From e10bccd52bd54882247802670d72218869de248b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 11 Jan 2025 00:21:25 +0000 Subject: [PATCH] generated content from 2025-01-11 --- mapping.csv | 72 +++++++++++++++++++ ...-001435ec-758b-450b-a16b-03ba9314329b.json | 22 ++++++ ...-03787242-183b-45a6-aec8-687072ab084c.json | 22 ++++++ ...-091d1c97-18a2-497b-9917-40855ce16cfb.json | 22 ++++++ ...-099992de-1380-4f1b-8f79-780f27fcb12f.json | 22 ++++++ ...-0a4f9e6c-c7ee-4338-9ece-2d2a0fb4cfc7.json | 22 ++++++ ...-13e6542d-9e2b-460e-9394-48a7e6092a12.json | 22 ++++++ ...-180c6919-bf21-468d-96e9-f66898b4af3c.json | 22 ++++++ ...-211c92bc-77f3-42a4-9d37-45dd658485fa.json | 22 ++++++ ...-24b2cfdc-361e-4413-8f70-c05cc5cd2c4e.json | 22 ++++++ ...-25fcd9e5-f7df-478b-af5c-e74af2f333ee.json | 22 ++++++ ...-2b2e97dc-a5af-4a37-8c37-3af37bd5786b.json | 22 ++++++ ...-2e3d2d08-2602-48ad-b7fe-88ca5b4a15f3.json | 22 ++++++ ...-321d71be-2374-4a49-9154-1c0a597316ce.json | 22 ++++++ ...-3a16debc-2339-4131-af62-0b0c5d056b07.json | 22 ++++++ ...-3ea81628-beb4-43c2-8c0b-d2e903b75911.json | 22 ++++++ ...-4541d484-ae4d-4ff5-9e3c-b430f3649f7a.json | 22 ++++++ ...-4610342c-1829-4d74-b7ec-7ba1dc4e341f.json | 22 ++++++ ...-4a9e011d-3a39-458a-affa-887e2537544a.json | 22 ++++++ ...-4c2fae7e-fac8-4527-9d6d-198cb63dc104.json | 22 ++++++ ...-4d6b59b0-9230-4399-852f-1642215a6c67.json | 22 ++++++ ...-4ffd9de7-c0cc-40e2-ad51-2e1c2bafd06b.json | 22 ++++++ ...-579042c6-8b5e-465d-b407-ac31a502a065.json | 22 ++++++ ...-58054b0d-c543-4ff1-8de9-5cd2dd882da7.json | 22 ++++++ ...-5a8e4a94-66d4-4b30-a0b6-ccaaa4e3bcb4.json | 22 ++++++ ...-5aeb5816-ddb3-4795-b708-c061468c9a8c.json | 22 ++++++ ...-5e7a7afc-926c-49d8-9a8a-2721edd0b0a6.json | 22 ++++++ ...-608461ed-eb1a-45a9-afea-7e2a4057c2ed.json | 22 ++++++ ...-61b24901-2ffa-479f-9344-0cdadc80fba4.json | 22 ++++++ ...-685024a3-d7b0-4766-b3c4-5fee0b4ecec4.json | 22 ++++++ ...-69d1a517-d243-4f94-87f7-8fae248c2106.json | 22 ++++++ ...-6b1daa1d-622b-4e0f-aa63-3cf5d26dff0e.json | 22 ++++++ ...-6c94c78d-c7ff-4ce8-b3e4-562eab501b4d.json | 22 ++++++ ...-6d6a38f6-d59c-4f03-9118-d1eaa00c9ed3.json | 22 ++++++ ...-7193ba0d-1af5-4eb8-896c-e3611a655112.json | 22 ++++++ ...-78ff9555-ba35-42fb-91fd-90d9854d6c62.json | 22 ++++++ ...-798c78a4-b787-49da-81fa-16bfe4c758d8.json | 22 ++++++ ...-7c5d1297-67fc-4037-b811-b894286e4e0f.json | 22 ++++++ ...-82d64a83-b9ad-4928-ada1-66a13a729e7b.json | 22 ++++++ ...-844558c4-4512-4de0-bfa3-59010ac33b3a.json | 22 ++++++ ...-87b582d4-5009-4ca2-a389-5be69eda6187.json | 22 ++++++ ...-8826d474-0a3d-42ae-8136-99ffe41eaeaa.json | 22 ++++++ ...-8e7709e7-1deb-48e5-b190-110cf706e529.json | 22 ++++++ ...-940c13e5-8c6e-4fec-9253-d28b6c94b7ef.json | 22 ++++++ ...-9afacc13-68e3-4f6c-9ecb-896013e6aa0d.json | 22 ++++++ ...-9e175e7b-ea03-4e7b-8d75-01dc87edbe11.json | 22 ++++++ ...-9f137e86-f113-47f0-92c3-1845b1b70bf4.json | 22 ++++++ ...-ad9ca2a6-a125-4511-b2ef-bb861c02e577.json | 22 ++++++ ...-aed1e255-f777-4ca9-89b5-207646f7cd15.json | 22 ++++++ ...-af8b60f5-dea9-4e96-8ad0-b47eb4217a9c.json | 22 ++++++ ...-b2c603f6-d1f6-455d-b169-3b724368e691.json | 22 ++++++ ...-b715bfd6-5197-4e5c-82c1-6d533cff3944.json | 22 ++++++ ...-ba9e1ef4-3295-4a1d-ba70-d28b1216fcfd.json | 22 ++++++ ...-bde33c42-90e3-4f55-a961-dfeb203b92d3.json | 22 ++++++ ...-c001c3ef-1a30-403f-b4a9-53641e7983d3.json | 22 ++++++ ...-c025691d-43d7-44f5-9dce-0e7d13a8da60.json | 22 ++++++ ...-c16f7cbf-4a00-4010-92af-15292563fc85.json | 22 ++++++ ...-c27c1456-29e1-4c63-b807-caecd93af052.json | 22 ++++++ ...-c6e66fcf-821a-4e34-8c3f-07b442cdaefc.json | 22 ++++++ ...-c803cf23-1a84-4646-955f-a5e583b523c5.json | 22 ++++++ ...-c84f2b31-fc9e-4cda-b51f-1dccb3eba2e9.json | 22 ++++++ ...-c933696a-9e7c-44b1-b81b-9d3bb83a3264.json | 22 ++++++ ...-ccc5fa0e-6813-472c-b17e-ad1b7eefe1f8.json | 22 ++++++ ...-df09034c-44a0-4f12-bd9c-e1acd53d753e.json | 22 ++++++ ...-e17c2855-3f64-496f-8c80-abfdea012b8a.json | 22 ++++++ ...-e181286d-df71-4911-bb25-6424412c29b2.json | 22 ++++++ ...-e4fa3ae1-ddb2-452e-81cb-fe64cdddb564.json | 22 ++++++ ...-e53507e4-ec0c-471c-b430-d8358bb83935.json | 22 ++++++ ...-e65d8928-4ed9-40cb-8e8b-57518ebc300b.json | 22 ++++++ ...-e9d81c4a-4865-4939-b273-3a900eeb7e50.json | 22 ++++++ ...-eacfb119-45c2-49a5-8ff4-f25ce5367157.json | 22 ++++++ ...-f53dfbaf-feb9-4807-a349-50df5b2b738c.json | 22 ++++++ ...-f8bbee80-484a-4ad8-98fc-ebcb8a44c018.json | 22 ++++++ 73 files changed, 1656 insertions(+) create mode 100644 objects/vulnerability/vulnerability--001435ec-758b-450b-a16b-03ba9314329b.json create mode 100644 objects/vulnerability/vulnerability--03787242-183b-45a6-aec8-687072ab084c.json create mode 100644 objects/vulnerability/vulnerability--091d1c97-18a2-497b-9917-40855ce16cfb.json create mode 100644 objects/vulnerability/vulnerability--099992de-1380-4f1b-8f79-780f27fcb12f.json create mode 100644 objects/vulnerability/vulnerability--0a4f9e6c-c7ee-4338-9ece-2d2a0fb4cfc7.json create mode 100644 objects/vulnerability/vulnerability--13e6542d-9e2b-460e-9394-48a7e6092a12.json create mode 100644 objects/vulnerability/vulnerability--180c6919-bf21-468d-96e9-f66898b4af3c.json create mode 100644 objects/vulnerability/vulnerability--211c92bc-77f3-42a4-9d37-45dd658485fa.json create mode 100644 objects/vulnerability/vulnerability--24b2cfdc-361e-4413-8f70-c05cc5cd2c4e.json create mode 100644 objects/vulnerability/vulnerability--25fcd9e5-f7df-478b-af5c-e74af2f333ee.json create mode 100644 objects/vulnerability/vulnerability--2b2e97dc-a5af-4a37-8c37-3af37bd5786b.json create mode 100644 objects/vulnerability/vulnerability--2e3d2d08-2602-48ad-b7fe-88ca5b4a15f3.json create mode 100644 objects/vulnerability/vulnerability--321d71be-2374-4a49-9154-1c0a597316ce.json create mode 100644 objects/vulnerability/vulnerability--3a16debc-2339-4131-af62-0b0c5d056b07.json create mode 100644 objects/vulnerability/vulnerability--3ea81628-beb4-43c2-8c0b-d2e903b75911.json create mode 100644 objects/vulnerability/vulnerability--4541d484-ae4d-4ff5-9e3c-b430f3649f7a.json create mode 100644 objects/vulnerability/vulnerability--4610342c-1829-4d74-b7ec-7ba1dc4e341f.json create mode 100644 objects/vulnerability/vulnerability--4a9e011d-3a39-458a-affa-887e2537544a.json create mode 100644 objects/vulnerability/vulnerability--4c2fae7e-fac8-4527-9d6d-198cb63dc104.json create mode 100644 objects/vulnerability/vulnerability--4d6b59b0-9230-4399-852f-1642215a6c67.json create mode 100644 objects/vulnerability/vulnerability--4ffd9de7-c0cc-40e2-ad51-2e1c2bafd06b.json create mode 100644 objects/vulnerability/vulnerability--579042c6-8b5e-465d-b407-ac31a502a065.json create mode 100644 objects/vulnerability/vulnerability--58054b0d-c543-4ff1-8de9-5cd2dd882da7.json create mode 100644 objects/vulnerability/vulnerability--5a8e4a94-66d4-4b30-a0b6-ccaaa4e3bcb4.json create mode 100644 objects/vulnerability/vulnerability--5aeb5816-ddb3-4795-b708-c061468c9a8c.json create mode 100644 objects/vulnerability/vulnerability--5e7a7afc-926c-49d8-9a8a-2721edd0b0a6.json create mode 100644 objects/vulnerability/vulnerability--608461ed-eb1a-45a9-afea-7e2a4057c2ed.json create mode 100644 objects/vulnerability/vulnerability--61b24901-2ffa-479f-9344-0cdadc80fba4.json create mode 100644 objects/vulnerability/vulnerability--685024a3-d7b0-4766-b3c4-5fee0b4ecec4.json create mode 100644 objects/vulnerability/vulnerability--69d1a517-d243-4f94-87f7-8fae248c2106.json create mode 100644 objects/vulnerability/vulnerability--6b1daa1d-622b-4e0f-aa63-3cf5d26dff0e.json create mode 100644 objects/vulnerability/vulnerability--6c94c78d-c7ff-4ce8-b3e4-562eab501b4d.json create mode 100644 objects/vulnerability/vulnerability--6d6a38f6-d59c-4f03-9118-d1eaa00c9ed3.json create mode 100644 objects/vulnerability/vulnerability--7193ba0d-1af5-4eb8-896c-e3611a655112.json create mode 100644 objects/vulnerability/vulnerability--78ff9555-ba35-42fb-91fd-90d9854d6c62.json create mode 100644 objects/vulnerability/vulnerability--798c78a4-b787-49da-81fa-16bfe4c758d8.json create mode 100644 objects/vulnerability/vulnerability--7c5d1297-67fc-4037-b811-b894286e4e0f.json create mode 100644 objects/vulnerability/vulnerability--82d64a83-b9ad-4928-ada1-66a13a729e7b.json create mode 100644 objects/vulnerability/vulnerability--844558c4-4512-4de0-bfa3-59010ac33b3a.json create mode 100644 objects/vulnerability/vulnerability--87b582d4-5009-4ca2-a389-5be69eda6187.json create mode 100644 objects/vulnerability/vulnerability--8826d474-0a3d-42ae-8136-99ffe41eaeaa.json create mode 100644 objects/vulnerability/vulnerability--8e7709e7-1deb-48e5-b190-110cf706e529.json create mode 100644 objects/vulnerability/vulnerability--940c13e5-8c6e-4fec-9253-d28b6c94b7ef.json create mode 100644 objects/vulnerability/vulnerability--9afacc13-68e3-4f6c-9ecb-896013e6aa0d.json create mode 100644 objects/vulnerability/vulnerability--9e175e7b-ea03-4e7b-8d75-01dc87edbe11.json create mode 100644 objects/vulnerability/vulnerability--9f137e86-f113-47f0-92c3-1845b1b70bf4.json create mode 100644 objects/vulnerability/vulnerability--ad9ca2a6-a125-4511-b2ef-bb861c02e577.json create mode 100644 objects/vulnerability/vulnerability--aed1e255-f777-4ca9-89b5-207646f7cd15.json create mode 100644 