diff --git a/mapping.csv b/mapping.csv index fde11f6f58..b4b6b054a8 100644 --- a/mapping.csv +++ b/mapping.csv @@ -265175,3 +265175,246 @@ vulnerability,CVE-2025-0722,vulnerability--ba6d5a9e-1a9f-461c-b641-4e94e9885b92 vulnerability,CVE-2025-0720,vulnerability--1df8d100-11cf-4800-be66-11a1d690f924 vulnerability,CVE-2025-0721,vulnerability--dc23ae5c-830e-4571-9d57-b95b7f77ee26 vulnerability,CVE-2017-20196,vulnerability--841bd042-eb6b-47f0-8a9f-b5b3f9d7ab0a +vulnerability,CVE-2024-12436,vulnerability--25683e95-1720-4b2f-b09f-2c0e7b8208b8 +vulnerability,CVE-2024-12280,vulnerability--1a7fdec3-bf39-4bd9-9e32-b9037f3668a1 +vulnerability,CVE-2024-12345,vulnerability--b4a3ed44-4c2c-47d7-a57a-9b974ccbdf35 +vulnerability,CVE-2024-12774,vulnerability--d0bbb17a-cc11-4286-9836-fcb9409a94e6 +vulnerability,CVE-2024-12740,vulnerability--53b17a66-29d8-4683-a5ef-b3ec12925772 +vulnerability,CVE-2024-12773,vulnerability--30de65fc-d0bc-4bd6-88c4-7a5787981588 +vulnerability,CVE-2024-12321,vulnerability--db941036-9b6b-4ab9-a1be-490c7df64532 +vulnerability,CVE-2024-28770,vulnerability--aafaec90-b7a4-42c9-a071-7c69c5521a0b +vulnerability,CVE-2024-28771,vulnerability--0316f789-e323-4bed-a28c-e93d215dca68 +vulnerability,CVE-2024-28786,vulnerability--3aadaa1e-26b5-4b32-b4b5-424b7cfeda5c +vulnerability,CVE-2024-28766,vulnerability--9d6d6ab7-6c2a-498d-8b59-3f4e8b7d0696 +vulnerability,CVE-2024-45598,vulnerability--ff8973f4-7ba3-471f-a1f9-885fca7fda9d +vulnerability,CVE-2024-27256,vulnerability--c828f746-1079-41ed-9473-33206436384d +vulnerability,CVE-2024-44172,vulnerability--3db74b7b-fbe4-4615-ab1d-868607e5f419 +vulnerability,CVE-2024-22316,vulnerability--62bdeadb-be37-4651-8767-679ec93a29d9 +vulnerability,CVE-2024-54509,vulnerability--41fcca3b-c8e1-4128-8286-bec8bc5bdd91 +vulnerability,CVE-2024-54550,vulnerability--d306a65f-213b-43c9-951f-629fb5416c8d +vulnerability,CVE-2024-54468,vulnerability--b459f49e-eb35-4e97-8217-cf10e128cdce +vulnerability,CVE-2024-54523,vulnerability--983575c5-de0a-4c15-a5ae-81120f3b4a92 +vulnerability,CVE-2024-54512,vulnerability--15e5bb44-670f-4639-b67f-d262f59699bb +vulnerability,CVE-2024-54497,vulnerability--52b3a293-ddaf-4670-9934-7ecd9abdcec9 +vulnerability,CVE-2024-54499,vulnerability--63d30aa5-c9f3-41d0-b7cf-228de6182fbd +vulnerability,CVE-2024-54488,vulnerability--c4e040d1-eb4a-4f9a-935c-e6e61dd74496 +vulnerability,CVE-2024-54519,vulnerability--a265d9d1-219e-41b5-8447-21d15919d918 +vulnerability,CVE-2024-54537,vulnerability--f5130562-b224-4fc9-9b1a-81aaf68499ce +vulnerability,CVE-2024-54475,vulnerability--31805c55-2d50-4741-9e0a-6da7573b8ba7 +vulnerability,CVE-2024-54520,vulnerability--05407ff9-d92e-4f2e-af2d-1aed7c123b6d +vulnerability,CVE-2024-54522,vulnerability--85740425-92cd-49a2-a3a4-fb848e88298f +vulnerability,CVE-2024-54146,vulnerability--d55a96b3-739f-45cc-bcbd-781893ec96e4 +vulnerability,CVE-2024-54541,vulnerability--c89f85f8-c6dd-4811-abd6-5e28683a900f +vulnerability,CVE-2024-54539,vulnerability--1244846c-5698-4c1e-9abb-96d0c736518b +vulnerability,CVE-2024-54549,vulnerability--28e96bfe-a0ac-4813-bbce-9ff1dd940ec6 +vulnerability,CVE-2024-54542,vulnerability--ca3783db-e3b4-44d8-86a2-38979ff1f6ec +vulnerability,CVE-2024-54478,vulnerability--1898cdf5-4eb4-48a4-a6ec-def7806c7e32 +vulnerability,CVE-2024-54516,vulnerability--e4af81bd-0a05-4a0e-8e72-ee919d17a027 +vulnerability,CVE-2024-54507,vulnerability--45b40f8e-3666-4de2-a839-82da05554f84 +vulnerability,CVE-2024-54145,vulnerability--ec46aff7-a4d8-4191-b02c-dde3e1fb43db +vulnerability,CVE-2024-54557,vulnerability--a6c60afa-9e1b-423d-a9a7-e09c69fe28bf +vulnerability,CVE-2024-54543,vulnerability--11b6c947-3670-40d1-9f66-683f5dbb6223 +vulnerability,CVE-2024-54518,vulnerability--6326544e-d44d-4ea0-bba6-afe1fd73da48 +vulnerability,CVE-2024-54728,vulnerability--9c76ea82-a0d8-4df5-97b5-dfd2bfe3b140 +vulnerability,CVE-2024-54517,vulnerability--f4a63bd9-4628-420b-abbf-f5cab78ea79c +vulnerability,CVE-2024-54530,vulnerability--d55cae89-3475-4e53-846c-168ad422bc7d +vulnerability,CVE-2024-54536,vulnerability--e96c7e1f-9ed3-495c-b6de-3bed2d1b8879 +vulnerability,CVE-2024-54547,vulnerability--f727830f-576f-4baf-8683-278f6a57b380 +vulnerability,CVE-2024-57548,vulnerability--36b9917f-121b-46c8-9d3c-0a4148794a18 +vulnerability,CVE-2024-57595,vulnerability--69dc4df2-8fa7-4472-937b-939f2e01ed4c +vulnerability,CVE-2024-57546,vulnerability--0e11f891-c6fc-450b-8c74-180128793ef4 +vulnerability,CVE-2024-57272,vulnerability--c22ee53a-293f-4257-bb71-b0e063c62a35 +vulnerability,CVE-2024-57373,vulnerability--381e1839-650c-4ccf-b491-8dece359af38 +vulnerability,CVE-2024-57276,vulnerability--ec06ec11-6c64-49f3-afda-8ebe4845115d +vulnerability,CVE-2024-57052,vulnerability--62c02926-b52f-41c2-a4ad-3720465f2375 +vulnerability,CVE-2024-57547,vulnerability--66df8471-6835-4d3e-9777-0cc10d2cdfd1 +vulnerability,CVE-2024-57549,vulnerability--40f6c130-2510-4fc3-8554-e53fdbf63cfa +vulnerability,CVE-2024-57590,vulnerability--6c5445cb-c15d-4e12-862f-e2599eb12542 +vulnerability,CVE-2024-38320,vulnerability--2d659d45-1ad1-45cb-91eb-2deb51f7edd9 +vulnerability,CVE-2024-38325,vulnerability--d2723949-3bd6-4c90-a141-0a3b8393f225 +vulnerability,CVE-2024-52012,vulnerability--0c458818-a9fd-41c1-bb83-879e7248ec83 +vulnerability,CVE-2024-13094,vulnerability--a2dcfe1d-1ac3-4152-a7f5-c92e8f064439 +vulnerability,CVE-2024-13055,vulnerability--3537f278-292e-4fc2-92f8-3fc8fac1061c +vulnerability,CVE-2024-13052,vulnerability--7f178815-04dc-4f9c-928f-c6f46c04386b +vulnerability,CVE-2024-13056,vulnerability--9e71dfbc-7b89-482b-9fd6-8538b2d5e1cb +vulnerability,CVE-2024-13117,vulnerability--eed77a5b-7a4c-4ff6-b436-3ea8b2a0e897 +vulnerability,CVE-2024-13116,vulnerability--95419a10-3934-4a7a-995d-28579c4b5eb9 +vulnerability,CVE-2024-13095,vulnerability--28d531ec-0246-4636-a63b-58b339d69dfe +vulnerability,CVE-2024-13057,vulnerability--8be43e9c-bc02-4320-93cb-e8bc9c27604a +vulnerability,CVE-2024-56949,vulnerability--a69d98fa-444d-42d5-867d-5503fe0242f0 +vulnerability,CVE-2024-56951,vulnerability--14aebeb9-1b4d-4b42-bf9c-e138e001d2ce +vulnerability,CVE-2024-56948,vulnerability--a34199d5-89d7-48f2-8516-610872800e6d +vulnerability,CVE-2024-56966,vulnerability--99853d43-c01f-48d9-879c-d9e998ea829e +vulnerability,CVE-2024-56954,vulnerability--6b25ec2f-5b57-45b8-bbb3-3200202db39b +vulnerability,CVE-2024-56950,vulnerability--36f84e0c-a079-4632-b879-c3750e1e3e95 +vulnerability,CVE-2024-56953,vulnerability--7ac78dc8-ba9a-47e7-86f5-951ead637512 +vulnerability,CVE-2024-56178,vulnerability--54576158-cf87-4ad8-bfd0-12a731e1e05c +vulnerability,CVE-2024-56972,vulnerability--e8a0adbe-25ce-4b04-b3e9-43b6782fd040 +vulnerability,CVE-2024-56959,vulnerability--41aa2fd8-36f5-4a34-be1b-6fa53480cda0 +vulnerability,CVE-2024-56968,vulnerability--bc6b4bef-ec18-46f3-93f7-80e828ebf293 +vulnerability,CVE-2024-56316,vulnerability--5fa208b1-a252-4ff5-851e-e1931a8a7838 +vulnerability,CVE-2024-56964,vulnerability--aab832fe-ee82-4d3f-bf3d-483919f2f549 +vulnerability,CVE-2024-56969,vulnerability--6f92c883-896b-466c-9a27-121855cef9fb +vulnerability,CVE-2024-56971,vulnerability--346e96dd-a8b4-42bd-9d89-ca192ba3f05a +vulnerability,CVE-2024-56963,vulnerability--f0aef6e1-40e2-4cb0-84da-5cf02ed5af1e +vulnerability,CVE-2024-56967,vulnerability--909e60d0-5409-411f-a6e9-198c9d43c98f +vulnerability,CVE-2024-56955,vulnerability--2ac8ffa7-dd07-4c2b-abcd-be27d705dba2 +vulnerability,CVE-2024-56960,vulnerability--7ffd8d02-c057-4ff1-9986-145322430a05 +vulnerability,CVE-2024-56952,vulnerability--57f86350-8f9c-4218-8571-4a2d1f5979ef +vulnerability,CVE-2024-56957,vulnerability--fb2b5053-d660-4f68-99c9-6b868ce23429 +vulnerability,CVE-2024-56965,vulnerability--1277997c-d93a-47bd-8d77-6074528ed956 +vulnerability,CVE-2024-56962,vulnerability--4b596d89-93fd-435a-b78b-944d76e219e3 +vulnerability,CVE-2024-56947,vulnerability--85589134-6bc8-42d3-bce8-8950ca67095f +vulnerability,CVE-2024-37526,vulnerability--0930aea9-e229-4a73-b06e-501c92112dff +vulnerability,CVE-2024-37527,vulnerability--aa222fa9-0216-4272-ab68-9b18da5aecda +vulnerability,CVE-2024-55931,vulnerability--cccdb4a0-1d1a-45a7-97ce-ff2ed3336f3d +vulnerability,CVE-2024-55227,vulnerability--fbd1b33d-5d67-4ff1-bfa5-0b252f12473d +vulnerability,CVE-2024-55228,vulnerability--5df8eb3a-d5cf-482f-a456-e23e6369625f +vulnerability,CVE-2024-48419,vulnerability--2b14dfd5-2732-4b7e-ae6c-ccd79713bde8 +vulnerability,CVE-2024-48420,vulnerability--2521275d-7afe-4582-b8cc-2a302e1d1d16 +vulnerability,CVE-2024-48662,vulnerability--695afa15-a8db-4bd4-88d8-3513e62076f8 +vulnerability,CVE-2024-48417,vulnerability--5d0adccf-ac64-45b0-937f-dcb44db7aff2 +vulnerability,CVE-2024-48418,vulnerability--15fd78b6-10c1-4cf9-b227-2a65d3775f10 +vulnerability,CVE-2024-48841,vulnerability--6f2fbd72-6505-4e79-896f-5ca091a78b3c +vulnerability,CVE-2024-48416,vulnerability--267fad6b-b3c6-4a4e-9418-ab6cea297dc3 +vulnerability,CVE-2024-26317,vulnerability--2aebe1b5-ae10-46be-97df-459ddbf7b3b8 +vulnerability,CVE-2024-11348,vulnerability--923c5a5c-b319-46ce-bdc7-44f110bebba7 +vulnerability,CVE-2024-43446,vulnerability--e27a2583-bce6-45cf-ab78-35ada026b95c +vulnerability,CVE-2024-43445,vulnerability--7665f277-8f0d-491c-ab9e-7d70760a975f +vulnerability,CVE-2022-31749,vulnerability--7ff4ca57-50e2-4018-a7ca-9255624ab5e7 +vulnerability,CVE-2022-4975,vulnerability--45706cf5-d699-4f50-a942-3d577b5a0144 +vulnerability,CVE-2023-46187,vulnerability--7d51b747-ddd5-4f81-931e-ff1237495b8d +vulnerability,CVE-2023-52292,vulnerability--a7cae20b-1d59-4ed8-b57a-6bb6606d6338 +vulnerability,CVE-2023-47159,vulnerability--4bba099b-cc67-4a1d-9d2a-a568f3da0a51 +vulnerability,CVE-2025-22513,vulnerability--a3e715eb-2702-47e1-a6d2-8b2a56a63cb0 +vulnerability,CVE-2025-22604,vulnerability--f8e7fa32-b570-43f0-a351-b2cdfe74db01 +vulnerability,CVE-2025-23531,vulnerability--c9a80e73-23d5-4cfe-a1a9-2041942cd368 +vulnerability,CVE-2025-23457,vulnerability--b19ffcf7-78e1-4dcb-b500-759253b7ae1f +vulnerability,CVE-2025-23756,vulnerability--da0b4d56-9476-4c60-836c-6bccc7f300e1 +vulnerability,CVE-2025-23754,vulnerability--56dccf6c-2ef2-4487-992a-e2201209ce6b +vulnerability,CVE-2025-23982,vulnerability--e6deabec-e70c-4b77-b37e-5837b6957c8c +vulnerability,CVE-2025-23197,vulnerability--9249afb2-1f48-4f10-9429-3e497ad64671 +vulnerability,CVE-2025-23529,vulnerability--4f4faf6e-0db1-4959-b5aa-73cc9524f5cd +vulnerability,CVE-2025-23752,vulnerability--0cc099d0-eb15-4905-9caf-34700e98f961 +vulnerability,CVE-2025-23574,vulnerability--3d4a88e0-e47a-4f34-abb2-e1d2f0a85d0f +vulnerability,CVE-2025-23849,vulnerability--6f01a139-2a1e-4459-aa22-f7de0236062d +vulnerability,CVE-2025-23669,vulnerability--5c7f6a41-e7ca-45d3-b905-1da3904697ca +vulnerability,CVE-2025-23792,vulnerability--63da2ae3-2766-4c38-b6b0-c2dafbf58e82 +vulnerability,CVE-2025-23656,vulnerability--fd72b3e8-6003-4c8e-ae8f-b9e8e4c24f73 +vulnerability,CVE-2025-24685,vulnerability--608c4ae8-ab43-440f-aacd-cc9ffd1cf3a1 +vulnerability,CVE-2025-24741,vulnerability--dde38779-67ae-4823-8e66-938fc1d68cd7 +vulnerability,CVE-2025-24176,vulnerability--652432d1-1e52-436e-8cfc-64997fe8ec24 +vulnerability,CVE-2025-24734,vulnerability--b27e026a-59d3-40b7-8536-176a6014f351 +vulnerability,CVE-2025-24096,vulnerability--f87d7193-fa46-4e75-baa5-e8a42d08114b +vulnerability,CVE-2025-24367,vulnerability--5324c001-b574-4318-b5eb-9df1925440b3 +vulnerability,CVE-2025-24103,vulnerability--c3f949d7-d3a6-4649-aabb-db1a9700f3fd +vulnerability,CVE-2025-24590,vulnerability--ba8e1d3c-19bd-4100-8217-55d76ad90aef +vulnerability,CVE-2025-24364,vulnerability--edec0919-e448-43ad-bd20-8189775e54ff +vulnerability,CVE-2025-24593,vulnerability--9082ad6f-3e7e-4747-bdd9-443dc457b9ca +vulnerability,CVE-2025-24141,vulnerability--3e7405e2-9f51-4255-9573-b1f05fd3e37d +vulnerability,CVE-2025-24166,vulnerability--f4b1aea0-08c9-41d1-860f-d7eb4a748abd +vulnerability,CVE-2025-24117,vulnerability--6908810a-5221-483f-9b19-aae44daf3878 +vulnerability,CVE-2025-24116,vulnerability--d6190523-a8d0-41a0-aaad-3bf6b994e3a6 +vulnerability,CVE-2025-24124,vulnerability--f307f2b7-eb5f-4ad5-a8ce-e3d7c3de21d7 +vulnerability,CVE-2025-24158,vulnerability--286193ba-a547-4d66-86bc-d986cb5468ae +vulnerability,CVE-2025-24747,vulnerability--71c674f2-6ca1-4b5f-b25c-da2463fb2a54 +vulnerability,CVE-2025-24169,vulnerability--a5c7ccf9-68c6-49a4-9ca6-d7a12597e9ab +vulnerability,CVE-2025-24162,vulnerability--b9f4759f-6595-4470-aff9-b5b6f0ac4748 +vulnerability,CVE-2025-24101,vulnerability--f801a3cc-9aba-4e76-be3a-ba7310995e10 +vulnerability,CVE-2025-24122,vulnerability--27814b82-01a7-476e-a92a-feb585219863 +vulnerability,CVE-2025-24130,vulnerability--8a8fd4df-3713-4bd9-bf72-1d5f8baae67f +vulnerability,CVE-2025-24754,vulnerability--8c57dad5-ffe4-4b34-a51e-2d28387ba5d8 +vulnerability,CVE-2025-24154,vulnerability--d0db3098-8fb1-4fbd-a838-0347f69a2283 +vulnerability,CVE-2025-24140,vulnerability--59cb2bd4-880b-4626-bedc-d55d1c3c61dd +vulnerability,CVE-2025-24107,vulnerability--c62d68cd-5377-4a37-879c-14e99b4d31dd +vulnerability,CVE-2025-24093,vulnerability--cbca9a8b-0eac-4842-b169-3e50bdc12026 +vulnerability,CVE-2025-24159,vulnerability--4b329f89-43de-4281-9b9f-78a569c7bcd4 +vulnerability,CVE-2025-24143,vulnerability--ea5ae2b7-82c2-4198-8eb2-e69b71f0f073 +vulnerability,CVE-2025-24126,vulnerability--3163471c-210c-4998-ad1a-476f909014e6 +vulnerability,CVE-2025-24708,vulnerability--3367f179-464f-4ec7-94b2-064e76579010 +vulnerability,CVE-2025-24135,vulnerability--7632ddd2-5f37-49dc-aa0f-bbf6b615c03c +vulnerability,CVE-2025-24603,vulnerability--9e5d1fb6-0971-48bb-a267-d3a3a90ce590 +vulnerability,CVE-2025-24104,vulnerability--ea5d290d-d410-40a1-9882-c42ecaa9e5fe +vulnerability,CVE-2025-24092,vulnerability--ff059c7c-e9f4-4621-a97f-4a270d20f9c7 +vulnerability,CVE-2025-24139,vulnerability--608a41a2-e541-400d-9865-c0ac2b0670d7 +vulnerability,CVE-2025-24120,vulnerability--42372ad7-6fc7-44af-bae6-48926ad38fa1 +vulnerability,CVE-2025-24160,vulnerability--06035b14-2a1a-4ff6-a76d-a4b449080e84 +vulnerability,CVE-2025-24156,vulnerability--78bc5e75-b525-4eb8-bf9d-7e245748a0b5 +vulnerability,CVE-2025-24365,vulnerability--4bd46c7e-92c7-4fb8-936e-9bb73d07e636 +vulnerability,CVE-2025-24540,vulnerability--6d98376b-53f3-4581-94dd-f073d4980365 +vulnerability,CVE-2025-24662,vulnerability--08ad4cda-8e09-49c5-a251-3cd1f142e2a7 +vulnerability,CVE-2025-24744,vulnerability--fc3d2f51-f42b-4553-a5e3-44ac4adfd0ae +vulnerability,CVE-2025-24174,vulnerability--ead4416a-a240-4c09-b9de-b57095802ede +vulnerability,CVE-2025-24584,vulnerability--ab46a8d4-4d9d-4f34-a8ca-119e7a29c4ed +vulnerability,CVE-2025-24085,vulnerability--a2cc136b-4f46-4570-85c7-3900dc298de7 +vulnerability,CVE-2025-24369,vulnerability--4fd4e5dd-bd98-4d47-8d07-1e29074e5c35 +vulnerability,CVE-2025-24743,vulnerability--2062bf8b-0ef7-424a-81ea-a8c0d53a3717 +vulnerability,CVE-2025-24150,vulnerability--bbab3caa-ad52-4a06-9471-b369e11ffd52 +vulnerability,CVE-2025-24600,vulnerability--2e857d20-664f-4cc4-a956-e9964d0715a5 +vulnerability,CVE-2025-24626,vulnerability--83d512d0-442f-4e9b-900e-44e777f9d96d +vulnerability,CVE-2025-24665,vulnerability--9e6a81e3-df01-410d-a2d8-7e0deb801358 +vulnerability,CVE-2025-24533,vulnerability--f315d9bf-e47b-4673-a83a-2f5541111404 +vulnerability,CVE-2025-24601,vulnerability--19fd69bc-a627-455d-8a6f-2e7426450fd7 +vulnerability,CVE-2025-24087,vulnerability--54d77cf5-e450-411c-b4d5-46be06a0c02f +vulnerability,CVE-2025-24100,vulnerability--9dcfd695-97d3-47ef-912c-f3b1404233aa +vulnerability,CVE-2025-24137,vulnerability--7e7bd360-3499-4a6a-81a6-7fb0220de373 +vulnerability,CVE-2025-24628,vulnerability--839690cc-684c-4531-907f-1d27ef246094 +vulnerability,CVE-2025-24606,vulnerability--144bb2c9-b5c5-4d81-a11e-1fc57aa6898d +vulnerability,CVE-2025-24115,vulnerability--7344e380-aa54-4010-bdd3-27196dc73ff0 +vulnerability,CVE-2025-24129,vulnerability--8e70b6ca-d74a-47e4-943f-13a3aa3e00eb +vulnerability,CVE-2025-24612,vulnerability--faa006f8-7f67-4565-aa29-3901e12d11fa +vulnerability,CVE-2025-24783,vulnerability--91bd878c-ab10-4c0a-972c-26551f9d446b +vulnerability,CVE-2025-24149,vulnerability--1272a4ab-d306-453a-a3b9-3a1f2105077b +vulnerability,CVE-2025-24653,vulnerability--8a14f3da-d969-40bc-b6fd-d7cae8b7bd4d +vulnerability,CVE-2025-24664,vulnerability--7b5f9c5a-2ebb-4451-bca6-150a64910e25 +vulnerability,CVE-2025-24782,vulnerability--e1583b2d-8297-453b-9c5a-0c446e175724 +vulnerability,CVE-2025-24106,vulnerability--23b3c406-67eb-43c3-9baf-720488740e96 +vulnerability,CVE-2025-24121,vulnerability--0d3eac1e-d09c-469a-8169-be0c3c4091e5 +vulnerability,CVE-2025-24123,vulnerability--ff942414-ff73-436c-8276-a7329ef60c79 +vulnerability,CVE-2025-24689,vulnerability--c1ae7643-be31-4f84-a89c-59681a359c0a +vulnerability,CVE-2025-24152,vulnerability--8540fa20-354e-452a-a76c-6067f534c2d9 +vulnerability,CVE-2025-24814,vulnerability--b9530c89-1efe-4cd8-9a3e-09459f86b5a8 +vulnerability,CVE-2025-24112,vulnerability--90a3f0ae-6fc0-4b4b-b74e-d1166c1e8bed +vulnerability,CVE-2025-24671,vulnerability--484ade62-d64f-44e4-bf14-0bdb586c3b25 +vulnerability,CVE-2025-24145,vulnerability--ffc04b6d-29b2-4e6a-90cb-8bd567ba25b4 +vulnerability,CVE-2025-24151,vulnerability--5ff67fc6-8058-4168-beee-6b58e106fe6d +vulnerability,CVE-2025-24138,vulnerability--0faa1b2c-9614-4906-b62f-a0b703041694 +vulnerability,CVE-2025-24357,vulnerability--05f1382b-5727-47f6-a029-640df312f839 +vulnerability,CVE-2025-24538,vulnerability--6455e4b1-323f-499f-9cbf-6bdf85286358 +vulnerability,CVE-2025-24742,vulnerability--04277ac7-3cef-416e-9ad9-ca13f563d68b +vulnerability,CVE-2025-24680,vulnerability--9d1c1987-1a4b-4ae0-91ea-455b76ab1612 +vulnerability,CVE-2025-24537,vulnerability--27d7ad18-151d-490b-8856-707f68643020 +vulnerability,CVE-2025-24161,vulnerability--b2231200-b989-4c09-b220-88d883e05dee +vulnerability,CVE-2025-24086,vulnerability--9f468d10-05ac-495e-b6d0-60cbd9c66067 +vulnerability,CVE-2025-24114,vulnerability--289e3f07-200d-4ec2-8150-9f6fc1a21b10 +vulnerability,CVE-2025-24113,vulnerability--4cfd8a1f-d317-4545-9664-daa70ce0a3d4 +vulnerability,CVE-2025-24108,vulnerability--0e6f9d24-e49e-4d7f-8060-23e60d840987 +vulnerability,CVE-2025-24368,vulnerability--e2823644-e419-44eb-b92f-177bc69faa36 +vulnerability,CVE-2025-24109,vulnerability--0a31ee1e-33bb-4de8-9900-733bf0ce5865 +vulnerability,CVE-2025-24177,vulnerability--ce514081-68be-4def-99f8-9bd9a80038d8 +vulnerability,CVE-2025-24134,vulnerability--cdf63b7a-dc86-4801-85de-110c0370c3e6 +vulnerability,CVE-2025-24153,vulnerability--b8c3d584-babd-405e-84db-6fcba11465ab +vulnerability,CVE-2025-24354,vulnerability--28ea18b9-d2fb-428d-96c8-0a678d181182 +vulnerability,CVE-2025-24390,vulnerability--36c77abc-e276-4dbf-a723-fbef1a2977b7 +vulnerability,CVE-2025-24136,vulnerability--96c87bca-553a-4506-9391-a0bc5b16bece +vulnerability,CVE-2025-24131,vulnerability--18fb6db9-4411-465f-96b2-1a360c88bd7b +vulnerability,CVE-2025-24127,vulnerability--85236328-6511-4c4b-85df-624aefec2928 +vulnerability,CVE-2025-24102,vulnerability--65db94aa-0de4-4594-aa8d-5bbde317f8de +vulnerability,CVE-2025-24128,vulnerability--aa5b0fad-928e-4180-9e3b-96d082ac24af +vulnerability,CVE-2025-24146,vulnerability--13cf8291-bba6-4072-bcd2-dd1ad33b4a2d +vulnerability,CVE-2025-24356,vulnerability--6aae3b17-daf9-42fd-84c1-1c2c4352e8d1 +vulnerability,CVE-2025-24740,vulnerability--4ba534e5-4225-4328-a3ee-c04c467987aa +vulnerability,CVE-2025-24389,vulnerability--fa76e285-7bee-46c7-bd97-305c7ab6477a +vulnerability,CVE-2025-24094,vulnerability--3c5ca325-2334-456a-8199-b99baf0ba3f2 +vulnerability,CVE-2025-24118,vulnerability--a5fcad6d-b2d5-457a-b5f9-f2b17df61b36 +vulnerability,CVE-2025-24163,vulnerability--a8c69368-f076-4ce3-8f98-8a96e8ab8338 +vulnerability,CVE-2025-24667,vulnerability--5007cf2d-d739-4345-bd89-54527b18de39 +vulnerability,CVE-2025-0696,vulnerability--d80af963-7ae0-457b-bd11-8f985748a68f +vulnerability,CVE-2025-0733,vulnerability--d2dff6df-7b41-4ce9-b586-47c2b9b287bc +vulnerability,CVE-2025-0732,vulnerability--9c16eb9a-dcc6-4a06-883c-cd49d10a26f0 +vulnerability,CVE-2025-0734,vulnerability--db848e23-9094-4ac8-92f3-f7a182c9c84f +vulnerability,CVE-2025-0730,vulnerability--4175558c-4ff5-4763-96fc-c7dfe0b0c6cf +vulnerability,CVE-2025-0729,vulnerability--cf7ae5a6-0205-4977-928b-b236b3ef414e +vulnerability,CVE-2025-0753,vulnerability--08087b27-dbf1-4fd2-a752-81cbb74edfbe +vulnerability,CVE-2025-0695,vulnerability--1324df33-7d86-4fed-8de6-17b080579584 +vulnerability,CVE-2025-0751,vulnerability--27f4e12a-5d75-43f3-b7b9-b0089287fac1 diff --git a/objects/vulnerability/vulnerability--0316f789-e323-4bed-a28c-e93d215dca68.json b/objects/vulnerability/vulnerability--0316f789-e323-4bed-a28c-e93d215dca68.json new file mode 100644 index 0000000000..cd07bfc102 --- /dev/null +++ b/objects/vulnerability/vulnerability--0316f789-e323-4bed-a28c-e93d215dca68.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f7d93d25-aec9-461e-8fe1-741dbb2b7877", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0316f789-e323-4bed-a28c-e93d215dca68", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.671427Z", + "modified": "2025-01-28T00:37:54.671427Z", + "name": "CVE-2024-28771", + "description": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28771" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--04277ac7-3cef-416e-9ad9-ca13f563d68b.json b/objects/vulnerability/vulnerability--04277ac7-3cef-416e-9ad9-ca13f563d68b.json new file mode 100644 index 0000000000..ae8ed8255d --- /dev/null +++ b/objects/vulnerability/vulnerability--04277ac7-3cef-416e-9ad9-ca13f563d68b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ecc7fd1-4026-438c-86e5-1c7f251d2fa9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--04277ac7-3cef-416e-9ad9-ca13f563d68b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.46707Z", + "modified": "2025-01-28T00:38:05.46707Z", + "name": "CVE-2025-24742", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in WP Go Maps (formerly WP Google Maps) WP Go Maps. This issue affects WP Go Maps: from n/a through 9.0.40.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24742" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05407ff9-d92e-4f2e-af2d-1aed7c123b6d.json b/objects/vulnerability/vulnerability--05407ff9-d92e-4f2e-af2d-1aed7c123b6d.json new file mode 100644 index 0000000000..d09028dd62 --- /dev/null +++ b/objects/vulnerability/vulnerability--05407ff9-d92e-4f2e-af2d-1aed7c123b6d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b6dd9195-54b3-4c03-91e6-0e58bbbdb074", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05407ff9-d92e-4f2e-af2d-1aed7c123b6d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.050641Z", + "modified": "2025-01-28T00:37:55.050641Z", + "name": "CVE-2024-54520", + "description": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to overwrite arbitrary files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54520" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--05f1382b-5727-47f6-a029-640df312f839.json b/objects/vulnerability/vulnerability--05f1382b-5727-47f6-a029-640df312f839.json new file mode 100644 index 0000000000..d908a3bc33 --- /dev/null +++ b/objects/vulnerability/vulnerability--05f1382b-5727-47f6-a029-640df312f839.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5e87bf65-8ba1-46b1-9b7e-acdd803bffb1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--05f1382b-5727-47f6-a029-640df312f839", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.464611Z", + "modified": "2025-01-28T00:38:05.464611Z", + "name": "CVE-2025-24357", + "description": "vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weights_only parameter defaults to False. When torch.load loads malicious pickle data, it will execute arbitrary code during unpickling. This vulnerability is fixed in v0.7.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24357" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--06035b14-2a1a-4ff6-a76d-a4b449080e84.json b/objects/vulnerability/vulnerability--06035b14-2a1a-4ff6-a76d-a4b449080e84.json new file mode 100644 index 0000000000..ef4cef6021 --- /dev/null +++ b/objects/vulnerability/vulnerability--06035b14-2a1a-4ff6-a76d-a4b449080e84.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--69ee87b4-9440-4ec6-b170-cb0ffecf95dd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--06035b14-2a1a-4ff6-a76d-a4b449080e84", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.413115Z", + "modified": "2025-01-28T00:38:05.413115Z", + "name": "CVE-2025-24160", + "description": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24160" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--08087b27-dbf1-4fd2-a752-81cbb74edfbe.json b/objects/vulnerability/vulnerability--08087b27-dbf1-4fd2-a752-81cbb74edfbe.json new file mode 100644 index 0000000000..49d7d03cef --- /dev/null +++ b/objects/vulnerability/vulnerability--08087b27-dbf1-4fd2-a752-81cbb74edfbe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--98ccb3d6-7123-4aa8-be15-808c00ec9833", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08087b27-dbf1-4fd2-a752-81cbb74edfbe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.525434Z", + "modified": "2025-01-28T00:38:05.525434Z", + "name": "CVE-2025-0753", + "description": "A vulnerability classified as critical was found in Axiomatic Bento4 up to 1.6.0. This vulnerability affects the function AP4_StdcFileByteStream::ReadPartial of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0753" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--08ad4cda-8e09-49c5-a251-3cd1f142e2a7.json b/objects/vulnerability/vulnerability--08ad4cda-8e09-49c5-a251-3cd1f142e2a7.json new file mode 100644 index 0000000000..8b4c6f3129 --- /dev/null +++ b/objects/vulnerability/vulnerability--08ad4cda-8e09-49c5-a251-3cd1f142e2a7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4257d12f-9cb9-48a8-a14e-42c5ab2d82ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--08ad4cda-8e09-49c5-a251-3cd1f142e2a7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.418434Z", + "modified": "2025-01-28T00:38:05.418434Z", + "name": "CVE-2025-24662", + "description": "Missing Authorization vulnerability in NotFound LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LearnDash LMS: from n/a through 4.20.0.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24662" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0930aea9-e229-4a73-b06e-501c92112dff.json b/objects/vulnerability/vulnerability--0930aea9-e229-4a73-b06e-501c92112dff.json new file mode 100644 index 0000000000..ec75fa5d59 --- /dev/null +++ b/objects/vulnerability/vulnerability--0930aea9-e229-4a73-b06e-501c92112dff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3803ebb4-c7cd-4682-a314-b6598625837f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0930aea9-e229-4a73-b06e-501c92112dff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.928252Z", + "modified": "2025-01-28T00:37:55.928252Z", + "name": "CVE-2024-37526", + "description": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37526" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0a31ee1e-33bb-4de8-9900-733bf0ce5865.json b/objects/vulnerability/vulnerability--0a31ee1e-33bb-4de8-9900-733bf0ce5865.json new file mode 100644 index 0000000000..9d94996100 --- /dev/null +++ b/objects/vulnerability/vulnerability--0a31ee1e-33bb-4de8-9900-733bf0ce5865.