e.json b/objects/vulnerability/vulnerability--6b74d131-e9f5-43df-bdca-606b1a7e764e.json
new file mode 100644
index 00000000000..2778a2c8830
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6b74d131-e9f5-43df-bdca-606b1a7e764e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0606a6a3-6c3c-41aa-89d2-36938672f6f3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6b74d131-e9f5-43df-bdca-606b1a7e764e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.177599Z",
+ "modified": "2025-02-08T00:36:04.177599Z",
+ "name": "CVE-2025-25110",
+ "description": "Missing Authorization vulnerability in Metagauss Event Kikfyre allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Kikfyre: from n/a through 2.1.8.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25110"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6dbd6243-ef5c-4831-88c1-8a71b780722c.json b/objects/vulnerability/vulnerability--6dbd6243-ef5c-4831-88c1-8a71b780722c.json
new file mode 100644
index 00000000000..1d83c667b1b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6dbd6243-ef5c-4831-88c1-8a71b780722c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5ceda7fe-b3d8-41b7-9284-cd8a27e3fb64",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6dbd6243-ef5c-4831-88c1-8a71b780722c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.201301Z",
+ "modified": "2025-02-08T00:36:04.201301Z",
+ "name": "CVE-2025-25138",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button allows Stored XSS. This issue affects On Page SEO + Whatsapp Chat Button: from n/a through 2.0.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25138"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--6e2ab6c3-7a3b-4c54-9de9-4130a3923d06.json b/objects/vulnerability/vulnerability--6e2ab6c3-7a3b-4c54-9de9-4130a3923d06.json
new file mode 100644
index 00000000000..ebf2443b483
--- /dev/null
+++ b/objects/vulnerability/vulnerability--6e2ab6c3-7a3b-4c54-9de9-4130a3923d06.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ce94aacb-63b2-4380-82c3-7f4c7eca232b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--6e2ab6c3-7a3b-4c54-9de9-4130a3923d06",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.198289Z",
+ "modified": "2025-02-08T00:36:04.198289Z",
+ "name": "CVE-2025-25146",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals allows Cross Site Request Forgery. This issue affects Songkick Concerts and Festivals: from n/a through 0.9.7.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25146"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--701ea93a-27ea-4538-b32e-321ca64fa2e0.json b/objects/vulnerability/vulnerability--701ea93a-27ea-4538-b32e-321ca64fa2e0.json
new file mode 100644
index 00000000000..89becdf6bd1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--701ea93a-27ea-4538-b32e-321ca64fa2e0.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d227ef11-6d2e-4275-ba83-c8fbbc6eedc4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--701ea93a-27ea-4538-b32e-321ca64fa2e0",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:54.559651Z",
+ "modified": "2025-02-08T00:35:54.559651Z",
+ "name": "CVE-2024-9661",
+ "description": "The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attackers to delete imported content (posts, comments, users, etc.) via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-9661"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--70c19318-1b6b-4ae0-86fd-ec76239c1650.json b/objects/vulnerability/vulnerability--70c19318-1b6b-4ae0-86fd-ec76239c1650.json
new file mode 100644
index 00000000000..c56ada0ffce
--- /dev/null
+++ b/objects/vulnerability/vulnerability--70c19318-1b6b-4ae0-86fd-ec76239c1650.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--5a7b1494-4648-4c3c-b2f5-46ee8aa4aa77",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--70c19318-1b6b-4ae0-86fd-ec76239c1650",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.127404Z",
+ "modified": "2025-02-08T00:36:04.127404Z",
+ "name": "CVE-2025-25094",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amitythemes.com Breaking News Ticker allows Stored XSS. This issue affects Breaking News Ticker: from n/a through 2.4.4.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25094"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--713a2ca3-b715-4002-9b69-4f7fe596f96a.json b/objects/vulnerability/vulnerability--713a2ca3-b715-4002-9b69-4f7fe596f96a.json
new file mode 100644
index 00000000000..d9d08426582
--- /dev/null
+++ b/objects/vulnerability/vulnerability--713a2ca3-b715-4002-9b69-4f7fe596f96a.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1fdc43db-97df-42e6-b33a-9ecd749f4e72",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--713a2ca3-b715-4002-9b69-4f7fe596f96a",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:55.01012Z",
+ "modified": "2025-02-08T00:35:55.01012Z",
+ "name": "CVE-2024-55215",
+ "description": "An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-55215"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--71a0fda2-4077-4a1c-87d5-5e9562fc7c4f.json b/objects/vulnerability/vulnerability--71a0fda2-4077-4a1c-87d5-5e9562fc7c4f.json
new file mode 100644
index 00000000000..2b2f9ed25f1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--71a0fda2-4077-4a1c-87d5-5e9562fc7c4f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--cfe07594-5582-49b4-8b68-fcd0df7506b2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--71a0fda2-4077-4a1c-87d5-5e9562fc7c4f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:54.145549Z",
+ "modified": "2025-02-08T00:35:54.145549Z",
+ "name": "CVE-2024-13492",
+ "description": "The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-13492"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--71ae323e-b946-438d-9e79-157fd8a508d5.json b/objects/vulnerability/vulnerability--71ae323e-b946-438d-9e79-157fd8a508d5.json
new file mode 100644
index 00000000000..b88a1398186
--- /dev/null
+++ b/objects/vulnerability/vulnerability--71ae323e-b946-438d-9e79-157fd8a508d5.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e663f58f-701d-4a44-8d99-f0660fca4718",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--71ae323e-b946-438d-9e79-157fd8a508d5",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.15256Z",