objects/vulnerability/vulnerability--af8b60f5-dea9-4e96-8ad0-b47eb4217a9c.json create mode 100644 objects/vulnerability/vulnerability--b2c603f6-d1f6-455d-b169-3b724368e691.json create mode 100644 objects/vulnerability/vulnerability--b715bfd6-5197-4e5c-82c1-6d533cff3944.json create mode 100644 objects/vulnerability/vulnerability--ba9e1ef4-3295-4a1d-ba70-d28b1216fcfd.json create mode 100644 objects/vulnerability/vulnerability--bde33c42-90e3-4f55-a961-dfeb203b92d3.json create mode 100644 objects/vulnerability/vulnerability--c001c3ef-1a30-403f-b4a9-53641e7983d3.json create mode 100644 objects/vulnerability/vulnerability--c025691d-43d7-44f5-9dce-0e7d13a8da60.json create mode 100644 objects/vulnerability/vulnerability--c16f7cbf-4a00-4010-92af-15292563fc85.json create mode 100644 objects/vulnerability/vulnerability--c27c1456-29e1-4c63-b807-caecd93af052.json create mode 100644 objects/vulnerability/vulnerability--c6e66fcf-821a-4e34-8c3f-07b442cdaefc.json create mode 100644 objects/vulnerability/vulnerability--c803cf23-1a84-4646-955f-a5e583b523c5.json create mode 100644 objects/vulnerability/vulnerability--c84f2b31-fc9e-4cda-b51f-1dccb3eba2e9.json create mode 100644 objects/vulnerability/vulnerability--c933696a-9e7c-44b1-b81b-9d3bb83a3264.json create mode 100644 objects/vulnerability/vulnerability--ccc5fa0e-6813-472c-b17e-ad1b7eefe1f8.json create mode 100644 objects/vulnerability/vulnerability--df09034c-44a0-4f12-bd9c-e1acd53d753e.json create mode 100644 objects/vulnerability/vulnerability--e17c2855-3f64-496f-8c80-abfdea012b8a.json create mode 100644 objects/vulnerability/vulnerability--e181286d-df71-4911-bb25-6424412c29b2.json create mode 100644 objects/vulnerability/vulnerability--e4fa3ae1-ddb2-452e-81cb-fe64cdddb564.json create mode 100644 objects/vulnerability/vulnerability--e53507e4-ec0c-471c-b430-d8358bb83935.json create mode 100644 objects/vulnerability/vulnerability--e65d8928-4ed9-40cb-8e8b-57518ebc300b.json create mode 100644 objects/vulnerability/vulnerability--e9d81c4a-4865-4939-b273-3a900eeb7e50.json create mode 100644 objects/vulnerability/vulnerability--eacfb119-45c2-49a5-8ff4-f25ce5367157.json create mode 100644 objects/vulnerability/vulnerability--f53dfbaf-feb9-4807-a349-50df5b2b738c.json create mode 100644 objects/vulnerability/vulnerability--f8bbee80-484a-4ad8-98fc-ebcb8a44c018.json diff --git a/mapping.csv b/mapping.csv index f2aa92d0fea..57e7cc0aaca 100644 --- a/mapping.csv +++ b/mapping.csv @@ -262844,3 +262844,75 @@ vulnerability,CVE-2025-0347,vulnerability--cd128437-010e-4bd4-acf1-6c9b466e7b59 vulnerability,CVE-2025-0334,vulnerability--f5fec77e-aac2-4280-b5ac-b6f6c0a5c2fb vulnerability,CVE-2025-0306,vulnerability--5cfca704-ae04-493d-96fd-efb8759c6bd9 vulnerability,CVE-2025-0341,vulnerability--8d1893fa-8938-4353-81fd-e9c2bb0599ea +vulnerability,CVE-2024-12473,vulnerability--bde33c42-90e3-4f55-a961-dfeb203b92d3 +vulnerability,CVE-2024-12606,vulnerability--c27c1456-29e1-4c63-b807-caecd93af052 +vulnerability,CVE-2024-12847,vulnerability--24b2cfdc-361e-4413-8f70-c05cc5cd2c4e +vulnerability,CVE-2024-9133,vulnerability--82d64a83-b9ad-4928-ada1-66a13a729e7b +vulnerability,CVE-2024-9132,vulnerability--ba9e1ef4-3295-4a1d-ba70-d28b1216fcfd +vulnerability,CVE-2024-9134,vulnerability--579042c6-8b5e-465d-b407-ac31a502a065 +vulnerability,CVE-2024-9188,vulnerability--4ffd9de7-c0cc-40e2-ad51-2e1c2bafd06b +vulnerability,CVE-2024-9131,vulnerability--7c5d1297-67fc-4037-b811-b894286e4e0f +vulnerability,CVE-2024-47518,vulnerability--4610342c-1829-4d74-b7ec-7ba1dc4e341f +vulnerability,CVE-2024-47517,vulnerability--5aeb5816-ddb3-4795-b708-c061468c9a8c +vulnerability,CVE-2024-47519,vulnerability--b2c603f6-d1f6-455d-b169-3b724368e691 +vulnerability,CVE-2024-47520,vulnerability--4a9e011d-3a39-458a-affa-887e2537544a +vulnerability,CVE-2024-50807,vulnerability--c025691d-43d7-44f5-9dce-0e7d13a8da60 +vulnerability,CVE-2024-7142,vulnerability--b715bfd6-5197-4e5c-82c1-6d533cff3944 +vulnerability,CVE-2024-7095,vulnerability--001435ec-758b-450b-a16b-03ba9314329b +vulnerability,CVE-2024-25371,vulnerability--6c94c78d-c7ff-4ce8-b3e4-562eab501b4d +vulnerability,CVE-2024-33297,vulnerability--ccc5fa0e-6813-472c-b17e-ad1b7eefe1f8 +vulnerability,CVE-2024-33298,vulnerability--099992de-1380-4f1b-8f79-780f27fcb12f +vulnerability,CVE-2024-33299,vulnerability--e53507e4-ec0c-471c-b430-d8358bb83935 +vulnerability,CVE-2024-41787,vulnerability--69d1a517-d243-4f94-87f7-8fae248c2106 +vulnerability,CVE-2024-54997,vulnerability--c84f2b31-fc9e-4cda-b51f-1dccb3eba2e9 +vulnerability,CVE-2024-54848,vulnerability--2e3d2d08-2602-48ad-b7fe-88ca5b4a15f3 +vulnerability,CVE-2024-54998,vulnerability--aed1e255-f777-4ca9-89b5-207646f7cd15 +vulnerability,CVE-2024-54849,vulnerability--78ff9555-ba35-42fb-91fd-90d9854d6c62 +vulnerability,CVE-2024-54994,vulnerability--e181286d-df71-4911-bb25-6424412c29b2 +vulnerability,CVE-2024-54847,vulnerability--608461ed-eb1a-45a9-afea-7e2a4057c2ed +vulnerability,CVE-2024-54846,vulnerability--df09034c-44a0-4f12-bd9c-e1acd53d753e +vulnerability,CVE-2024-54687,vulnerability--25fcd9e5-f7df-478b-af5c-e74af2f333ee +vulnerability,CVE-2024-54910,vulnerability--87b582d4-5009-4ca2-a389-5be69eda6187 +vulnerability,CVE-2024-54996,vulnerability--e4fa3ae1-ddb2-452e-81cb-fe64cdddb564 +vulnerability,CVE-2024-57211,vulnerability--0a4f9e6c-c7ee-4338-9ece-2d2a0fb4cfc7 +vulnerability,CVE-2024-57224,vulnerability--af8b60f5-dea9-4e96-8ad0-b47eb4217a9c +vulnerability,CVE-2024-57214,vulnerability--5a8e4a94-66d4-4b30-a0b6-ccaaa4e3bcb4 +vulnerability,CVE-2024-57227,vulnerability--6d6a38f6-d59c-4f03-9118-d1eaa00c9ed3 +vulnerability,CVE-2024-57223,vulnerability--9e175e7b-ea03-4e7b-8d75-01dc87edbe11 +vulnerability,CVE-2024-57212,vulnerability--8e7709e7-1deb-48e5-b190-110cf706e529 +vulnerability,CVE-2024-57226,vulnerability--4541d484-ae4d-4ff5-9e3c-b430f3649f7a +vulnerability,CVE-2024-57225,vulnerability--e65d8928-4ed9-40cb-8e8b-57518ebc300b +vulnerability,CVE-2024-57687,vulnerability--180c6919-bf21-468d-96e9-f66898b4af3c +vulnerability,CVE-2024-57213,vulnerability--3a16debc-2339-4131-af62-0b0c5d056b07 +vulnerability,CVE-2024-57228,vulnerability--c16f7cbf-4a00-4010-92af-15292563fc85 +vulnerability,CVE-2024-57822,vulnerability--ad9ca2a6-a125-4511-b2ef-bb861c02e577 +vulnerability,CVE-2024-57823,vulnerability--e9d81c4a-4865-4939-b273-3a900eeb7e50 +vulnerability,CVE-2024-57222,vulnerability--c001c3ef-1a30-403f-b4a9-53641e7983d3 +vulnerability,CVE-2024-57686,vulnerability--9f137e86-f113-47f0-92c3-1845b1b70bf4 +vulnerability,CVE-2024-56511,vulnerability--61b24901-2ffa-479f-9344-0cdadc80fba4 +vulnerability,CVE-2024-46210,vulnerability--c933696a-9e7c-44b1-b81b-9d3bb83a3264 +vulnerability,CVE-2024-13318,vulnerability--321d71be-2374-4a49-9154-1c0a597316ce +vulnerability,CVE-2024-13183,vulnerability--7193ba0d-1af5-4eb8-896c-e3611a655112 +vulnerability,CVE-2024-5872,vulnerability--3ea81628-beb4-43c2-8c0b-d2e903b75911 +vulnerability,CVE-2024-29971,vulnerability--6b1daa1d-622b-4e0f-aa63-3cf5d26dff0e +vulnerability,CVE-2024-29970,vulnerability--eacfb119-45c2-49a5-8ff4-f25ce5367157 +vulnerability,CVE-2024-6880,vulnerability--8826d474-0a3d-42ae-8136-99ffe41eaeaa +vulnerability,CVE-2024-6662,vulnerability--5e7a7afc-926c-49d8-9a8a-2721edd0b0a6 +vulnerability,CVE-2024-6437,vulnerability--940c13e5-8c6e-4fec-9253-d28b6c94b7ef +vulnerability,CVE-2025-22599,vulnerability--e17c2855-3f64-496f-8c80-abfdea012b8a +vulnerability,CVE-2025-22597,vulnerability--798c78a4-b787-49da-81fa-16bfe4c758d8 +vulnerability,CVE-2025-22946,vulnerability--2b2e97dc-a5af-4a37-8c37-3af37bd5786b +vulnerability,CVE-2025-22949,vulnerability--f53dfbaf-feb9-4807-a349-50df5b2b738c +vulnerability,CVE-2025-22152,vulnerability--c803cf23-1a84-4646-955f-a5e583b523c5 +vulnerability,CVE-2025-22596,vulnerability--4d6b59b0-9230-4399-852f-1642215a6c67 +vulnerability,CVE-2025-22598,vulnerability--58054b0d-c543-4ff1-8de9-5cd2dd882da7 +vulnerability,CVE-2025-22600,vulnerability--211c92bc-77f3-42a4-9d37-45dd658485fa +vulnerability,CVE-2025-23113,vulnerability--9afacc13-68e3-4f6c-9ecb-896013e6aa0d +vulnerability,CVE-2025-23112,vulnerability--c6e66fcf-821a-4e34-8c3f-07b442cdaefc +vulnerability,CVE-2025-23022,vulnerability--f8bbee80-484a-4ad8-98fc-ebcb8a44c018 +vulnerability,CVE-2025-23111,vulnerability--844558c4-4512-4de0-bfa3-59010ac33b3a +vulnerability,CVE-2025-23110,vulnerability--13e6542d-9e2b-460e-9394-48a7e6092a12 +vulnerability,CVE-2025-23078,vulnerability--4c2fae7e-fac8-4527-9d6d-198cb63dc104 +vulnerability,CVE-2025-23016,vulnerability--03787242-183b-45a6-aec8-687072ab084c +vulnerability,CVE-2025-23079,vulnerability--091d1c97-18a2-497b-9917-40855ce16cfb +vulnerability,CVE-2025-0311,vulnerability--685024a3-d7b0-4766-b3c4-5fee0b4ecec4 diff --git a/objects/vulnerability/vulnerability--001435ec-758b-450b-a16b-03ba9314329b.json b/objects/vulnerability/vulnerability--001435ec-758b-450b-a16b-03ba9314329b.json new file mode 100644 index 00000000000..47bd0ee3a37 --- /dev/null +++ b/objects/vulnerability/vulnerability--001435ec-758b-450b-a16b-03ba9314329b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9dae7372-18bb-4549-80e1-990daae151e7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--001435ec-758b-450b-a16b-03ba9314329b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.546959Z", + "modified": "2025-01-11T00:20:56.546959Z", + "name": "CVE-2024-7095", + "description": "On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7095" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--03787242-183b-45a6-aec8-687072ab084c.json