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3c940f2c-7173-421e-b7cc-184a7abf0d29", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0a31ee1e-33bb-4de8-9900-733bf0ce5865", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.47684Z", + "modified": "2025-01-28T00:38:05.47684Z", + "name": "CVE-2025-24109", + "description": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access sensitive user data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24109" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0c458818-a9fd-41c1-bb83-879e7248ec83.json b/objects/vulnerability/vulnerability--0c458818-a9fd-41c1-bb83-879e7248ec83.json new file mode 100644 index 0000000000..d8c1e64166 --- /dev/null +++ b/objects/vulnerability/vulnerability--0c458818-a9fd-41c1-bb83-879e7248ec83.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d14aa1fd-89d2-40ba-a0d5-d1da5f91045e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0c458818-a9fd-41c1-bb83-879e7248ec83", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.441202Z", + "modified": "2025-01-28T00:37:55.441202Z", + "name": "CVE-2024-52012", + "description": "Relative Path Traversal vulnerability in Apache Solr.\n\nSolr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the \"configset upload\" API.  Commonly known as a \"zipslip\", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.  \nThis issue affects Apache Solr: from 6.6 through 9.7.0.\n\nUsers are recommended to upgrade to version 9.8.0, which fixes the issue.  Users unable to upgrade may also safely prevent the issue by using Solr's \"Rule-Based Authentication Plugin\" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-52012" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0cc099d0-eb15-4905-9caf-34700e98f961.json b/objects/vulnerability/vulnerability--0cc099d0-eb15-4905-9caf-34700e98f961.json new file mode 100644 index 0000000000..2d9504e49f --- /dev/null +++ b/objects/vulnerability/vulnerability--0cc099d0-eb15-4905-9caf-34700e98f961.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6be7d887-e153-41f7-b3c9-24b09fd43472", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0cc099d0-eb15-4905-9caf-34700e98f961", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.322787Z", + "modified": "2025-01-28T00:38:05.322787Z", + "name": "CVE-2025-23752", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound CGD Arrange Terms allows Reflected XSS. This issue affects CGD Arrange Terms: from n/a through 1.1.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23752" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d3eac1e-d09c-469a-8169-be0c3c4091e5.json b/objects/vulnerability/vulnerability--0d3eac1e-d09c-469a-8169-be0c3c4091e5.json new file mode 100644 index 0000000000..89c5cce6c6 --- /dev/null +++ b/objects/vulnerability/vulnerability--0d3eac1e-d09c-469a-8169-be0c3c4091e5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--06dd6d97-626a-4c44-97da-6b6ae5101763", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d3eac1e-d09c-469a-8169-be0c3c4091e5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.452158Z", + "modified": "2025-01-28T00:38:05.452158Z", + "name": "CVE-2025-24121", + "description": "A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24121" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e11f891-c6fc-450b-8c74-180128793ef4.json b/objects/vulnerability/vulnerability--0e11f891-c6fc-450b-8c74-180128793ef4.json new file mode 100644 index 0000000000..f81c457297 --- /dev/null +++ b/objects/vulnerability/vulnerability--0e11f891-c6fc-450b-8c74-180128793ef4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e46c9440-6e68-44d3-8199-0c72de490750", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e11f891-c6fc-450b-8c74-180128793ef4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.222472Z", + "modified": "2025-01-28T00:37:55.222472Z", + "name": "CVE-2024-57546", + "description": "An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57546" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0e6f9d24-e49e-4d7f-8060-23e60d840987.json b/objects/vulnerability/vulnerability--0e6f9d24-e49e-4d7f-8060-23e60d840987.json new file mode 100644 index 0000000000..47076d6918 --- /dev/null +++ b/objects/vulnerability/vulnerability--0e6f9d24-e49e-4d7f-8060-23e60d840987.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d3e7ed3f-16c9-4666-af6c-e69f4c7c28ef", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0e6f9d24-e49e-4d7f-8060-23e60d840987", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.474509Z", + "modified": "2025-01-28T00:38:05.474509Z", + "name": "CVE-2025-24108", + "description": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24108" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0faa1b2c-9614-4906-b62f-a0b703041694.json b/objects/vulnerability/vulnerability--0faa1b2c-9614-4906-b62f-a0b703041694.json new file mode 100644 index 0000000000..830418c6a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--0faa1b2c-9614-4906-b62f-a0b703041694.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f2071ef3-7afe-4cdf-9774-90f28eee8603", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0faa1b2c-9614-4906-b62f-a0b703041694", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.463136Z", + "modified": "2025-01-28T00:38:05.463136Z", + "name": "CVE-2025-24138", + "description": "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious application may be able to leak sensitive user information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24138" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--11b6c947-3670-40d1-9f66-683f5dbb6223.json b/objects/vulnerability/vulnerability--11b6c947-3670-40d1-9f66-683f5dbb6223.json new file mode 100644 index 0000000000..28293426f9 --- /dev/null +++ b/objects/vulnerability/vulnerability--11b6c947-3670-40d1-9f66-683f5dbb6223.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--aaf9bb7e-00d0-42f6-81fa-1e2aa2dea323", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--11b6c947-3670-40d1-9f66-683f5dbb6223", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.085802Z", + "modified": "2025-01-28T00:37:55.085802Z", + "name": "CVE-2024-54543", + "description": "The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54543" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1244846c-5698-4c1e-9abb-96d0c736518b.json b/objects/vulnerability/vulnerability--1244846c-5698-4c1e-9abb-96d0c736518b.json new file mode 100644 index 0000000000..8058d559d9 --- /dev/null +++ b/objects/vulnerability/vulnerability--1244846c-5698-4c1e-9abb-96d0c736518b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--699d30a5-a30f-4692-9d67-e0d15f15d8cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1244846c-5698-4c1e-9abb-96d0c736518b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.063231Z", + "modified": "2025-01-28T00:37:55.063231Z", + "name": "CVE-2024-54539", + "description": "This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to capture keyboard events from the lock screen.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54539" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1272a4ab-d306-453a-a3b9-3a1f2105077b.json b/objects/vulnerability/vulnerability--1272a4ab-d306-453a-a3b9-3a1f2105077b.json new file mode 100644 index 0000000000..2357da7fe6 --- /dev/null +++ b/objects/vulnerability/vulnerability--1272a4ab-d306-453a-a3b9-3a1f2105077b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8a1f0497-1b4a-4024-9a8f-4375cb013236", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1272a4ab-d306-453a-a3b9-3a1f2105077b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.445613Z", + "modified": "2025-01-28T00:38:05.445613Z", + "name": "CVE-2025-24149", + "description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to disclosure of user information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24149" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1277997c-d93a-47bd-8d77-6074528ed956.json b/objects/vulnerability/vulnerability--1277997c-d93a-47bd-8d77-6074528ed956.json new file mode 100644 index 0000000000..a2d9e2cbe5 --- /dev/null +++ b/objects/vulnerability/vulnerability--1277997c-d93a-47bd-8d77-6074528ed956.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c6b2f0b5-a64b-4592-9340-454eb6dc786b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1277997c-d93a-47bd-8d77-6074528ed956", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.73881Z", + "modified": "2025-01-28T00:37:55.73881Z", + "name": "CVE-2024-56965", + "description": "An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56965" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1324df33-7d86-4fed-8de6-17b080579584.json b/objects/vulnerability/vulnerability--1324df33-7d86-4fed-8de6-17b080579584.json new file mode 100644 index 0000000000..15f18a0779 --- /dev/null +++ b/objects/vulnerability/vulnerability--1324df33-7d86-4fed-8de6-17b080579584.