+ "modified": "2025-02-08T00:36:04.15256Z",
+ "name": "CVE-2025-25103",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API allows Cross Site Request Forgery. This issue affects Indeed API: from n/a through 0.5.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25103"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--777d2c4f-aa57-4ae8-8be5-b490f2d2ebfd.json b/objects/vulnerability/vulnerability--777d2c4f-aa57-4ae8-8be5-b490f2d2ebfd.json
new file mode 100644
index 00000000000..bd4ac24de18
--- /dev/null
+++ b/objects/vulnerability/vulnerability--777d2c4f-aa57-4ae8-8be5-b490f2d2ebfd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--77e275a2-fcaf-4360-b3cd-ad603da466d3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--777d2c4f-aa57-4ae8-8be5-b490f2d2ebfd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.194984Z",
+ "modified": "2025-02-08T00:36:04.194984Z",
+ "name": "CVE-2025-25093",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child Themes Helper allows Path Traversal. This issue affects Child Themes Helper: from n/a through 2.2.7.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25093"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7a5dc316-7988-463e-aea1-43720bd33066.json b/objects/vulnerability/vulnerability--7a5dc316-7988-463e-aea1-43720bd33066.json
new file mode 100644
index 00000000000..e916044531e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7a5dc316-7988-463e-aea1-43720bd33066.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1bb0bca2-6a1c-4372-acee-0c866b94b31f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7a5dc316-7988-463e-aea1-43720bd33066",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.202267Z",
+ "modified": "2025-02-08T00:36:04.202267Z",
+ "name": "CVE-2025-25128",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker allows Stored XSS. This issue affects Facilita Form Tracker: from n/a through 1.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25128"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7a9b685b-1cbd-4509-9f52-164c36e3aa4d.json b/objects/vulnerability/vulnerability--7a9b685b-1cbd-4509-9f52-164c36e3aa4d.json
new file mode 100644
index 00000000000..207ffdf9e40
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7a9b685b-1cbd-4509-9f52-164c36e3aa4d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3e9212d0-59dc-403d-bbe1-8e6345d50ac8",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7a9b685b-1cbd-4509-9f52-164c36e3aa4d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.162424Z",
+ "modified": "2025-02-08T00:36:04.162424Z",
+ "name": "CVE-2025-25167",
+ "description": "Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BookPress – For Book Authors: from n/a through 1.2.7.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25167"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7dead7ba-23e1-4a4e-8985-bc5eebd10cad.json b/objects/vulnerability/vulnerability--7dead7ba-23e1-4a4e-8985-bc5eebd10cad.json
new file mode 100644
index 00000000000..b90e3e74f90
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7dead7ba-23e1-4a4e-8985-bc5eebd10cad.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--39032c6e-791e-4169-b1b2-a9b4e190763f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7dead7ba-23e1-4a4e-8985-bc5eebd10cad",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.134613Z",
+ "modified": "2025-02-08T00:36:04.134613Z",
+ "name": "CVE-2025-25145",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25145"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7f8e48af-8727-4bc6-ac24-70731d667c2e.json b/objects/vulnerability/vulnerability--7f8e48af-8727-4bc6-ac24-70731d667c2e.json
new file mode 100644
index 00000000000..02abbe6ee7b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7f8e48af-8727-4bc6-ac24-70731d667c2e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--86626d30-7a58-4216-ac2b-6724ab56ce60",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7f8e48af-8727-4bc6-ac24-70731d667c2e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.207202Z",
+ "modified": "2025-02-08T00:36:04.207202Z",
+ "name": "CVE-2025-24366",
+ "description": "SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends. Due to missing sanitization of the client provided `rsync` command, an authenticated remote user can use some options of the rsync command to read or write files with the permissions of the SFTPGo server process. This issue was fixed in version v2.6.5 by checking the client provided arguments. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-24366"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--7fe6aad3-4efa-4777-b380-5dfb9fc67332.json b/objects/vulnerability/vulnerability--7fe6aad3-4efa-4777-b380-5dfb9fc67332.json
new file mode 100644
index 00000000000..2a1235fb67b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--7fe6aad3-4efa-4777-b380-5dfb9fc67332.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9e26efb0-b593-4a1f-a56d-4c1d025d8798",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--7fe6aad3-4efa-4777-b380-5dfb9fc67332",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:57.716796Z",
+ "modified": "2025-02-08T00:35:57.716796Z",
+ "name": "CVE-2022-26388",
+ "description": "A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph: \n\nVersions 2.6.0 and prior; ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph:\n\nVersions 2.3.1 and prior; ELI 250c/BUR 250c Resting Electrocardiograph:\n\nVersions 2.1.2 and prior; ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph: \n\nVersions 2.2.0 and prior.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2022-26388"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8607d100-834f-46d2-8237-efa30bd8718d.json b/objects/vulnerability/vulnerability--8607d100-834f-46d2-8237-efa30bd8718d.json
new file mode 100644
index 00000000000..154716d884e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8607d100-834f-46d2-8237-efa30bd8718d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--0b774205-6419-4080-9bf9-093ecab90a85",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8607d100-834f-46d2-8237-efa30bd8718d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.137523Z",