b/objects/vulnerability/vulnerability--03787242-183b-45a6-aec8-687072ab084c.json new file mode 100644 index 00000000000..d0a55abb117 --- /dev/null +++ b/objects/vulnerability/vulnerability--03787242-183b-45a6-aec8-687072ab084c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--23dedb5a-e05e-4356-b70b-2886b5d96582", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--03787242-183b-45a6-aec8-687072ab084c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.885483Z", + "modified": "2025-01-11T00:21:07.885483Z", + "name": "CVE-2025-23016", + "description": "FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23016" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--091d1c97-18a2-497b-9917-40855ce16cfb.json b/objects/vulnerability/vulnerability--091d1c97-18a2-497b-9917-40855ce16cfb.json new file mode 100644 index 00000000000..3f04dc042ff --- /dev/null +++ b/objects/vulnerability/vulnerability--091d1c97-18a2-497b-9917-40855ce16cfb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--258c2c1e-8f12-4137-9432-8363ee3b206b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--091d1c97-18a2-497b-9917-40855ce16cfb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.887748Z", + "modified": "2025-01-11T00:21:07.887748Z", + "name": "CVE-2025-23079", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - ArticleFeedbackv5 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - ArticleFeedbackv5 extension: from 1.42.X before 1.42.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23079" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--099992de-1380-4f1b-8f79-780f27fcb12f.json b/objects/vulnerability/vulnerability--099992de-1380-4f1b-8f79-780f27fcb12f.json new file mode 100644 index 00000000000..41bd8cbed5b --- /dev/null +++ b/objects/vulnerability/vulnerability--099992de-1380-4f1b-8f79-780f27fcb12f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7786d1d5-b77e-4afa-b0ff-15fa42c6c416", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--099992de-1380-4f1b-8f79-780f27fcb12f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.888397Z", + "modified": "2025-01-11T00:20:56.888397Z", + "name": "CVE-2024-33298", + "description": "Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33298" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0a4f9e6c-c7ee-4338-9ece-2d2a0fb4cfc7.json b/objects/vulnerability/vulnerability--0a4f9e6c-c7ee-4338-9ece-2d2a0fb4cfc7.json new file mode 100644 index 00000000000..9c6b6ab9d99 --- /dev/null +++ b/objects/vulnerability/vulnerability--0a4f9e6c-c7ee-4338-9ece-2d2a0fb4cfc7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f4a8eef5-b22d-480e-b6cd-0b0b0b19fbb1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0a4f9e6c-c7ee-4338-9ece-2d2a0fb4cfc7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.73231Z", + "modified": "2025-01-11T00:20:57.73231Z", + "name": "CVE-2024-57211", + "description": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57211" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--13e6542d-9e2b-460e-9394-48a7e6092a12.json b/objects/vulnerability/vulnerability--13e6542d-9e2b-460e-9394-48a7e6092a12.json new file mode 100644 index 00000000000..edffd31fa35 --- /dev/null +++ b/objects/vulnerability/vulnerability--13e6542d-9e2b-460e-9394-48a7e6092a12.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--19d6d98d-67db-40f2-97f8-83379aa2c29d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--13e6542d-9e2b-460e-9394-48a7e6092a12", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.883009Z", + "modified": "2025-01-11T00:21:07.883009Z", + "name": "CVE-2025-23110", + "description": "An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the email-subject. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim clicks on the email-subject value, it triggers the XSS payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23110" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--180c6919-bf21-468d-96e9-f66898b4af3c.json b/objects/vulnerability/vulnerability--180c6919-bf21-468d-96e9-f66898b4af3c.json new file mode 100644 index 00000000000..4d9e2b9e2d3 --- /dev/null +++ b/objects/vulnerability/vulnerability--180c6919-bf21-468d-96e9-f66898b4af3c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--53429934-21b2-494e-800b-46aba3402766", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--180c6919-bf21-468d-96e9-f66898b4af3c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.839765Z", + "modified": "2025-01-11T00:20:57.839765Z", + "name": "CVE-2024-57687", + "description": "An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the \"Cookie\" GET request parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57687" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--211c92bc-77f3-42a4-9d37-45dd658485fa.json b/objects/vulnerability/vulnerability--211c92bc-77f3-42a4-9d37-45dd658485fa.json new file mode 100644 index 00000000000..13d2db0fa8e --- /dev/null +++ b/objects/vulnerability/vulnerability--211c92bc-77f3-42a4-9d37-45dd658485fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--56d2c99e-885a-4eea-926b-29246f9b96ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--211c92bc-77f3-42a4-9d37-45dd658485fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.771052Z", + "modified": "2025-01-11T00:21:07.771052Z", + "name": "CVE-2025-22600", + "description": "WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_doacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the avulso parameter. This vulnerability is fixed in 3.2.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22600" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--24b2cfdc-361e-4413-8f70-c05cc5cd2c4e.json b/objects/vulnerability/vulnerability--24b2cfdc-361e-4413-8f70-c05cc5cd2c4e.json new file mode 100644 index 00000000000..ce572f0a19b --- /dev/null +++ b/objects/vulnerability/vulnerability--24b2cfdc-361e-4413-8f70-c05cc5cd2c4e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f109cc2-9936-49c1-a98b-7f378d377d86", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--24b2cfdc-361e-4413-8f70-c05cc5cd2c4e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.187829Z", + "modified": "2025-01-11T00:20:56.187829Z", + "name": "CVE-2024-12847", + "description": "NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild since at least 2017.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12847" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25fcd9e5-f7df-478b-af5c-e74af2f333ee.json b/objects/vulnerability/vulnerability--25fcd9e5-f7df-478b-af5c-e74af2f333ee.json new file mode 100644 index 00000000000..2ca2b85bf7e --- /dev/null +++ b/objects/vulnerability/vulnerability--25fcd9e5-f7df-478b-af5c-e74af2f333ee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d04e81f4-bfc5-4dd7-9583-3bc02eab0ca7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25fcd9e5-f7df-478b-af5c-e74af2f333ee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.565139Z", + "modified": "2025-01-11T00:20:57.565139Z", + "name": "CVE-2024-54687", + "description": "Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54687" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b2e97dc-a5af-4a37-8c37-3af37bd5786b.json b/objects/vulnerability/vulnerability--2b2e97dc-a5af-4a37-8c37-3af37bd5786b.json new file mode 100644 index 00000000000..42eb93d922c --- /dev/null +++ b/objects/vulnerability/vulnerability--2b2e97dc-a5af-4a37-8c37-3af37bd5786b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c2f4cbe6-845e-4e65-932b-ce1acdb978e9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b2e97dc-a5af-4a37-8c37-3af37bd5786b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.74891Z", + "modified": "2025-01-11T00:21:07.74891Z", + "name": "CVE-2025-22946", + "description": "Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22946" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e3d2d08-2602-48ad-b7fe-88ca5b4a15f3.json b/objects/vulnerability/vulnerability--2e3d2d08-2602-48ad-b7fe-88ca5b4a15f3.json new file mode 100644 index 00000000000..c823f3fb862 --- /dev/null +++ b/objects/vulnerability/vulnerability--2e3d2d08-2602-48ad-b7fe-88ca5b4a15f3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--56b70cde-4653-4d5f-8e37-54bff1d5d106", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e3d2d08-2602-48ad-b7fe-88ca5b4a15f3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.525287Z", + "modified": "2025-01-11T00:20:57.525287Z", + "name": "CVE-2024-54848", + "description": "Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54848" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--321d71be-2374-4a49-9154-1c0a597316ce.json b/objects/vulnerability/vulnerability--321d71be-2374-4a49-9154-1c0a597316ce.json new file mode 100644 index 00000000000..14b765fe6ee --- /dev/null +++ b/objects/vulnerability/vulnerability--321d71be-2374-4a49-9154-1c0a597316ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--488bf995-70ae-425d-8221-f754c0d03195", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--321d71be-2374-4a49-9154-1c0a597316ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:58.245483Z", + "modified": "2025-01-11T00:20:58.245483Z", + "name": "CVE-2024-13318", + "description": "The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13318" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3a16debc-2339-4131-af62-0b0c5d056b07.json b/objects/vulnerability/vulnerability--3a16debc-2339-4131-af62-0b0c5d056b07.json new file mode 100644 index 00000000000..f0f8180d70f --- /dev/null +++ b/objects/vulnerability/vulnerability--3a16debc-2339-4131-af62-0b0c5d056b07.