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6cf61fb9-152d-49cf-81ae-0a97de1f0e03", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1324df33-7d86-4fed-8de6-17b080579584", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.528952Z", + "modified": "2025-01-28T00:38:05.528952Z", + "name": "CVE-2025-0695", + "description": "An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0695" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--13cf8291-bba6-4072-bcd2-dd1ad33b4a2d.json b/objects/vulnerability/vulnerability--13cf8291-bba6-4072-bcd2-dd1ad33b4a2d.json new file mode 100644 index 0000000000..7e62b20989 --- /dev/null +++ b/objects/vulnerability/vulnerability--13cf8291-bba6-4072-bcd2-dd1ad33b4a2d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a3ac990-e0ac-4945-9126-6a293945773b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--13cf8291-bba6-4072-bcd2-dd1ad33b4a2d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.489766Z", + "modified": "2025-01-28T00:38:05.489766Z", + "name": "CVE-2025-24146", + "description": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Deleting a conversation in Messages may expose user contact information in system logging.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24146" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--144bb2c9-b5c5-4d81-a11e-1fc57aa6898d.json b/objects/vulnerability/vulnerability--144bb2c9-b5c5-4d81-a11e-1fc57aa6898d.json new file mode 100644 index 0000000000..3bc687939d --- /dev/null +++ b/objects/vulnerability/vulnerability--144bb2c9-b5c5-4d81-a11e-1fc57aa6898d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5bd4de55-83f7-4f4b-b883-d0a1974cccd7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--144bb2c9-b5c5-4d81-a11e-1fc57aa6898d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.439149Z", + "modified": "2025-01-28T00:38:05.439149Z", + "name": "CVE-2025-24606", + "description": "Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24606" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--14aebeb9-1b4d-4b42-bf9c-e138e001d2ce.json b/objects/vulnerability/vulnerability--14aebeb9-1b4d-4b42-bf9c-e138e001d2ce.json new file mode 100644 index 0000000000..a6bfe878b0 --- /dev/null +++ b/objects/vulnerability/vulnerability--14aebeb9-1b4d-4b42-bf9c-e138e001d2ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--944e64c3-7157-481e-9cd7-e7bf1e3dee51", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--14aebeb9-1b4d-4b42-bf9c-e138e001d2ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.684398Z", + "modified": "2025-01-28T00:37:55.684398Z", + "name": "CVE-2024-56951", + "description": "An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56951" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15e5bb44-670f-4639-b67f-d262f59699bb.json b/objects/vulnerability/vulnerability--15e5bb44-670f-4639-b67f-d262f59699bb.json new file mode 100644 index 0000000000..6f8c3ef796 --- /dev/null +++ b/objects/vulnerability/vulnerability--15e5bb44-670f-4639-b67f-d262f59699bb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5b6ccf31-a6c4-467a-8480-fdf283c9ddc0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15e5bb44-670f-4639-b67f-d262f59699bb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.034486Z", + "modified": "2025-01-28T00:37:55.034486Z", + "name": "CVE-2024-54512", + "description": "The issue was addressed by removing the relevant flags. This issue is fixed in watchOS 11.2, iOS 18.2 and iPadOS 18.2. A system binary could be used to fingerprint a user's Apple Account.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54512" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15fd78b6-10c1-4cf9-b227-2a65d3775f10.json b/objects/vulnerability/vulnerability--15fd78b6-10c1-4cf9-b227-2a65d3775f10.json new file mode 100644 index 0000000000..90f27ee602 --- /dev/null +++ b/objects/vulnerability/vulnerability--15fd78b6-10c1-4cf9-b227-2a65d3775f10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1a09e1dc-0d09-43a3-9caf-4baa302a3bfe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15fd78b6-10c1-4cf9-b227-2a65d3775f10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:56.492183Z", + "modified": "2025-01-28T00:37:56.492183Z", + "name": "CVE-2024-48418", + "description": "In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48418" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1898cdf5-4eb4-48a4-a6ec-def7806c7e32.json b/objects/vulnerability/vulnerability--1898cdf5-4eb4-48a4-a6ec-def7806c7e32.json new file mode 100644 index 0000000000..dcbfc76a94 --- /dev/null +++ b/objects/vulnerability/vulnerability--1898cdf5-4eb4-48a4-a6ec-def7806c7e32.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--354df199-fae0-4725-b6eb-0d1b65ff0ab2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1898cdf5-4eb4-48a4-a6ec-def7806c7e32", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.07661Z", + "modified": "2025-01-28T00:37:55.07661Z", + "name": "CVE-2024-54478", + "description": "An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to an unexpected process crash.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54478" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--18fb6db9-4411-465f-96b2-1a360c88bd7b.json b/objects/vulnerability/vulnerability--18fb6db9-4411-465f-96b2-1a360c88bd7b.json new file mode 100644 index 0000000000..cbff513e2f --- /dev/null +++ b/objects/vulnerability/vulnerability--18fb6db9-4411-465f-96b2-1a360c88bd7b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0b1bda00-e0fb-4ef9-823b-4c03775ba6a3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--18fb6db9-4411-465f-96b2-1a360c88bd7b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.485408Z", + "modified": "2025-01-28T00:38:05.485408Z", + "name": "CVE-2025-24131", + "description": "The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24131" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--19fd69bc-a627-455d-8a6f-2e7426450fd7.json b/objects/vulnerability/vulnerability--19fd69bc-a627-455d-8a6f-2e7426450fd7.json new file mode 100644 index 0000000000..5be04c6583 --- /dev/null +++ b/objects/vulnerability/vulnerability--19fd69bc-a627-455d-8a6f-2e7426450fd7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7ee3ae4-f10f-4cd5-8e8f-eb3db28ea05e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--19fd69bc-a627-455d-8a6f-2e7426450fd7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.432571Z", + "modified": "2025-01-28T00:38:05.432571Z", + "name": "CVE-2025-24601", + "description": "Deserialization of Untrusted Data vulnerability in ThimPress FundPress allows Object Injection. This issue affects FundPress: from n/a through 2.0.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24601" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1a7fdec3-bf39-4bd9-9e32-b9037f3668a1.json b/objects/vulnerability/vulnerability--1a7fdec3-bf39-4bd9-9e32-b9037f3668a1.json new file mode 100644 index 0000000000..5316a58fbe --- /dev/null +++ b/objects/vulnerability/vulnerability--1a7fdec3-bf39-4bd9-9e32-b9037f3668a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--316b9ad3-b34d-4e13-80de-db5d2085a30f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1a7fdec3-bf39-4bd9-9e32-b9037f3668a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.546557Z", + "modified": "2025-01-28T00:37:54.546557Z", + "name": "CVE-2024-12280", + "description": "The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12280" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2062bf8b-0ef7-424a-81ea-a8c0d53a3717.json b/objects/vulnerability/vulnerability--2062bf8b-0ef7-424a-81ea-a8c0d53a3717.json new file mode 100644 index 0000000000..c6626d8618 --- /dev/null +++ b/objects/vulnerability/vulnerability--2062bf8b-0ef7-424a-81ea-a8c0d53a3717.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a0559bcf-1ac7-40a2-b88b-0a5bcda1b7f3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2062bf8b-0ef7-424a-81ea-a8c0d53a3717", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.425823Z", + "modified": "2025-01-28T00:38:05.425823Z", + "name": "CVE-2025-24743", + "description": "Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24743" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--23b3c406-67eb-43c3-9baf-720488740e96.json b/objects/vulnerability/vulnerability--23b3c406-67eb-43c3-9baf-720488740e96.json new file mode 100644 index 0000000000..905a9f358f --- /dev/null +++ b/objects/vulnerability/vulnerability--23b3c406-67eb-43c3-9baf-720488740e96.