+ "modified": "2025-02-08T00:36:04.137523Z",
+ "name": "CVE-2025-25082",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Chirkov FlexIDX Home Search allows Stored XSS. This issue affects FlexIDX Home Search: from n/a through 2.1.2.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25082"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--89eaa675-b56c-4af4-b3ba-74e4bd22b618.json b/objects/vulnerability/vulnerability--89eaa675-b56c-4af4-b3ba-74e4bd22b618.json
new file mode 100644
index 00000000000..ba1592756ca
--- /dev/null
+++ b/objects/vulnerability/vulnerability--89eaa675-b56c-4af4-b3ba-74e4bd22b618.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--bab2399b-1e73-4d4c-8452-425895591620",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--89eaa675-b56c-4af4-b3ba-74e4bd22b618",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.006048Z",
+ "modified": "2025-02-08T00:36:04.006048Z",
+ "name": "CVE-2025-22880",
+ "description": "Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-22880"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8ac3b602-8aeb-4ebf-9523-ae20dbf855de.json b/objects/vulnerability/vulnerability--8ac3b602-8aeb-4ebf-9523-ae20dbf855de.json
new file mode 100644
index 00000000000..88a47f74734
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8ac3b602-8aeb-4ebf-9523-ae20dbf855de.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--514c87c0-6cb1-4dc4-9a9b-8cd5748af97b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8ac3b602-8aeb-4ebf-9523-ae20dbf855de",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.139414Z",
+ "modified": "2025-02-08T00:36:04.139414Z",
+ "name": "CVE-2025-25187",
+ "description": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's `dangerouslySetInnerHTML`, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a restrictive `script-src`. This allows arbitrary JavaScript execution via inline `onclick`/`onload` event handlers in unsanitized HTML. Additionally, Joplin's main window is created with `nodeIntegration` set to `true`, allowing arbitrary JavaScript execution to result in arbitrary code execution. Anyone who 1) receives notes from unknown sources and 2) uses ctrl-p to search is impacted. This issue has been addressed in version 3.1.24 and all users are advised to upgrade. There are no known workarounds for this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25187"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--8fe83e48-cfd7-4174-97bf-0455602d6a1d.json b/objects/vulnerability/vulnerability--8fe83e48-cfd7-4174-97bf-0455602d6a1d.json
new file mode 100644
index 00000000000..4f635365864
--- /dev/null
+++ b/objects/vulnerability/vulnerability--8fe83e48-cfd7-4174-97bf-0455602d6a1d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--d214e7f3-5488-43e3-9fb4-f3892cf4ea03",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--8fe83e48-cfd7-4174-97bf-0455602d6a1d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.989836Z",
+ "modified": "2025-02-08T00:36:03.989836Z",
+ "name": "CVE-2025-1086",
+ "description": "A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1086"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--945d8e66-ea54-4aa6-afa0-4edc2263ea09.json b/objects/vulnerability/vulnerability--945d8e66-ea54-4aa6-afa0-4edc2263ea09.json
new file mode 100644
index 00000000000..c762fdab07f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--945d8e66-ea54-4aa6-afa0-4edc2263ea09.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--776eaff7-90b5-4a4b-96fd-a8258cc1df5f",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--945d8e66-ea54-4aa6-afa0-4edc2263ea09",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:54.986617Z",
+ "modified": "2025-02-08T00:35:54.986617Z",
+ "name": "CVE-2024-55272",
+ "description": "An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-55272"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--94ff7836-c079-4864-8310-222575b1a9e9.json b/objects/vulnerability/vulnerability--94ff7836-c079-4864-8310-222575b1a9e9.json
new file mode 100644
index 00000000000..62072f85ec5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--94ff7836-c079-4864-8310-222575b1a9e9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--89ba97a3-bdb4-410a-aca9-3c353b81f9c1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--94ff7836-c079-4864-8310-222575b1a9e9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.168246Z",
+ "modified": "2025-02-08T00:36:04.168246Z",
+ "name": "CVE-2025-25135",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25135"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--97710d54-e684-4f5a-82be-a041d5311a9e.json b/objects/vulnerability/vulnerability--97710d54-e684-4f5a-82be-a041d5311a9e.json
new file mode 100644
index 00000000000..074133e84be
--- /dev/null
+++ b/objects/vulnerability/vulnerability--97710d54-e684-4f5a-82be-a041d5311a9e.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8df05278-096f-445d-bb5b-3ede49a925c5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--97710d54-e684-4f5a-82be-a041d5311a9e",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.10244Z",
+ "modified": "2025-02-08T00:36:04.10244Z",
+ "name": "CVE-2025-25075",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25075"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9822e657-fbd2-4a52-aa74-112041eb2f85.json b/objects/vulnerability/vulnerability--9822e657-fbd2-4a52-aa74-112041eb2f85.json
new file mode 100644
index 00000000000..bded1e17dcc
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9822e657-fbd2-4a52-aa74-112041eb2f85.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--c0f246c6-3de8-4320-bb26-6ceed1dbe920",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9822e657-fbd2-4a52-aa74-112041eb2f85",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.986534Z",
+ "modified": "2025-02-08T00:36:03.986534Z",
+ "name": "CVE-2025-1077",