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c176f0db-4643-42dc-8457-11f3fe13c91b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3a16debc-2339-4131-af62-0b0c5d056b07", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.841192Z", + "modified": "2025-01-11T00:20:57.841192Z", + "name": "CVE-2024-57213", + "description": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57213" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3ea81628-beb4-43c2-8c0b-d2e903b75911.json b/objects/vulnerability/vulnerability--3ea81628-beb4-43c2-8c0b-d2e903b75911.json new file mode 100644 index 00000000000..9c05d166000 --- /dev/null +++ b/objects/vulnerability/vulnerability--3ea81628-beb4-43c2-8c0b-d2e903b75911.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c39cb610-835a-4702-9b77-6324265f31ad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3ea81628-beb4-43c2-8c0b-d2e903b75911", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:58.433647Z", + "modified": "2025-01-11T00:20:58.433647Z", + "name": "CVE-2024-5872", + "description": "On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-5872" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4541d484-ae4d-4ff5-9e3c-b430f3649f7a.json b/objects/vulnerability/vulnerability--4541d484-ae4d-4ff5-9e3c-b430f3649f7a.json new file mode 100644 index 00000000000..77dfa9f4b5a --- /dev/null +++ b/objects/vulnerability/vulnerability--4541d484-ae4d-4ff5-9e3c-b430f3649f7a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7df34845-64b7-4c95-8b4c-f816d5c3ba1f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4541d484-ae4d-4ff5-9e3c-b430f3649f7a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.835663Z", + "modified": "2025-01-11T00:20:57.835663Z", + "name": "CVE-2024-57226", + "description": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57226" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4610342c-1829-4d74-b7ec-7ba1dc4e341f.json b/objects/vulnerability/vulnerability--4610342c-1829-4d74-b7ec-7ba1dc4e341f.json new file mode 100644 index 00000000000..92c1ab5aee4 --- /dev/null +++ b/objects/vulnerability/vulnerability--4610342c-1829-4d74-b7ec-7ba1dc4e341f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f0eed9d-3ae0-4824-8c63-f8155035136b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4610342c-1829-4d74-b7ec-7ba1dc4e341f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.364251Z", + "modified": "2025-01-11T00:20:56.364251Z", + "name": "CVE-2024-47518", + "description": "Specially constructed queries targeting ETM could discover active remote access sessions", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47518" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4a9e011d-3a39-458a-affa-887e2537544a.json b/objects/vulnerability/vulnerability--4a9e011d-3a39-458a-affa-887e2537544a.json new file mode 100644 index 00000000000..59ecc27439e --- /dev/null +++ b/objects/vulnerability/vulnerability--4a9e011d-3a39-458a-affa-887e2537544a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8be3e841-7fbd-40af-b05e-d56cfbcc5304", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4a9e011d-3a39-458a-affa-887e2537544a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.414527Z", + "modified": "2025-01-11T00:20:56.414527Z", + "name": "CVE-2024-47520", + "description": "A user with advanced report application access rights can perform actions for which they are not authorized", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47520" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4c2fae7e-fac8-4527-9d6d-198cb63dc104.json b/objects/vulnerability/vulnerability--4c2fae7e-fac8-4527-9d6d-198cb63dc104.json new file mode 100644 index 00000000000..f250926e291 --- /dev/null +++ b/objects/vulnerability/vulnerability--4c2fae7e-fac8-4527-9d6d-198cb63dc104.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d5496fbd-f2bd-40c9-b950-66c6b36c7ceb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4c2fae7e-fac8-4527-9d6d-198cb63dc104", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.884434Z", + "modified": "2025-01-11T00:21:07.884434Z", + "name": "CVE-2025-23078", + "description": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Breadcrumbs2 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Breadcrumbs2 extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.5, from 1.42.X before 1.42.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23078" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4d6b59b0-9230-4399-852f-1642215a6c67.json b/objects/vulnerability/vulnerability--4d6b59b0-9230-4399-852f-1642215a6c67.json new file mode 100644 index 00000000000..924bf940c7e --- /dev/null +++ b/objects/vulnerability/vulnerability--4d6b59b0-9230-4399-852f-1642215a6c67.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a19d75d-b55a-47b1-9a0e-2460e37f20c1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4d6b59b0-9230-4399-852f-1642215a6c67", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.760772Z", + "modified": "2025-01-11T00:21:07.760772Z", + "name": "CVE-2025-22596", + "description": "WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the modulos_visiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22596" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ffd9de7-c0cc-40e2-ad51-2e1c2bafd06b.json b/objects/vulnerability/vulnerability--4ffd9de7-c0cc-40e2-ad51-2e1c2bafd06b.json new file mode 100644 index 00000000000..c218a240fbf --- /dev/null +++ b/objects/vulnerability/vulnerability--4ffd9de7-c0cc-40e2-ad51-2e1c2bafd06b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14afa066-6152-4c06-97e4-1871a8f2616c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ffd9de7-c0cc-40e2-ad51-2e1c2bafd06b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.275196Z", + "modified": "2025-01-11T00:20:56.275196Z", + "name": "CVE-2024-9188", + "description": "Specially constructed queries cause cross platform scripting leaking administrator tokens", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9188" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--579042c6-8b5e-465d-b407-ac31a502a065.json b/objects/vulnerability/vulnerability--579042c6-8b5e-465d-b407-ac31a502a065.json new file mode 100644 index 00000000000..2365b5b2c95 --- /dev/null +++ b/objects/vulnerability/vulnerability--579042c6-8b5e-465d-b407-ac31a502a065.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--65824ffd-e49a-4cac-9149-f811075efd50", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--579042c6-8b5e-465d-b407-ac31a502a065", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.271856Z", + "modified": "2025-01-11T00:20:56.271856Z", + "name": "CVE-2024-9134", + "description": "Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9134" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--58054b0d-c543-4ff1-8de9-5cd2dd882da7.json b/objects/vulnerability/vulnerability--58054b0d-c543-4ff1-8de9-5cd2dd882da7.json new file mode 100644 index 00000000000..19a02f47746 --- /dev/null +++ b/objects/vulnerability/vulnerability--58054b0d-c543-4ff1-8de9-5cd2dd882da7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5fbce8d-1ed4-4d33-ac11-0bd132ae1143", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--58054b0d-c543-4ff1-8de9-5cd2dd882da7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.76437Z", + "modified": "2025-01-11T00:21:07.76437Z", + "name": "CVE-2025-22598", + "description": "WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22598" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5a8e4a94-66d4-4b30-a0b6-ccaaa4e3bcb4.json b/objects/vulnerability/vulnerability--5a8e4a94-66d4-4b30-a0b6-ccaaa4e3bcb4.json new file mode 100644 index 00000000000..ad1b734b597 --- /dev/null +++ b/objects/vulnerability/vulnerability--5a8e4a94-66d4-4b30-a0b6-ccaaa4e3bcb4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b1ac883a-0eba-43b1-a5f0-3bd3dceae9a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5a8e4a94-66d4-4b30-a0b6-ccaaa4e3bcb4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.738251Z", + "modified": "2025-01-11T00:20:57.738251Z", + "name": "CVE-2024-57214", + "description": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57214" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5aeb5816-ddb3-4795-b708-c061468c9a8c.json b/objects/vulnerability/vulnerability--5aeb5816-ddb3-4795-b708-c061468c9a8c.json new file mode 100644 index 00000000000..4885bca79df --- /dev/null +++ b/objects/vulnerability/vulnerability--5aeb5816-ddb3-4795-b708-c061468c9a8c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9dad5ac0-c88c-4f66-8fb8-985512e461cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5aeb5816-ddb3-4795-b708-c061468c9a8c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.393023Z", + "modified": "2025-01-11T00:20:56.393023Z", + "name": "CVE-2024-47517", + "description": "Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47517" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5e7a7afc-926c-49d8-9a8a-2721edd0b0a6.json b/objects/vulnerability/vulnerability--5e7a7afc-926c-49d8-9a8a-2721edd0b0a6.json new file mode 100644 index 00000000000..e37f3e2409f --- /dev/null +++ b/objects/vulnerability/vulnerability--5e7a7afc-926c-49d8-9a8a-2721edd0b0a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7e6c871-7401-42fd-a2aa-33fe7a258823", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5e7a7afc-926c-49d8-9a8a-2721edd0b0a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:58.662815Z", + "modified": "2025-01-11T00:20:58.662815Z", + "name": "CVE-2024-6662", + "description": "Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under \"/edytor/index.php?id=7,7,0\" lacks protection mechanisms.