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1e5ac755-9eee-49b4-a9db-12e9fa519059", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--23b3c406-67eb-43c3-9baf-720488740e96", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.451056Z", + "modified": "2025-01-28T00:38:05.451056Z", + "name": "CVE-2025-24106", + "description": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Parsing a file may lead to an unexpected app termination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24106" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2521275d-7afe-4582-b8cc-2a302e1d1d16.json b/objects/vulnerability/vulnerability--2521275d-7afe-4582-b8cc-2a302e1d1d16.json new file mode 100644 index 0000000000..2136f6933b --- /dev/null +++ b/objects/vulnerability/vulnerability--2521275d-7afe-4582-b8cc-2a302e1d1d16.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--00693894-2c2a-4b68-8a4e-914ef2e90858", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2521275d-7afe-4582-b8cc-2a302e1d1d16", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:56.465815Z", + "modified": "2025-01-28T00:37:56.465815Z", + "name": "CVE-2024-48420", + "description": "Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48420" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--25683e95-1720-4b2f-b09f-2c0e7b8208b8.json b/objects/vulnerability/vulnerability--25683e95-1720-4b2f-b09f-2c0e7b8208b8.json new file mode 100644 index 0000000000..b3467e51f5 --- /dev/null +++ b/objects/vulnerability/vulnerability--25683e95-1720-4b2f-b09f-2c0e7b8208b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5c31c6e-5547-4c2c-a227-3cf6cf4c9670", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--25683e95-1720-4b2f-b09f-2c0e7b8208b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.535547Z", + "modified": "2025-01-28T00:37:54.535547Z", + "name": "CVE-2024-12436", + "description": "The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12436" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--267fad6b-b3c6-4a4e-9418-ab6cea297dc3.json b/objects/vulnerability/vulnerability--267fad6b-b3c6-4a4e-9418-ab6cea297dc3.json new file mode 100644 index 0000000000..3ee7fd5de9 --- /dev/null +++ b/objects/vulnerability/vulnerability--267fad6b-b3c6-4a4e-9418-ab6cea297dc3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fd7c89f9-20fb-4e9a-b503-cc7200845162", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--267fad6b-b3c6-4a4e-9418-ab6cea297dc3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:56.497594Z", + "modified": "2025-01-28T00:37:56.497594Z", + "name": "CVE-2024-48416", + "description": "Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/fromSetLanDhcpsClientbinding.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48416" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27814b82-01a7-476e-a92a-feb585219863.json b/objects/vulnerability/vulnerability--27814b82-01a7-476e-a92a-feb585219863.json new file mode 100644 index 0000000000..62acd93b1f --- /dev/null +++ b/objects/vulnerability/vulnerability--27814b82-01a7-476e-a92a-feb585219863.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b5f21c60-084b-47e1-8231-76253465cd7a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27814b82-01a7-476e-a92a-feb585219863", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.389828Z", + "modified": "2025-01-28T00:38:05.389828Z", + "name": "CVE-2025-24122", + "description": "A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24122" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27d7ad18-151d-490b-8856-707f68643020.json b/objects/vulnerability/vulnerability--27d7ad18-151d-490b-8856-707f68643020.json new file mode 100644 index 0000000000..8985d99738 --- /dev/null +++ b/objects/vulnerability/vulnerability--27d7ad18-151d-490b-8856-707f68643020.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--465b044a-cb31-4ece-9079-eb1029070386", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27d7ad18-151d-490b-8856-707f68643020", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.469063Z", + "modified": "2025-01-28T00:38:05.469063Z", + "name": "CVE-2025-24537", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery. This issue affects The Events Calendar: from n/a through 6.7.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24537" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--27f4e12a-5d75-43f3-b7b9-b0089287fac1.json b/objects/vulnerability/vulnerability--27f4e12a-5d75-43f3-b7b9-b0089287fac1.json new file mode 100644 index 0000000000..6c30421bdd --- /dev/null +++ b/objects/vulnerability/vulnerability--27f4e12a-5d75-43f3-b7b9-b0089287fac1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc7d62fd-576a-42e5-862f-38fc105ed4a4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--27f4e12a-5d75-43f3-b7b9-b0089287fac1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.540146Z", + "modified": "2025-01-28T00:38:05.540146Z", + "name": "CVE-2025-0751", + "description": "A vulnerability classified as critical has been found in Axiomatic Bento4 up to 1.6.0. This affects the function AP4_BitReader::ReadBits of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0751" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--286193ba-a547-4d66-86bc-d986cb5468ae.json b/objects/vulnerability/vulnerability--286193ba-a547-4d66-86bc-d986cb5468ae.json new file mode 100644 index 0000000000..62c8c583a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--286193ba-a547-4d66-86bc-d986cb5468ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cb522879-d7c5-480f-8a92-7a846a4f8845", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--286193ba-a547-4d66-86bc-d986cb5468ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.380492Z", + "modified": "2025-01-28T00:38:05.380492Z", + "name": "CVE-2025-24158", + "description": "The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24158" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--289e3f07-200d-4ec2-8150-9f6fc1a21b10.json b/objects/vulnerability/vulnerability--289e3f07-200d-4ec2-8150-9f6fc1a21b10.json new file mode 100644 index 0000000000..408d1ed38b --- /dev/null +++ b/objects/vulnerability/vulnerability--289e3f07-200d-4ec2-8150-9f6fc1a21b10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84957a03-a7f0-4d5d-997a-fab05f896557", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--289e3f07-200d-4ec2-8150-9f6fc1a21b10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.472003Z", + "modified": "2025-01-28T00:38:05.472003Z", + "name": "CVE-2025-24114", + "description": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24114" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28d531ec-0246-4636-a63b-58b339d69dfe.json b/objects/vulnerability/vulnerability--28d531ec-0246-4636-a63b-58b339d69dfe.json new file mode 100644 index 0000000000..95ac736c52 --- /dev/null +++ b/objects/vulnerability/vulnerability--28d531ec-0246-4636-a63b-58b339d69dfe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6ff6e0c8-57f0-475c-bcb6-57134b99e7b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28d531ec-0246-4636-a63b-58b339d69dfe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.615745Z", + "modified": "2025-01-28T00:37:55.615745Z", + "name": "CVE-2024-13095", + "description": "The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13095" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28e96bfe-a0ac-4813-bbce-9ff1dd940ec6.json b/objects/vulnerability/vulnerability--28e96bfe-a0ac-4813-bbce-9ff1dd940ec6.json new file mode 100644 index 0000000000..d11cb79d93 --- /dev/null +++ b/objects/vulnerability/vulnerability--28e96bfe-a0ac-4813-bbce-9ff1dd940ec6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--61e145dc-7e0e-44c4-9eb6-2c16bbf99dfb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28e96bfe-a0ac-4813-bbce-9ff1dd940ec6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.069525Z", + "modified": "2025-01-28T00:37:55.069525Z", + "name": "CVE-2024-54549", + "description": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54549" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--28ea18b9-d2fb-428d-96c8-0a678d181182.json b/objects/vulnerability/vulnerability--28ea18b9-d2fb-428d-96c8-0a678d181182.json new file mode 100644 index 0000000000..aac48ca559 --- /dev/null +++ b/objects/vulnerability/vulnerability--28ea18b9-d2fb-428d-96c8-0a678d181182.