+ "description": "A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled.\n\nA remote unauthenticated\n\nattacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account—contrary to the documented installation best practices.\n\n\n\nUpgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1077"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9b68ce1d-e6cc-4fad-9b11-de120592efc8.json b/objects/vulnerability/vulnerability--9b68ce1d-e6cc-4fad-9b11-de120592efc8.json
new file mode 100644
index 00000000000..0c3bb9e4dbf
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9b68ce1d-e6cc-4fad-9b11-de120592efc8.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ef9fdc7a-43e3-4e57-b415-1bd4df9e3ff7",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9b68ce1d-e6cc-4fad-9b11-de120592efc8",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.159337Z",
+ "modified": "2025-02-08T00:36:04.159337Z",
+ "name": "CVE-2025-25071",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25071"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9d54904f-01df-44ca-af16-ddea6f4c41fb.json b/objects/vulnerability/vulnerability--9d54904f-01df-44ca-af16-ddea6f4c41fb.json
new file mode 100644
index 00000000000..5a26f512a2a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9d54904f-01df-44ca-af16-ddea6f4c41fb.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--3facb542-e731-413c-a5a3-0b9f70c0e059",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9d54904f-01df-44ca-af16-ddea6f4c41fb",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.099313Z",
+ "modified": "2025-02-08T00:36:04.099313Z",
+ "name": "CVE-2025-25074",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25074"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9deb46b4-7b9a-4530-9ee5-9ac0e17b9bcd.json b/objects/vulnerability/vulnerability--9deb46b4-7b9a-4530-9ee5-9ac0e17b9bcd.json
new file mode 100644
index 00000000000..592eae66ea5
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9deb46b4-7b9a-4530-9ee5-9ac0e17b9bcd.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--83877829-df1d-4aa1-a01a-3aa817e07f3c",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9deb46b4-7b9a-4530-9ee5-9ac0e17b9bcd",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.125307Z",
+ "modified": "2025-02-08T00:36:04.125307Z",
+ "name": "CVE-2025-25144",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theasys Theasys allows Stored XSS. This issue affects Theasys: from n/a through 1.0.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25144"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--9f3563ac-84a9-43e0-99d5-ad264af5aa0f.json b/objects/vulnerability/vulnerability--9f3563ac-84a9-43e0-99d5-ad264af5aa0f.json
new file mode 100644
index 00000000000..78ae5eb52f6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--9f3563ac-84a9-43e0-99d5-ad264af5aa0f.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--eab6fd37-34c7-44b3-adae-097d04a1f456",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--9f3563ac-84a9-43e0-99d5-ad264af5aa0f",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:07.085525Z",
+ "modified": "2025-02-08T00:36:07.085525Z",
+ "name": "CVE-2021-41528",
+ "description": "An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to access the import / export functionality with low privileges.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2021-41528"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a1fac2ca-6d2e-4ce5-8b25-12c6c3829d64.json b/objects/vulnerability/vulnerability--a1fac2ca-6d2e-4ce5-8b25-12c6c3829d64.json
new file mode 100644
index 00000000000..3c35a29089e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a1fac2ca-6d2e-4ce5-8b25-12c6c3829d64.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--03211cce-87b1-4f4c-aa62-f5bac421c1aa",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a1fac2ca-6d2e-4ce5-8b25-12c6c3829d64",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:53.689774Z",
+ "modified": "2025-02-08T00:35:53.689774Z",
+ "name": "CVE-2024-10383",
+ "description": "An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-10383"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a2b3d9dd-0d26-46ba-a318-ab7f06aa93e7.json b/objects/vulnerability/vulnerability--a2b3d9dd-0d26-46ba-a318-ab7f06aa93e7.json
new file mode 100644
index 00000000000..82fd6e9531f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a2b3d9dd-0d26-46ba-a318-ab7f06aa93e7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--19c2ee96-9da3-48e7-9ed1-2bf236f15339",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a2b3d9dd-0d26-46ba-a318-ab7f06aa93e7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.987512Z",
+ "modified": "2025-02-08T00:36:03.987512Z",
+ "name": "CVE-2025-1104",
+ "description": "A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1104"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--a8c43228-8e1a-48d3-9426-d1d3ffa4aaee.json b/objects/vulnerability/vulnerability--a8c43228-8e1a-48d3-9426-d1d3ffa4aaee.json
new file mode 100644
index 00000000000..7cbb8a841f9
--- /dev/null
+++ b/objects/vulnerability/vulnerability--a8c43228-8e1a-48d3-9426-d1d3ffa4aaee.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--10eedfaa-1016-448e-b29f-a37b4efb7b36",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--a8c43228-8e1a-48d3-9426-d1d3ffa4aaee",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.142293Z",
+ "modified": "2025-02-08T00:36:04.142293Z",
+ "name": "CVE-2025-25081",
+ "description": "Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25081"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--aa74f69d-bddd-4c9a-908f-cdf864e92641.json b/objects/vulnerability/vulnerability--aa74f69d-bddd-4c9a-908f-cdf864e92641.json
new file mode 100644
index 00000000000..b72f46cf90a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--aa74f69d-bddd-4c9a-908f-cdf864e92641.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9b2d5155-4658-40c7-b80f-32fa0b67cf5b",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--aa74f69d-bddd-4c9a-908f-cdf864e92641",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:54.109925Z",
+ "modified": "2025-02-08T00:35:54.109925Z",
+ "name": "CVE-2024-35106",