\nA user could be tricked into visiting a malicious website, which would send POST request to this endpoint. If the victim is a logged in administrator, this could lead to creation of new accounts and granting of administrative permissions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6662" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--608461ed-eb1a-45a9-afea-7e2a4057c2ed.json b/objects/vulnerability/vulnerability--608461ed-eb1a-45a9-afea-7e2a4057c2ed.json new file mode 100644 index 00000000000..eefe81faeda --- /dev/null +++ b/objects/vulnerability/vulnerability--608461ed-eb1a-45a9-afea-7e2a4057c2ed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d82ac869-c51e-430e-8afe-3610a5ba7bcc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--608461ed-eb1a-45a9-afea-7e2a4057c2ed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.545619Z", + "modified": "2025-01-11T00:20:57.545619Z", + "name": "CVE-2024-54847", + "description": "An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54847" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--61b24901-2ffa-479f-9344-0cdadc80fba4.json b/objects/vulnerability/vulnerability--61b24901-2ffa-479f-9344-0cdadc80fba4.json new file mode 100644 index 00000000000..d9689e4f146 --- /dev/null +++ b/objects/vulnerability/vulnerability--61b24901-2ffa-479f-9344-0cdadc80fba4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9d51c71-592f-4c51-aa2d-ece16fd8047c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--61b24901-2ffa-479f-9344-0cdadc80fba4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.889589Z", + "modified": "2025-01-11T00:20:57.889589Z", + "name": "CVE-2024-56511", + "description": "DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class, ”request.getRequestURI“ is used to obtain the request URL, and it is passed to the \"WhitelistUtils.match\" method to determine whether the URL request is an interface that does not require authentication. The \"match\" method filters semicolons, but this is not enough. When users set \"server.servlet.context-path\" when deploying products, there is still a risk of being bypassed, which can be bypassed by any whitelist prefix /geo/../context-path/. The vulnerability has been fixed in v2.10.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56511" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--685024a3-d7b0-4766-b3c4-5fee0b4ecec4.json b/objects/vulnerability/vulnerability--685024a3-d7b0-4766-b3c4-5fee0b4ecec4.json new file mode 100644 index 00000000000..6b5cf275da9 --- /dev/null +++ b/objects/vulnerability/vulnerability--685024a3-d7b0-4766-b3c4-5fee0b4ecec4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82d1577d-c8ee-448e-9a00-24492ace7457", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--685024a3-d7b0-4766-b3c4-5fee0b4ecec4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.903898Z", + "modified": "2025-01-11T00:21:07.903898Z", + "name": "CVE-2025-0311", + "description": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0311" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--69d1a517-d243-4f94-87f7-8fae248c2106.json b/objects/vulnerability/vulnerability--69d1a517-d243-4f94-87f7-8fae248c2106.json new file mode 100644 index 00000000000..de133d5878a --- /dev/null +++ b/objects/vulnerability/vulnerability--69d1a517-d243-4f94-87f7-8fae248c2106.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--346731d9-cda2-4c69-8880-12783f54bedb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--69d1a517-d243-4f94-87f7-8fae248c2106", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.269179Z", + "modified": "2025-01-11T00:20:57.269179Z", + "name": "CVE-2024-41787", + "description": "IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41787" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6b1daa1d-622b-4e0f-aa63-3cf5d26dff0e.json b/objects/vulnerability/vulnerability--6b1daa1d-622b-4e0f-aa63-3cf5d26dff0e.json new file mode 100644 index 00000000000..785b345501a --- /dev/null +++ b/objects/vulnerability/vulnerability--6b1daa1d-622b-4e0f-aa63-3cf5d26dff0e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--90c5c3d9-031f-4687-9938-6718509cde32", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6b1daa1d-622b-4e0f-aa63-3cf5d26dff0e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:58.490023Z", + "modified": "2025-01-11T00:20:58.490023Z", + "name": "CVE-2024-29971", + "description": "Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected signals.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29971" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c94c78d-c7ff-4ce8-b3e4-562eab501b4d.json b/objects/vulnerability/vulnerability--6c94c78d-c7ff-4ce8-b3e4-562eab501b4d.json new file mode 100644 index 00000000000..42237e37d61 --- /dev/null +++ b/objects/vulnerability/vulnerability--6c94c78d-c7ff-4ce8-b3e4-562eab501b4d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0424695e-1e16-44fa-bd06-f96195115729", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c94c78d-c7ff-4ce8-b3e4-562eab501b4d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.609717Z", + "modified": "2025-01-11T00:20:56.609717Z", + "name": "CVE-2024-25371", + "description": "Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from an Interface vulnerability due to mismatching SW signals vs HW exceptions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-25371" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d6a38f6-d59c-4f03-9118-d1eaa00c9ed3.json b/objects/vulnerability/vulnerability--6d6a38f6-d59c-4f03-9118-d1eaa00c9ed3.json new file mode 100644 index 00000000000..f5f0ee81f86 --- /dev/null +++ b/objects/vulnerability/vulnerability--6d6a38f6-d59c-4f03-9118-d1eaa00c9ed3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--023aa109-234c-451e-9bcf-9b71c6a30a7c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d6a38f6-d59c-4f03-9118-d1eaa00c9ed3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.821347Z", + "modified": "2025-01-11T00:20:57.821347Z", + "name": "CVE-2024-57227", + "description": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57227" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7193ba0d-1af5-4eb8-896c-e3611a655112.json b/objects/vulnerability/vulnerability--7193ba0d-1af5-4eb8-896c-e3611a655112.json new file mode 100644 index 00000000000..1921c224b37 --- /dev/null +++ b/objects/vulnerability/vulnerability--7193ba0d-1af5-4eb8-896c-e3611a655112.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f4b9cc07-4dfa-4677-a36c-8b8cfc226977", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7193ba0d-1af5-4eb8-896c-e3611a655112", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:58.255729Z", + "modified": "2025-01-11T00:20:58.255729Z", + "name": "CVE-2024-13183", + "description": "The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13183" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78ff9555-ba35-42fb-91fd-90d9854d6c62.json b/objects/vulnerability/vulnerability--78ff9555-ba35-42fb-91fd-90d9854d6c62.json new file mode 100644 index 00000000000..0fd02f55327 --- /dev/null +++ b/objects/vulnerability/vulnerability--78ff9555-ba35-42fb-91fd-90d9854d6c62.