+ "description": "NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. This vulnerability allows attackers to cause a Denial of Service (DoS) or potentially arbitrary code execution via a crafted POST request.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-35106"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--aa92654e-0695-4d2f-89e9-443ed4bc5540.json b/objects/vulnerability/vulnerability--aa92654e-0695-4d2f-89e9-443ed4bc5540.json
new file mode 100644
index 00000000000..9fc6a32e17c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--aa92654e-0695-4d2f-89e9-443ed4bc5540.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2e7dd2f6-935e-44dd-9cd4-9fb11e353605",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--aa92654e-0695-4d2f-89e9-443ed4bc5540",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.129479Z",
+ "modified": "2025-02-08T00:36:04.129479Z",
+ "name": "CVE-2025-25125",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 2.7.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25125"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--af315a22-4e61-41e9-bd98-0abbe4b9d374.json b/objects/vulnerability/vulnerability--af315a22-4e61-41e9-bd98-0abbe4b9d374.json
new file mode 100644
index 00000000000..2bba65e7d88
--- /dev/null
+++ b/objects/vulnerability/vulnerability--af315a22-4e61-41e9-bd98-0abbe4b9d374.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--4535ff93-d9ff-438e-a242-859e908621d9",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--af315a22-4e61-41e9-bd98-0abbe4b9d374",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:55.023555Z",
+ "modified": "2025-02-08T00:35:55.023555Z",
+ "name": "CVE-2024-48091",
+ "description": "Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-48091"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b180a3f4-4ed7-4b51-b37b-88c252a940a9.json b/objects/vulnerability/vulnerability--b180a3f4-4ed7-4b51-b37b-88c252a940a9.json
new file mode 100644
index 00000000000..71cabc0571f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b180a3f4-4ed7-4b51-b37b-88c252a940a9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--ab983810-2326-439c-b16c-a07495801de0",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b180a3f4-4ed7-4b51-b37b-88c252a940a9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.158213Z",
+ "modified": "2025-02-08T00:36:04.158213Z",
+ "name": "CVE-2025-25117",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Polonski Smart Countdown FX allows Stored XSS. This issue affects Smart Countdown FX: from n/a through 1.5.5.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25117"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b6e8f8f1-f57f-4669-bdfa-0f3c4eb1d49d.json b/objects/vulnerability/vulnerability--b6e8f8f1-f57f-4669-bdfa-0f3c4eb1d49d.json
new file mode 100644
index 00000000000..6e59d69ca6d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b6e8f8f1-f57f-4669-bdfa-0f3c4eb1d49d.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--8e441b56-88bf-4ba3-94b9-be7e22c1b902",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b6e8f8f1-f57f-4669-bdfa-0f3c4eb1d49d",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.994897Z",
+ "modified": "2025-02-08T00:36:03.994897Z",
+ "name": "CVE-2025-1113",
+ "description": "A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1113"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b8207abc-bf4c-4b40-95d8-ccf6669614f4.json b/objects/vulnerability/vulnerability--b8207abc-bf4c-4b40-95d8-ccf6669614f4.json
new file mode 100644
index 00000000000..c9f6250442a
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b8207abc-bf4c-4b40-95d8-ccf6669614f4.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--98c148d2-1fd3-4845-ae9c-b01fd77d45fa",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b8207abc-bf4c-4b40-95d8-ccf6669614f4",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.972884Z",
+ "modified": "2025-02-08T00:36:03.972884Z",
+ "name": "CVE-2025-1103",
+ "description": "A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the argument macList leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1103"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--b93bf857-e23f-4ba5-ad98-594fe30ed96c.json b/objects/vulnerability/vulnerability--b93bf857-e23f-4ba5-ad98-594fe30ed96c.json
new file mode 100644
index 00000000000..47387c5ead7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--b93bf857-e23f-4ba5-ad98-594fe30ed96c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b062a78d-3775-4cb6-9527-70bc0c5da2d3",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--b93bf857-e23f-4ba5-ad98-594fe30ed96c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:53.767653Z",
+ "modified": "2025-02-08T00:35:53.767653Z",
+ "name": "CVE-2024-57707",
+ "description": "An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-57707"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--ba3b11b7-7b5d-4b07-92f7-5b13a58bff8b.json b/objects/vulnerability/vulnerability--ba3b11b7-7b5d-4b07-92f7-5b13a58bff8b.json
new file mode 100644
index 00000000000..408c873d3a0
--- /dev/null
+++ b/objects/vulnerability/vulnerability--ba3b11b7-7b5d-4b07-92f7-5b13a58bff8b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--276af8fc-d4f8-47a0-b6cb-78978a9158ed",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--ba3b11b7-7b5d-4b07-92f7-5b13a58bff8b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.199378Z",
+ "modified": "2025-02-08T00:36:04.199378Z",
+ "name": "CVE-2025-25073",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vasilis Triantafyllou Easy WP Tiles allows Stored XSS. This issue affects Easy WP Tiles: from n/a through 1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25073"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bb446810-79e8-4a7f-b646-a1932a98f464.json b/objects/vulnerability/vulnerability--bb446810-79e8-4a7f-b646-a1932a98f464.json
new file mode 100644
index 00000000000..1fbfe563144
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bb446810-79e8-4a7f-b646-a1932a98f464.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b98eafe5-7fe2-45f2-b64f-f952f5727a26",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bb446810-79e8-4a7f-b646-a1932a98f464",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.161307Z",
+ "modified": "2025-02-08T00:36:04.161307Z",
+ "name": "CVE-2025-25154",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications allows Stored XSS. This issue affects Custom Comment Notifications: from n/a through 1.0.8.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25154"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--beeadec1-6eab-4a14-b57e-43020092a888.json b/objects/vulnerability/vulnerability--beeadec1-6eab-4a14-b57e-43020092a888.json
new file mode 100644
index 00000000000..2fa300d0aa1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--beeadec1-6eab-4a14-b57e-43020092a888.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f2a66df5-7afd-4625-a586-e3383e343b13",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--beeadec1-6eab-4a14-b57e-43020092a888",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.100605Z",
+ "modified": "2025-02-08T00:36:04.100605Z",
+ "name": "CVE-2025-25095",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reverbnationdev ReverbNation Widgets allows Stored XSS. This issue affects ReverbNation Widgets: from n/a through 2.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25095"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--bf1402a6-da8f-44b9-8f2d-b4083c440e5c.json b/objects/vulnerability/vulnerability--bf1402a6-da8f-44b9-8f2d-b4083c440e5c.json
new file mode 100644
index 00000000000..a80ece4233c
--- /dev/null
+++ b/objects/vulnerability/vulnerability--bf1402a6-da8f-44b9-8f2d-b4083c440e5c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--76587672-896a-45d9-98e3-58630a0a1e30",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--bf1402a6-da8f-44b9-8f2d-b4083c440e5c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.106756Z",
+ "modified": "2025-02-08T00:36:04.106756Z",
+ "name": "CVE-2025-25076",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicholaswilson Graceful Email Obfuscation allows Stored XSS. This issue affects Graceful Email Obfuscation: from n/a through 0.2.2.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25076"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c027969d-f161-47ac-b41f-678dee518acf.json b/objects/vulnerability/vulnerability--c027969d-f161-47ac-b41f-678dee518acf.json
new file mode 100644
index 00000000000..a8578550d7f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c027969d-f161-47ac-b41f-678dee518acf.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--003a96b2-f755-43b8-a67f-5901b9d044cc",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c027969d-f161-47ac-b41f-678dee518acf",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.123159Z",
+ "modified": "2025-02-08T00:36:04.123159Z",
+ "name": "CVE-2025-25080",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gubbigubbi Kona Gallery Block allows Stored XSS. This issue affects Kona Gallery Block: from n/a through 1.7.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25080"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c0319fee-557d-4fd8-bd1f-4ecf71943aa7.json b/objects/vulnerability/vulnerability--c0319fee-557d-4fd8-bd1f-4ecf71943aa7.json
new file mode 100644
index 00000000000..696031c6513
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c0319fee-557d-4fd8-bd1f-4ecf71943aa7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--98940472-5147-47f4-ad5f-0adf80810857",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c0319fee-557d-4fd8-bd1f-4ecf71943aa7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.187775Z",
+ "modified": "2025-02-08T00:36:04.187775Z",
+ "name": "CVE-2025-25088",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor allows Stored XSS. This issue affects WP Keyword Monitor: from n/a through 1.0.5.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25088"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c74d49e6-1bc5-47a3-874d-97f8a2b60668.json b/objects/vulnerability/vulnerability--c74d49e6-1bc5-47a3-874d-97f8a2b60668.json
new file mode 100644
index 00000000000..38f1400bc73
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c74d49e6-1bc5-47a3-874d-97f8a2b60668.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1fdea4fc-d3dc-4e3c-a71d-5e89e6af1fa4",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c74d49e6-1bc5-47a3-874d-97f8a2b60668",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.186253Z",
+ "modified": "2025-02-08T00:36:04.186253Z",
+ "name": "CVE-2025-25097",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kwiliarty External Video For Everybody allows Stored XSS. This issue affects External Video For Everybody: from n/a through 2.1.1.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25097"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--c7a6d6ef-6d3a-4659-be10-fb34a2c1764c.json b/objects/vulnerability/vulnerability--c7a6d6ef-6d3a-4659-be10-fb34a2c1764c.json
new file mode 100644
index 00000000000..6f3073e7328
--- /dev/null
+++ b/objects/vulnerability/vulnerability--c7a6d6ef-6d3a-4659-be10-fb34a2c1764c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7d90745d-4cec-45a5-90df-381e0d8e8c66",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--c7a6d6ef-6d3a-4659-be10-fb34a2c1764c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.183447Z",
+ "modified": "2025-02-08T00:36:04.183447Z",
+ "name": "CVE-2025-25098",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Links in Captions allows Stored XSS. This issue affects Links in Captions: from n/a through 1.2.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25098"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--cb2efbed-9dfd-45d7-af72-baffe4e3940c.json b/objects/vulnerability/vulnerability--cb2efbed-9dfd-45d7-af72-baffe4e3940c.json
new file mode 100644
index 00000000000..005a0f2542b
--- /dev/null
+++ b/objects/vulnerability/vulnerability--cb2efbed-9dfd-45d7-af72-baffe4e3940c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--9cdbea37-4669-44b9-80cf-0a988ff2a040",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--cb2efbed-9dfd-45d7-af72-baffe4e3940c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:54.963704Z",
+ "modified": "2025-02-08T00:35:54.963704Z",
+ "name": "CVE-2024-55630",