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db3566f9-d41f-4c28-b244-bea677af4835", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78ff9555-ba35-42fb-91fd-90d9854d6c62", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.539203Z", + "modified": "2025-01-11T00:20:57.539203Z", + "name": "CVE-2024-54849", + "description": "An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54849" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--798c78a4-b787-49da-81fa-16bfe4c758d8.json b/objects/vulnerability/vulnerability--798c78a4-b787-49da-81fa-16bfe4c758d8.json new file mode 100644 index 00000000000..f62c8dd9d8f --- /dev/null +++ b/objects/vulnerability/vulnerability--798c78a4-b787-49da-81fa-16bfe4c758d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2c762cd3-72c9-4e97-9d78-ce17aec106a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--798c78a4-b787-49da-81fa-16bfe4c758d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.742859Z", + "modified": "2025-01-11T00:21:07.742859Z", + "name": "CVE-2025-22597", + "description": "WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22597" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7c5d1297-67fc-4037-b811-b894286e4e0f.json b/objects/vulnerability/vulnerability--7c5d1297-67fc-4037-b811-b894286e4e0f.json new file mode 100644 index 00000000000..06368602fd0 --- /dev/null +++ b/objects/vulnerability/vulnerability--7c5d1297-67fc-4037-b811-b894286e4e0f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e1954e8-89f4-4e5c-b2b6-d3b5edaa529f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7c5d1297-67fc-4037-b811-b894286e4e0f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.304013Z", + "modified": "2025-01-11T00:20:56.304013Z", + "name": "CVE-2024-9131", + "description": "A user with administrator privileges can perform command injection", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9131" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--82d64a83-b9ad-4928-ada1-66a13a729e7b.json b/objects/vulnerability/vulnerability--82d64a83-b9ad-4928-ada1-66a13a729e7b.json new file mode 100644 index 00000000000..eed6118071b --- /dev/null +++ b/objects/vulnerability/vulnerability--82d64a83-b9ad-4928-ada1-66a13a729e7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a05249f-c803-420b-8732-189cb976a8b4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--82d64a83-b9ad-4928-ada1-66a13a729e7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.25876Z", + "modified": "2025-01-11T00:20:56.25876Z", + "name": "CVE-2024-9133", + "description": "A user with administrator privileges is able to retrieve authentication tokens", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9133" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--844558c4-4512-4de0-bfa3-59010ac33b3a.json b/objects/vulnerability/vulnerability--844558c4-4512-4de0-bfa3-59010ac33b3a.json new file mode 100644 index 00000000000..e6f69e31e7f --- /dev/null +++ b/objects/vulnerability/vulnerability--844558c4-4512-4de0-bfa3-59010ac33b3a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0eddc33-422a-4036-9ee1-2ef5aa6a2799", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--844558c4-4512-4de0-bfa3-59010ac33b3a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.880893Z", + "modified": "2025-01-11T00:21:07.880893Z", + "name": "CVE-2025-23111", + "description": "An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website. Thus, this allows malicious actions to be executed without user consent.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23111" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--87b582d4-5009-4ca2-a389-5be69eda6187.json b/objects/vulnerability/vulnerability--87b582d4-5009-4ca2-a389-5be69eda6187.json new file mode 100644 index 00000000000..750fdcea065 --- /dev/null +++ b/objects/vulnerability/vulnerability--87b582d4-5009-4ca2-a389-5be69eda6187.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6711da63-8567-4658-9158-5a44dc0bd4ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--87b582d4-5009-4ca2-a389-5be69eda6187", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.570385Z", + "modified": "2025-01-11T00:20:57.570385Z", + "name": "CVE-2024-54910", + "description": "Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54910" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8826d474-0a3d-42ae-8136-99ffe41eaeaa.json b/objects/vulnerability/vulnerability--8826d474-0a3d-42ae-8136-99ffe41eaeaa.json new file mode 100644 index 00000000000..155d019b89d --- /dev/null +++ b/objects/vulnerability/vulnerability--8826d474-0a3d-42ae-8136-99ffe41eaeaa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7ae6a8d1-07ee-4710-b1f4-4530c22fef85", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8826d474-0a3d-42ae-8136-99ffe41eaeaa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:58.661046Z", + "modified": "2025-01-11T00:20:58.661046Z", + "name": "CVE-2024-6880", + "description": "During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. \nPublicly available source code of \"/registered.php\" discloses that path, allowing an attacker to attempt further attacks.  \n\nThis issue affects MegaBIP software versions below 5.15", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6880" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e7709e7-1deb-48e5-b190-110cf706e529.json b/objects/vulnerability/vulnerability--8e7709e7-1deb-48e5-b190-110cf706e529.json new file mode 100644 index 00000000000..3d0f7694648 --- /dev/null +++ b/objects/vulnerability/vulnerability--8e7709e7-1deb-48e5-b190-110cf706e529.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--48ce56cd-9f89-456f-8606-0194798c6d63", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e7709e7-1deb-48e5-b190-110cf706e529", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.825614Z", + "modified": "2025-01-11T00:20:57.825614Z", + "name": "CVE-2024-57212", + "description": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57212" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--940c13e5-8c6e-4fec-9253-d28b6c94b7ef.json b/objects/vulnerability/vulnerability--940c13e5-8c6e-4fec-9253-d28b6c94b7ef.json new file mode 100644 index 00000000000..535bd1637f6 --- /dev/null +++ b/objects/vulnerability/vulnerability--940c13e5-8c6e-4fec-9253-d28b6c94b7ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14325294-4ee4-4f62-8e6d-64883cbc796c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--940c13e5-8c6e-4fec-9253-d28b6c94b7ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:58.677549Z", + "modified": "2025-01-11T00:20:58.677549Z", + "name": "CVE-2024-6437", + "description": "On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options may bypass the feature's set nexthop action and be slow-path forwarded (FIB routed) by the kernel as the packets are trapped to the CPU instead of following the redirect action's destination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-6437" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9afacc13-68e3-4f6c-9ecb-896013e6aa0d.json b/objects/vulnerability/vulnerability--9afacc13-68e3-4f6c-9ecb-896013e6aa0d.json new file mode 100644 index 00000000000..5ef33f277fc --- /dev/null +++ b/objects/vulnerability/vulnerability--9afacc13-68e3-4f6c-9ecb-896013e6aa0d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--38fcb8d4-90d5-4f60-af75-54a149ab28d8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9afacc13-68e3-4f6c-9ecb-896013e6aa0d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.87671Z", + "modified": "2025-01-11T00:21:07.87671Z", + "name": "CVE-2025-23113", + "description": "An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim click on the alert-title value, it can trigger a logout request and terminates their session, or redirect to a phishing website. This vulnerability stems from the absence of CSRF protections on the logout functionality.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23113" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e175e7b-ea03-4e7b-8d75-01dc87edbe11.json b/objects/vulnerability/vulnerability--9e175e7b-ea03-4e7b-8d75-01dc87edbe11.json new file mode 100644 index 00000000000..492f34d0bd5 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e175e7b-ea03-4e7b-8d75-01dc87edbe11.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4982b5d2-22d4-4d77-b259-3caf353fa725", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e175e7b-ea03-4e7b-8d75-01dc87edbe11", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.82374Z", + "modified": "2025-01-11T00:20:57.82374Z", + "name": "CVE-2024-57223", + "description": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57223" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f137e86-f113-47f0-92c3-1845b1b70bf4.json b/objects/vulnerability/vulnerability--9f137e86-f113-47f0-92c3-1845b1b70bf4.json new file mode 100644 index 00000000000..0d2e2f61803 --- /dev/null +++ b/objects/vulnerability/vulnerability--9f137e86-f113-47f0-92c3-1845b1b70bf4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0d3095e-fbaa-49c8-b10e-3d5b543cbea2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f137e86-f113-47f0-92c3-1845b1b70bf4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.854465Z", + "modified": "2025-01-11T00:20:57.854465Z", + "name": "CVE-2024-57686", + "description": "A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the \"pagetitle\" parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57686" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ad9ca2a6-a125-4511-b2ef-bb861c02e577.json b/objects/vulnerability/vulnerability--ad9ca2a6-a125-4511-b2ef-bb861c02e577.json new file mode 100644 index 00000000000..b1d032e581c --- /dev/null +++ b/objects/vulnerability/vulnerability--ad9ca2a6-a125-4511-b2ef-bb861c02e577.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0c9c7a2-e44e-49a4-938a-121d8bbce805", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ad9ca2a6-a125-4511-b2ef-bb861c02e577", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.844631Z", + "modified": "2025-01-11T00:20:57.844631Z", + "name": "CVE-2024-57822", + "description": "In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57822" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aed1e255-f777-4ca9-89b5-207646f7cd15.json b/objects/vulnerability/vulnerability--aed1e255-f777-4ca9-89b5-207646f7cd15.json new file mode 100644 index 00000000000..a1cbbbac48f --- /dev/null +++ b/objects/vulnerability/vulnerability--aed1e255-f777-4ca9-89b5-207646f7cd15.