+ "description": "Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `document` property (e.g. `querySelector`), that property is replaced with the element. This vulnerability's only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has been addressed in version 3.2.8 and all users are advised to upgrade. There are no known workarounds for this vulnerability.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-55630"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--cdbf3bbb-01be-4f08-bca2-1956c6f90b74.json b/objects/vulnerability/vulnerability--cdbf3bbb-01be-4f08-bca2-1956c6f90b74.json
new file mode 100644
index 00000000000..08dae5391a7
--- /dev/null
+++ b/objects/vulnerability/vulnerability--cdbf3bbb-01be-4f08-bca2-1956c6f90b74.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--7b1c431e-052e-4ac4-8968-0199647d8810",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--cdbf3bbb-01be-4f08-bca2-1956c6f90b74",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.107741Z",
+ "modified": "2025-02-08T00:36:04.107741Z",
+ "name": "CVE-2025-25072",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page allows Stored XSS. This issue affects WP Admin Custom Page: from n/a through 1.5.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25072"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--cf34b41a-6ffc-42e5-8caf-6abc0a07c1c9.json b/objects/vulnerability/vulnerability--cf34b41a-6ffc-42e5-8caf-6abc0a07c1c9.json
new file mode 100644
index 00000000000..41167fadc0f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--cf34b41a-6ffc-42e5-8caf-6abc0a07c1c9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--43b6d9cf-5247-4b3f-bb02-027b327a0459",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--cf34b41a-6ffc-42e5-8caf-6abc0a07c1c9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.105807Z",
+ "modified": "2025-02-08T00:36:04.105807Z",
+ "name": "CVE-2025-25085",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matt_mcbrien WP SimpleWeather allows Stored XSS. This issue affects WP SimpleWeather: from n/a through 0.2.5.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25085"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d2f851c6-0ab8-4ac5-80c7-33bfb3cd832c.json b/objects/vulnerability/vulnerability--d2f851c6-0ab8-4ac5-80c7-33bfb3cd832c.json
new file mode 100644
index 00000000000..3a55b8230b6
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d2f851c6-0ab8-4ac5-80c7-33bfb3cd832c.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--b8bb1bd4-d36d-4574-8f5f-9f22996685f6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d2f851c6-0ab8-4ac5-80c7-33bfb3cd832c",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.182385Z",
+ "modified": "2025-02-08T00:36:04.182385Z",
+ "name": "CVE-2025-25101",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25101"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d355dff2-86ab-4e86-96d3-f74fbac984c9.json b/objects/vulnerability/vulnerability--d355dff2-86ab-4e86-96d3-f74fbac984c9.json
new file mode 100644
index 00000000000..98a272a46d3
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d355dff2-86ab-4e86-96d3-f74fbac984c9.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--2f3d3c92-3818-41f2-9ec4-6ead39e6939a",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d355dff2-86ab-4e86-96d3-f74fbac984c9",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:53.972391Z",
+ "modified": "2025-02-08T00:35:53.972391Z",
+ "name": "CVE-2024-52881",
+ "description": "An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-52881"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--d41b5542-0849-42b5-8720-114a23d6cf93.json b/objects/vulnerability/vulnerability--d41b5542-0849-42b5-8720-114a23d6cf93.json
new file mode 100644
index 00000000000..505748bd11e
--- /dev/null
+++ b/objects/vulnerability/vulnerability--d41b5542-0849-42b5-8720-114a23d6cf93.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--324f79cc-272f-4d85-b8b6-f61fe7cfa58e",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--d41b5542-0849-42b5-8720-114a23d6cf93",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.145481Z",
+ "modified": "2025-02-08T00:36:04.145481Z",
+ "name": "CVE-2025-25148",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link allows Stored XSS. This issue affects Read More Copy Link: from n/a through 1.0.2.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25148"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--df0036d7-eb8e-496b-a90d-b5064e46e92b.json b/objects/vulnerability/vulnerability--df0036d7-eb8e-496b-a90d-b5064e46e92b.json
new file mode 100644
index 00000000000..6950ccbdef1
--- /dev/null
+++ b/objects/vulnerability/vulnerability--df0036d7-eb8e-496b-a90d-b5064e46e92b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1da6635a-4bc9-429f-b22a-ec1945975559",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--df0036d7-eb8e-496b-a90d-b5064e46e92b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.1334Z",
+ "modified": "2025-02-08T00:36:04.1334Z",
+ "name": "CVE-2025-25139",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed allows Stored XSS. This issue affects WP Custom Post RSS Feed: from n/a through 1.0.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25139"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e0739796-3b5e-446d-bc51-82bb58c0b7ca.json b/objects/vulnerability/vulnerability--e0739796-3b5e-446d-bc51-82bb58c0b7ca.json
new file mode 100644
index 00000000000..fe1323d0a8d
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e0739796-3b5e-446d-bc51-82bb58c0b7ca.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--e88015e9-6c79-46c1-bfea-20027cb26700",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e0739796-3b5e-446d-bc51-82bb58c0b7ca",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:54.8541Z",
+ "modified": "2025-02-08T00:35:54.8541Z",
+ "name": "CVE-2024-7419",
+ "description": "The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to inject arbitrary PHP code into form fields that get executed on the server during the export, potentially leading to a complete site compromise. \r\nAs a prerequisite, the custom export field should include fields containing user-supplied data.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-7419"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e1c6b038-c72a-4972-bb58-b934ec3e12cf.json b/objects/vulnerability/vulnerability--e1c6b038-c72a-4972-bb58-b934ec3e12cf.json
new file mode 100644
index 00000000000..f7161e17f0f
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e1c6b038-c72a-4972-bb58-b934ec3e12cf.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--673b9f79-79f1-4061-88e1-212fc20e8069",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e1c6b038-c72a-4972-bb58-b934ec3e12cf",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.15406Z",
+ "modified": "2025-02-08T00:36:04.15406Z",
+ "name": "CVE-2025-25091",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zackdesign NextGen Cooliris Gallery allows Stored XSS. This issue affects NextGen Cooliris Gallery: from n/a through 0.7.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25091"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e4bf5847-8026-4f8f-a454-07545eef3bd2.json b/objects/vulnerability/vulnerability--e4bf5847-8026-4f8f-a454-07545eef3bd2.json
new file mode 100644
index 00000000000..3767e508414
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e4bf5847-8026-4f8f-a454-07545eef3bd2.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--1d896fb2-8365-4347-9c7a-f29011b47fe1",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e4bf5847-8026-4f8f-a454-07545eef3bd2",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.19339Z",
+ "modified": "2025-02-08T00:36:04.19339Z",
+ "name": "CVE-2025-25106",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25106"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--e987ea56-2dd7-44ed-988f-5b73ddc4f416.json b/objects/vulnerability/vulnerability--e987ea56-2dd7-44ed-988f-5b73ddc4f416.json
new file mode 100644
index 00000000000..c1059d66910
--- /dev/null
+++ b/objects/vulnerability/vulnerability--e987ea56-2dd7-44ed-988f-5b73ddc4f416.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--eec9bb64-4c0d-48ed-8b70-718f908cb0f6",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--e987ea56-2dd7-44ed-988f-5b73ddc4f416",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:03.995981Z",
+ "modified": "2025-02-08T00:36:03.995981Z",
+ "name": "CVE-2025-1085",
+ "description": "A vulnerability, which was classified as problematic, was found in Animati PACS up to 1.24.12.09.03. This affects an unknown part of the file /login. The manipulation of the argument p leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-1085"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--eb98d0fc-6c76-4fa1-bc85-6b371bec6634.json b/objects/vulnerability/vulnerability--eb98d0fc-6c76-4fa1-bc85-6b371bec6634.json
new file mode 100644
index 00000000000..641379a3549
--- /dev/null
+++ b/objects/vulnerability/vulnerability--eb98d0fc-6c76-4fa1-bc85-6b371bec6634.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--55fb1ad2-5755-42b5-9e42-1d8d41d95899",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--eb98d0fc-6c76-4fa1-bc85-6b371bec6634",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.166817Z",
+ "modified": "2025-02-08T00:36:04.166817Z",
+ "name": "CVE-2025-25147",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO allows Stored XSS. This issue affects Auto SEO: from n/a through 2.5.6.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25147"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f0bb2b75-6a84-4a77-b7a8-92134e785631.json b/objects/vulnerability/vulnerability--f0bb2b75-6a84-4a77-b7a8-92134e785631.json
new file mode 100644
index 00000000000..dc783dfcfda
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f0bb2b75-6a84-4a77-b7a8-92134e785631.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--f9c5f4bf-6d62-4bd0-8fff-2af739e2bda5",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f0bb2b75-6a84-4a77-b7a8-92134e785631",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:35:53.786252Z",
+ "modified": "2025-02-08T00:35:53.786252Z",
+ "name": "CVE-2024-57249",
+ "description": "Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses the authentication process and grants attackers access to sensitive image files without proper login credentials.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2024-57249"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--f93c59bf-af90-4904-b972-a3746d176e2b.json b/objects/vulnerability/vulnerability--f93c59bf-af90-4904-b972-a3746d176e2b.json
new file mode 100644
index 00000000000..1525eaec158
--- /dev/null
+++ b/objects/vulnerability/vulnerability--f93c59bf-af90-4904-b972-a3746d176e2b.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--977155eb-3b25-4af6-aa0c-fcaf368f4185",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--f93c59bf-af90-4904-b972-a3746d176e2b",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.174501Z",
+ "modified": "2025-02-08T00:36:04.174501Z",
+ "name": "CVE-2025-25077",
+ "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n/a through 1.3.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25077"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/objects/vulnerability/vulnerability--fe0a505a-4963-470f-9d8b-9f38cef746a7.json b/objects/vulnerability/vulnerability--fe0a505a-4963-470f-9d8b-9f38cef746a7.json
new file mode 100644
index 00000000000..7220ba25742
--- /dev/null
+++ b/objects/vulnerability/vulnerability--fe0a505a-4963-470f-9d8b-9f38cef746a7.json
@@ -0,0 +1,22 @@
+{
+ "type": "bundle",
+ "id": "bundle--cd572788-51f6-4d2d-8f33-d2508d947be2",
+ "objects": [
+ {
+ "type": "vulnerability",
+ "spec_version": "2.1",
+ "id": "vulnerability--fe0a505a-4963-470f-9d8b-9f38cef746a7",
+ "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a",
+ "created": "2025-02-08T00:36:04.17201Z",
+ "modified": "2025-02-08T00:36:04.17201Z",
+ "name": "CVE-2025-25149",
+ "description": "Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box allows Stored XSS. This issue affects Login-box: from n/a through 2.0.4.",
+ "external_references": [
+ {
+ "source_name": "cve",
+ "external_id": "CVE-2025-25149"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file