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b189a802-572e-49f0-9910-2d2bfa3ddbdc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aed1e255-f777-4ca9-89b5-207646f7cd15", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.537888Z", + "modified": "2025-01-11T00:20:57.537888Z", + "name": "CVE-2024-54998", + "description": "MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54998" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--af8b60f5-dea9-4e96-8ad0-b47eb4217a9c.json b/objects/vulnerability/vulnerability--af8b60f5-dea9-4e96-8ad0-b47eb4217a9c.json new file mode 100644 index 00000000000..c3c2128daa7 --- /dev/null +++ b/objects/vulnerability/vulnerability--af8b60f5-dea9-4e96-8ad0-b47eb4217a9c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e9cdbe5-1a4b-4fe9-896d-e75d25eb0bdf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--af8b60f5-dea9-4e96-8ad0-b47eb4217a9c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.735966Z", + "modified": "2025-01-11T00:20:57.735966Z", + "name": "CVE-2024-57224", + "description": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57224" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2c603f6-d1f6-455d-b169-3b724368e691.json b/objects/vulnerability/vulnerability--b2c603f6-d1f6-455d-b169-3b724368e691.json new file mode 100644 index 00000000000..efdae844528 --- /dev/null +++ b/objects/vulnerability/vulnerability--b2c603f6-d1f6-455d-b169-3b724368e691.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--44474a51-c7d8-41e5-9f61-a65c2de34549", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2c603f6-d1f6-455d-b169-3b724368e691", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.395541Z", + "modified": "2025-01-11T00:20:56.395541Z", + "name": "CVE-2024-47519", + "description": "Backup uploads to ETM subject to man-in-the-middle interception", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-47519" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b715bfd6-5197-4e5c-82c1-6d533cff3944.json b/objects/vulnerability/vulnerability--b715bfd6-5197-4e5c-82c1-6d533cff3944.json new file mode 100644 index 00000000000..ea06f714155 --- /dev/null +++ b/objects/vulnerability/vulnerability--b715bfd6-5197-4e5c-82c1-6d533cff3944.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--55256db0-40af-46a5-92f3-cb3c21ab333c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b715bfd6-5197-4e5c-82c1-6d533cff3944", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.537513Z", + "modified": "2025-01-11T00:20:56.537513Z", + "name": "CVE-2024-7142", + "description": "On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-7142" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba9e1ef4-3295-4a1d-ba70-d28b1216fcfd.json b/objects/vulnerability/vulnerability--ba9e1ef4-3295-4a1d-ba70-d28b1216fcfd.json new file mode 100644 index 00000000000..4efda4c868a --- /dev/null +++ b/objects/vulnerability/vulnerability--ba9e1ef4-3295-4a1d-ba70-d28b1216fcfd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d31d2d93-f5a9-46b7-8f5d-928436addd95", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba9e1ef4-3295-4a1d-ba70-d28b1216fcfd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.267972Z", + "modified": "2025-01-11T00:20:56.267972Z", + "name": "CVE-2024-9132", + "description": "The administrator is able to configure an insecure captive portal script", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-9132" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bde33c42-90e3-4f55-a961-dfeb203b92d3.json b/objects/vulnerability/vulnerability--bde33c42-90e3-4f55-a961-dfeb203b92d3.json new file mode 100644 index 00000000000..a2e722d1c0d --- /dev/null +++ b/objects/vulnerability/vulnerability--bde33c42-90e3-4f55-a961-dfeb203b92d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2b08b78e-02b6-4938-92f0-00b5a8a90c4a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bde33c42-90e3-4f55-a961-dfeb203b92d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.123881Z", + "modified": "2025-01-11T00:20:56.123881Z", + "name": "CVE-2024-12473", + "description": "The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the 'template_id' parameter of the 'article_builder_generate_data' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12473" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c001c3ef-1a30-403f-b4a9-53641e7983d3.json b/objects/vulnerability/vulnerability--c001c3ef-1a30-403f-b4a9-53641e7983d3.json new file mode 100644 index 00000000000..62513bda8aa --- /dev/null +++ b/objects/vulnerability/vulnerability--c001c3ef-1a30-403f-b4a9-53641e7983d3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db902627-ae4b-4a72-8402-2e2a70ff14cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c001c3ef-1a30-403f-b4a9-53641e7983d3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.848748Z", + "modified": "2025-01-11T00:20:57.848748Z", + "name": "CVE-2024-57222", + "description": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57222" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c025691d-43d7-44f5-9dce-0e7d13a8da60.json b/objects/vulnerability/vulnerability--c025691d-43d7-44f5-9dce-0e7d13a8da60.json new file mode 100644 index 00000000000..196915183c8 --- /dev/null +++ b/objects/vulnerability/vulnerability--c025691d-43d7-44f5-9dce-0e7d13a8da60.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40fd3e7b-45c2-468b-9c04-071edf377517", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c025691d-43d7-44f5-9dce-0e7d13a8da60", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.429574Z", + "modified": "2025-01-11T00:20:56.429574Z", + "name": "CVE-2024-50807", + "description": "Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting (XSS) via file upload using the svg and pdf extensions.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-50807" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c16f7cbf-4a00-4010-92af-15292563fc85.json b/objects/vulnerability/vulnerability--c16f7cbf-4a00-4010-92af-15292563fc85.json new file mode 100644 index 00000000000..212a54ca7ac --- /dev/null +++ b/objects/vulnerability/vulnerability--c16f7cbf-4a00-4010-92af-15292563fc85.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fdba49d8-7421-4744-ba91-987c799b56dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c16f7cbf-4a00-4010-92af-15292563fc85", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.842584Z", + "modified": "2025-01-11T00:20:57.842584Z", + "name": "CVE-2024-57228", + "description": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57228" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c27c1456-29e1-4c63-b807-caecd93af052.json b/objects/vulnerability/vulnerability--c27c1456-29e1-4c63-b807-caecd93af052.json new file mode 100644 index 00000000000..f0b5bd99a08 --- /dev/null +++ b/objects/vulnerability/vulnerability--c27c1456-29e1-4c63-b807-caecd93af052.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9be2beb4-2d98-420c-83da-491f163cc34c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c27c1456-29e1-4c63-b807-caecd93af052", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.184387Z", + "modified": "2025-01-11T00:20:56.184387Z", + "name": "CVE-2024-12606", + "description": "The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12606" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c6e66fcf-821a-4e34-8c3f-07b442cdaefc.json b/objects/vulnerability/vulnerability--c6e66fcf-821a-4e34-8c3f-07b442cdaefc.json new file mode 100644 index 00000000000..9daa50794ec --- /dev/null +++ b/objects/vulnerability/vulnerability--c6e66fcf-821a-4e34-8c3f-07b442cdaefc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--430c20b7-e41c-491b-b0e2-a850bf1d1419", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c6e66fcf-821a-4e34-8c3f-07b442cdaefc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.87811Z", + "modified": "2025-01-11T00:21:07.87811Z", + "name": "CVE-2025-23112", + "description": "An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23112" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c803cf23-1a84-4646-955f-a5e583b523c5.json b/objects/vulnerability/vulnerability--c803cf23-1a84-4646-955f-a5e583b523c5.json new file mode 100644 index 00000000000..fe5435c661e --- /dev/null +++ b/objects/vulnerability/vulnerability--c803cf23-1a84-4646-955f-a5e583b523c5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2489c05-28c3-4124-b9a3-a3ff0d87a364", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c803cf23-1a84-4646-955f-a5e583b523c5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.755973Z", + "modified": "2025-01-11T00:21:07.755973Z", + "name": "CVE-2025-22152", + "description": "Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack vectors present in multiple PHP files. This vulnerability is fixed in v600.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22152" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c84f2b31-fc9e-4cda-b51f-1dccb3eba2e9.json b/objects/vulnerability/vulnerability--c84f2b31-fc9e-4cda-b51f-1dccb3eba2e9.json new file mode 100644 index 00000000000..2eea6eea017 --- /dev/null +++ b/objects/vulnerability/vulnerability--c84f2b31-fc9e-4cda-b51f-1dccb3eba2e9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c39a283a-4ae7-4791-87eb-d31b03e3b78c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c84f2b31-fc9e-4cda-b51f-1dccb3eba2e9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.523006Z", + "modified": "2025-01-11T00:20:57.523006Z", + "name": "CVE-2024-54997", + "description": "MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54997" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c933696a-9e7c-44b1-b81b-9d3bb83a3264.json b/objects/vulnerability/vulnerability--c933696a-9e7c-44b1-b81b-9d3bb83a3264.json new file mode 100644 index 00000000000..582af192831 --- /dev/null +++ b/objects/vulnerability/vulnerability--c933696a-9e7c-44b1-b81b-9d3bb83a3264.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4f2b0d0e-9daf-480b-8447-16e71c6da237", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c933696a-9e7c-44b1-b81b-9d3bb83a3264", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:58.046484Z", + "modified": "2025-01-11T00:20:58.046484Z", + "name": "CVE-2024-46210", + "description": "An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-46210" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ccc5fa0e-6813-472c-b17e-ad1b7eefe1f8.json b/objects/vulnerability/vulnerability--ccc5fa0e-6813-472c-b17e-ad1b7eefe1f8.json new file mode 100644 index 00000000000..6d6732ce97f --- /dev/null +++ b/objects/vulnerability/vulnerability--ccc5fa0e-6813-472c-b17e-ad1b7eefe1f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--59b6a893-497c-4441-a2a0-bcef5d3ae677", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ccc5fa0e-6813-472c-b17e-ad1b7eefe1f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.857029Z", + "modified": "2025-01-11T00:20:56.857029Z", + "name": "CVE-2024-33297", + "description": "Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33297" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--df09034c-44a0-4f12-bd9c-e1acd53d753e.json b/objects/vulnerability/vulnerability--df09034c-44a0-4f12-bd9c-e1acd53d753e.json new file mode 100644 index 00000000000..4048b95ec58 --- /dev/null +++ b/objects/vulnerability/vulnerability--df09034c-44a0-4f12-bd9c-e1acd53d753e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c846879b-a478-4118-bd95-a295279b4313", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--df09034c-44a0-4f12-bd9c-e1acd53d753e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.549518Z", + "modified": "2025-01-11T00:20:57.549518Z", + "name": "CVE-2024-54846", + "description": "An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54846" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e17c2855-3f64-496f-8c80-abfdea012b8a.json b/objects/vulnerability/vulnerability--e17c2855-3f64-496f-8c80-abfdea012b8a.json new file mode 100644 index 00000000000..38defdfa7c1 --- /dev/null +++ b/objects/vulnerability/vulnerability--e17c2855-3f64-496f-8c80-abfdea012b8a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99e774a5-dc2f-449e-8be4-9874fd23b7d0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e17c2855-3f64-496f-8c80-abfdea012b8a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.731564Z", + "modified": "2025-01-11T00:21:07.731564Z", + "name": "CVE-2025-22599", + "description": "WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22599" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e181286d-df71-4911-bb25-6424412c29b2.json b/objects/vulnerability/vulnerability--e181286d-df71-4911-bb25-6424412c29b2.json new file mode 100644 index 00000000000..f73257d091b --- /dev/null +++ b/objects/vulnerability/vulnerability--e181286d-df71-4911-bb25-6424412c29b2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f35a340-64e7-4a95-8e89-d0c4526b485c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e181286d-df71-4911-bb25-6424412c29b2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.540704Z", + "modified": "2025-01-11T00:20:57.540704Z", + "name": "CVE-2024-54994", + "description": "MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54994" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e4fa3ae1-ddb2-452e-81cb-fe64cdddb564.json b/objects/vulnerability/vulnerability--e4fa3ae1-ddb2-452e-81cb-fe64cdddb564.json new file mode 100644 index 00000000000..04554435bc0 --- /dev/null +++ b/objects/vulnerability/vulnerability--e4fa3ae1-ddb2-452e-81cb-fe64cdddb564.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c4a72adc-8e90-40ce-bfef-f2d3c1982ba6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e4fa3ae1-ddb2-452e-81cb-fe64cdddb564", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.57335Z", + "modified": "2025-01-11T00:20:57.57335Z", + "name": "CVE-2024-54996", + "description": "MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54996" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e53507e4-ec0c-471c-b430-d8358bb83935.json b/objects/vulnerability/vulnerability--e53507e4-ec0c-471c-b430-d8358bb83935.json new file mode 100644 index 00000000000..dcf9979ae72 --- /dev/null +++ b/objects/vulnerability/vulnerability--e53507e4-ec0c-471c-b430-d8358bb83935.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ff8b9d98-2799-4ccb-9852-159833df585b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e53507e4-ec0c-471c-b430-d8358bb83935", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:56.910652Z", + "modified": "2025-01-11T00:20:56.910652Z", + "name": "CVE-2024-33299", + "description": "Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-33299" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e65d8928-4ed9-40cb-8e8b-57518ebc300b.json b/objects/vulnerability/vulnerability--e65d8928-4ed9-40cb-8e8b-57518ebc300b.json new file mode 100644 index 00000000000..55112961eae --- /dev/null +++ b/objects/vulnerability/vulnerability--e65d8928-4ed9-40cb-8e8b-57518ebc300b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d18037dc-1312-4c55-9350-fa49c29ada9d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e65d8928-4ed9-40cb-8e8b-57518ebc300b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.837991Z", + "modified": "2025-01-11T00:20:57.837991Z", + "name": "CVE-2024-57225", + "description": "Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57225" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e9d81c4a-4865-4939-b273-3a900eeb7e50.json b/objects/vulnerability/vulnerability--e9d81c4a-4865-4939-b273-3a900eeb7e50.json new file mode 100644 index 00000000000..a42cbe0e84c --- /dev/null +++ b/objects/vulnerability/vulnerability--e9d81c4a-4865-4939-b273-3a900eeb7e50.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c632cf7-c788-4f45-aaa8-5c9509ab9f88", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e9d81c4a-4865-4939-b273-3a900eeb7e50", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:57.84605Z", + "modified": "2025-01-11T00:20:57.84605Z", + "name": "CVE-2024-57823", + "description": "In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57823" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eacfb119-45c2-49a5-8ff4-f25ce5367157.json b/objects/vulnerability/vulnerability--eacfb119-45c2-49a5-8ff4-f25ce5367157.json new file mode 100644 index 00000000000..ef08fd332a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--eacfb119-45c2-49a5-8ff4-f25ce5367157.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2caf3902-932e-44ef-9b1e-f89887aee187", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eacfb119-45c2-49a5-8ff4-f25ce5367157", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:20:58.518486Z", + "modified": "2025-01-11T00:20:58.518486Z", + "name": "CVE-2024-29970", + "description": "Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads to state corruption via injected signals.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-29970" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f53dfbaf-feb9-4807-a349-50df5b2b738c.json b/objects/vulnerability/vulnerability--f53dfbaf-feb9-4807-a349-50df5b2b738c.json new file mode 100644 index 00000000000..de07336fa53 --- /dev/null +++ b/objects/vulnerability/vulnerability--f53dfbaf-feb9-4807-a349-50df5b2b738c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7528bcc-962a-438b-824b-b8ec8adc55ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f53dfbaf-feb9-4807-a349-50df5b2b738c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.754638Z", + "modified": "2025-01-11T00:21:07.754638Z", + "name": "CVE-2025-22949", + "description": "Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22949" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8bbee80-484a-4ad8-98fc-ebcb8a44c018.json b/objects/vulnerability/vulnerability--f8bbee80-484a-4ad8-98fc-ebcb8a44c018.json new file mode 100644 index 00000000000..18f7da6c55e --- /dev/null +++ b/objects/vulnerability/vulnerability--f8bbee80-484a-4ad8-98fc-ebcb8a44c018.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed06dfb3-fa46-473a-a6f9-48afd0902abd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8bbee80-484a-4ad8-98fc-ebcb8a44c018", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-11T00:21:07.879143Z", + "modified": "2025-01-11T00:21:07.879143Z", + "name": "CVE-2025-23022", + "description": "FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23022" + } + ] + } + ] +} \ No newline at end of file