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9888c9aa-b4ba-4b81-8d25-97677dba6b4e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--28ea18b9-d2fb-428d-96c8-0a678d181182", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.482412Z", + "modified": "2025-01-28T00:38:05.482412Z", + "name": "CVE-2025-24354", + "description": "imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24354" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2ac8ffa7-dd07-4c2b-abcd-be27d705dba2.json b/objects/vulnerability/vulnerability--2ac8ffa7-dd07-4c2b-abcd-be27d705dba2.json new file mode 100644 index 0000000000..761d99ff9b --- /dev/null +++ b/objects/vulnerability/vulnerability--2ac8ffa7-dd07-4c2b-abcd-be27d705dba2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5a9d5b3d-e3bb-4eb7-8da8-a5864bd5a965", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2ac8ffa7-dd07-4c2b-abcd-be27d705dba2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.728905Z", + "modified": "2025-01-28T00:37:55.728905Z", + "name": "CVE-2024-56955", + "description": "An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56955" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2aebe1b5-ae10-46be-97df-459ddbf7b3b8.json b/objects/vulnerability/vulnerability--2aebe1b5-ae10-46be-97df-459ddbf7b3b8.json new file mode 100644 index 0000000000..ce115baa78 --- /dev/null +++ b/objects/vulnerability/vulnerability--2aebe1b5-ae10-46be-97df-459ddbf7b3b8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--da41968b-9f5c-4060-99e7-f1d57fd881e3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2aebe1b5-ae10-46be-97df-459ddbf7b3b8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:56.745994Z", + "modified": "2025-01-28T00:37:56.745994Z", + "name": "CVE-2024-26317", + "description": "In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-26317" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2b14dfd5-2732-4b7e-ae6c-ccd79713bde8.json b/objects/vulnerability/vulnerability--2b14dfd5-2732-4b7e-ae6c-ccd79713bde8.json new file mode 100644 index 0000000000..e621806516 --- /dev/null +++ b/objects/vulnerability/vulnerability--2b14dfd5-2732-4b7e-ae6c-ccd79713bde8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--845a3e77-f295-4f55-a8a3-5c512334e75f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2b14dfd5-2732-4b7e-ae6c-ccd79713bde8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:56.457203Z", + "modified": "2025-01-28T00:37:56.457203Z", + "name": "CVE-2024-48419", + "description": "Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with \"root\" privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48419" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2d659d45-1ad1-45cb-91eb-2deb51f7edd9.json b/objects/vulnerability/vulnerability--2d659d45-1ad1-45cb-91eb-2deb51f7edd9.json new file mode 100644 index 0000000000..518c2e8a1c --- /dev/null +++ b/objects/vulnerability/vulnerability--2d659d45-1ad1-45cb-91eb-2deb51f7edd9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--524dd545-cf7d-4ed2-a28e-7f8efb4cbf2a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2d659d45-1ad1-45cb-91eb-2deb51f7edd9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.270625Z", + "modified": "2025-01-28T00:37:55.270625Z", + "name": "CVE-2024-38320", + "description": "IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38320" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--2e857d20-664f-4cc4-a956-e9964d0715a5.json b/objects/vulnerability/vulnerability--2e857d20-664f-4cc4-a956-e9964d0715a5.json new file mode 100644 index 0000000000..ebec8e28d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--2e857d20-664f-4cc4-a956-e9964d0715a5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9b6af95-2672-41d1-8540-6b35efb238bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--2e857d20-664f-4cc4-a956-e9964d0715a5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.428001Z", + "modified": "2025-01-28T00:38:05.428001Z", + "name": "CVE-2025-24600", + "description": "Missing Authorization vulnerability in David F. Carr RSVPMarker . This issue affects RSVPMarker : from n/a through 11.4.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24600" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--30de65fc-d0bc-4bd6-88c4-7a5787981588.json b/objects/vulnerability/vulnerability--30de65fc-d0bc-4bd6-88c4-7a5787981588.json new file mode 100644 index 0000000000..3c4e9c9454 --- /dev/null +++ b/objects/vulnerability/vulnerability--30de65fc-d0bc-4bd6-88c4-7a5787981588.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ed6386fd-db4c-48ec-8ade-5c4106eef056", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--30de65fc-d0bc-4bd6-88c4-7a5787981588", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.585847Z", + "modified": "2025-01-28T00:37:54.585847Z", + "name": "CVE-2024-12773", + "description": "The Altra Side Menu WordPress plugin through 2.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12773" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3163471c-210c-4998-ad1a-476f909014e6.json b/objects/vulnerability/vulnerability--3163471c-210c-4998-ad1a-476f909014e6.json new file mode 100644 index 0000000000..f6967cab4e --- /dev/null +++ b/objects/vulnerability/vulnerability--3163471c-210c-4998-ad1a-476f909014e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b27ac2d-fc71-4154-9388-cacffe7e74a2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3163471c-210c-4998-ad1a-476f909014e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.402534Z", + "modified": "2025-01-28T00:38:05.402534Z", + "name": "CVE-2025-24126", + "description": "An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24126" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--31805c55-2d50-4741-9e0a-6da7573b8ba7.json b/objects/vulnerability/vulnerability--31805c55-2d50-4741-9e0a-6da7573b8ba7.json new file mode 100644 index 0000000000..9f91a5f754 --- /dev/null +++ b/objects/vulnerability/vulnerability--31805c55-2d50-4741-9e0a-6da7573b8ba7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d0022134-41c8-4baa-bcf8-449e75058cf4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--31805c55-2d50-4741-9e0a-6da7573b8ba7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.04918Z", + "modified": "2025-01-28T00:37:55.04918Z", + "name": "CVE-2024-54475", + "description": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to determine a user’s current location.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54475" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3367f179-464f-4ec7-94b2-064e76579010.json b/objects/vulnerability/vulnerability--3367f179-464f-4ec7-94b2-064e76579010.json new file mode 100644 index 0000000000..aaf1019d1d --- /dev/null +++ b/objects/vulnerability/vulnerability--3367f179-464f-4ec7-94b2-064e76579010.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14a04ddb-7e91-4b81-9e8e-5fa3b2b1ff27", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3367f179-464f-4ec7-94b2-064e76579010", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.40381Z", + "modified": "2025-01-28T00:38:05.40381Z", + "name": "CVE-2025-24708", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Reflected XSS. This issue affects WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24708" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--346e96dd-a8b4-42bd-9d89-ca192ba3f05a.json b/objects/vulnerability/vulnerability--346e96dd-a8b4-42bd-9d89-ca192ba3f05a.json new file mode 100644 index 0000000000..e5813402e4 --- /dev/null +++ b/objects/vulnerability/vulnerability--346e96dd-a8b4-42bd-9d89-ca192ba3f05a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--68a63a0c-357f-4f7a-aea3-1cb83989cac1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--346e96dd-a8b4-42bd-9d89-ca192ba3f05a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.724051Z", + "modified": "2025-01-28T00:37:55.724051Z", + "name": "CVE-2024-56971", + "description": "An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56971" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3537f278-292e-4fc2-92f8-3fc8fac1061c.json b/objects/vulnerability/vulnerability--3537f278-292e-4fc2-92f8-3fc8fac1061c.json new file mode 100644 index 0000000000..1de083a96f --- /dev/null +++ b/objects/vulnerability/vulnerability--3537f278-292e-4fc2-92f8-3fc8fac1061c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9f57d354-4c0e-445c-8ca7-6c672e6adf62", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3537f278-292e-4fc2-92f8-3fc8fac1061c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.592666Z", + "modified": "2025-01-28T00:37:55.592666Z", + "name": "CVE-2024-13055", + "description": "The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13055" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--36b9917f-121b-46c8-9d3c-0a4148794a18.json b/objects/vulnerability/vulnerability--36b9917f-121b-46c8-9d3c-0a4148794a18.json new file mode 100644 index 0000000000..19d234d8b6 --- /dev/null +++ b/objects/vulnerability/vulnerability--36b9917f-121b-46c8-9d3c-0a4148794a18.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b63bb5e4-de52-406d-90ee-161407dbecf1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--36b9917f-121b-46c8-9d3c-0a4148794a18", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.213365Z", + "modified": "2025-01-28T00:37:55.213365Z", + "name": "CVE-2024-57548", + "description": "CMSimple 5.16 allows the user to edit log.php file via print page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57548" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--36c77abc-e276-4dbf-a723-fbef1a2977b7.json b/objects/vulnerability/vulnerability--36c77abc-e276-4dbf-a723-fbef1a2977b7.json new file mode 100644 index 0000000000..ea5c625d7e --- /dev/null +++ b/objects/vulnerability/vulnerability--36c77abc-e276-4dbf-a723-fbef1a2977b7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4161ac2d-c1c8-44bd-a45c-d59c0404913f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--36c77abc-e276-4dbf-a723-fbef1a2977b7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.48347Z", + "modified": "2025-01-28T00:38:05.48347Z", + "name": "CVE-2025-24390", + "description": "A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions.\n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24390" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--36f84e0c-a079-4632-b879-c3750e1e3e95.json b/objects/vulnerability/vulnerability--36f84e0c-a079-4632-b879-c3750e1e3e95.json new file mode 100644 index 0000000000..24f260f31c --- /dev/null +++ b/objects/vulnerability/vulnerability--36f84e0c-a079-4632-b879-c3750e1e3e95.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb4634b0-c8ed-4745-9a71-c3d1f658aa3f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--36f84e0c-a079-4632-b879-c3750e1e3e95", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.699426Z", + "modified": "2025-01-28T00:37:55.699426Z", + "name": "CVE-2024-56950", + "description": "An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56950" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--381e1839-650c-4ccf-b491-8dece359af38.json b/objects/vulnerability/vulnerability--381e1839-650c-4ccf-b491-8dece359af38.json new file mode 100644 index 0000000000..bef3b9c197 --- /dev/null +++ b/objects/vulnerability/vulnerability--381e1839-650c-4ccf-b491-8dece359af38.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cab866ab-5636-42ca-8f63-71f46aaa0e15", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--381e1839-650c-4ccf-b491-8dece359af38", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.234715Z", + "modified": "2025-01-28T00:37:55.234715Z", + "name": "CVE-2024-57373", + "description": "Cross Site Request Forgery vulnerability in LifestyleStore v.1.0 allows a remote attacker to execute arbitrary cod and obtain sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57373" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3aadaa1e-26b5-4b32-b4b5-424b7cfeda5c.json b/objects/vulnerability/vulnerability--3aadaa1e-26b5-4b32-b4b5-424b7cfeda5c.json new file mode 100644 index 0000000000..e08acdc4d0 --- /dev/null +++ b/objects/vulnerability/vulnerability--3aadaa1e-26b5-4b32-b4b5-424b7cfeda5c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5a899ef1-e202-4d86-9c89-2aaf315ef8cd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3aadaa1e-26b5-4b32-b4b5-424b7cfeda5c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.687444Z", + "modified": "2025-01-28T00:37:54.687444Z", + "name": "CVE-2024-28786", + "description": "IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28786" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3c5ca325-2334-456a-8199-b99baf0ba3f2.json b/objects/vulnerability/vulnerability--3c5ca325-2334-456a-8199-b99baf0ba3f2.json new file mode 100644 index 0000000000..6f0576a5c4 --- /dev/null +++ b/objects/vulnerability/vulnerability--3c5ca325-2334-456a-8199-b99baf0ba3f2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c60c9982-04ba-4de4-9de0-69b6dc9ddc8c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3c5ca325-2334-456a-8199-b99baf0ba3f2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.494471Z", + "modified": "2025-01-28T00:38:05.494471Z", + "name": "CVE-2025-24094", + "description": "A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access user-sensitive data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24094" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3d4a88e0-e47a-4f34-abb2-e1d2f0a85d0f.json b/objects/vulnerability/vulnerability--3d4a88e0-e47a-4f34-abb2-e1d2f0a85d0f.json new file mode 100644 index 0000000000..b5dff0e594 --- /dev/null +++ b/objects/vulnerability/vulnerability--3d4a88e0-e47a-4f34-abb2-e1d2f0a85d0f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9a462b96-d628-4afc-8cb6-fef3e23c05a8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3d4a88e0-e47a-4f34-abb2-e1d2f0a85d0f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.335731Z", + "modified": "2025-01-28T00:38:05.335731Z", + "name": "CVE-2025-23574", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM allows Reflected XSS. This issue affects CubePM: from n/a through 1.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23574" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3db74b7b-fbe4-4615-ab1d-868607e5f419.json b/objects/vulnerability/vulnerability--3db74b7b-fbe4-4615-ab1d-868607e5f419.json new file mode 100644 index 0000000000..a5b2d87925 --- /dev/null +++ b/objects/vulnerability/vulnerability--3db74b7b-fbe4-4615-ab1d-868607e5f419.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--79c48bda-7c8b-4f57-a0c3-8f0a4b79d8fb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3db74b7b-fbe4-4615-ab1d-868607e5f419", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.89638Z", + "modified": "2025-01-28T00:37:54.89638Z", + "name": "CVE-2024-44172", + "description": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15. An app may be able to access contacts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-44172" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3e7405e2-9f51-4255-9573-b1f05fd3e37d.json b/objects/vulnerability/vulnerability--3e7405e2-9f51-4255-9573-b1f05fd3e37d.json new file mode 100644 index 0000000000..19efc6ec93 --- /dev/null +++ b/objects/vulnerability/vulnerability--3e7405e2-9f51-4255-9573-b1f05fd3e37d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2d7e9c69-d9b8-4ab9-8606-6e1fc9e3056a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3e7405e2-9f51-4255-9573-b1f05fd3e37d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.37284Z", + "modified": "2025-01-28T00:38:05.37284Z", + "name": "CVE-2025-24141", + "description": "An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24141" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--40f6c130-2510-4fc3-8554-e53fdbf63cfa.json b/objects/vulnerability/vulnerability--40f6c130-2510-4fc3-8554-e53fdbf63cfa.json new file mode 100644 index 0000000000..25b415bc91 --- /dev/null +++ b/objects/vulnerability/vulnerability--40f6c130-2510-4fc3-8554-e53fdbf63cfa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--78111181-07f0-419a-b1d8-71f18107c1a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--40f6c130-2510-4fc3-8554-e53fdbf63cfa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.24404Z", + "modified": "2025-01-28T00:37:55.24404Z", + "name": "CVE-2024-57549", + "description": "CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57549" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4175558c-4ff5-4763-96fc-c7dfe0b0c6cf.json b/objects/vulnerability/vulnerability--4175558c-4ff5-4763-96fc-c7dfe0b0c6cf.json new file mode 100644 index 0000000000..4359f0f416 --- /dev/null +++ b/objects/vulnerability/vulnerability--4175558c-4ff5-4763-96fc-c7dfe0b0c6cf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cb100dea-3254-4726-b18b-f35f1021ccbe", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4175558c-4ff5-4763-96fc-c7dfe0b0c6cf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.518634Z", + "modified": "2025-01-28T00:38:05.518634Z", + "name": "CVE-2025-0730", + "description": "A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0730" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41aa2fd8-36f5-4a34-be1b-6fa53480cda0.json b/objects/vulnerability/vulnerability--41aa2fd8-36f5-4a34-be1b-6fa53480cda0.json new file mode 100644 index 0000000000..c085e2a6c9 --- /dev/null +++ b/objects/vulnerability/vulnerability--41aa2fd8-36f5-4a34-be1b-6fa53480cda0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c7c45ee-20e2-46a0-bb55-b150e90895b1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41aa2fd8-36f5-4a34-be1b-6fa53480cda0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.7061Z", + "modified": "2025-01-28T00:37:55.7061Z", + "name": "CVE-2024-56959", + "description": "An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56959" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--41fcca3b-c8e1-4128-8286-bec8bc5bdd91.json b/objects/vulnerability/vulnerability--41fcca3b-c8e1-4128-8286-bec8bc5bdd91.json new file mode 100644 index 0000000000..ba783f54db --- /dev/null +++ b/objects/vulnerability/vulnerability--41fcca3b-c8e1-4128-8286-bec8bc5bdd91.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a9ad3d76-1928-453c-b9d6-5ae19b712a82", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--41fcca3b-c8e1-4128-8286-bec8bc5bdd91", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.025631Z", + "modified": "2025-01-28T00:37:55.025631Z", + "name": "CVE-2024-54509", + "description": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54509" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--42372ad7-6fc7-44af-bae6-48926ad38fa1.json b/objects/vulnerability/vulnerability--42372ad7-6fc7-44af-bae6-48926ad38fa1.json new file mode 100644 index 0000000000..de9275367f --- /dev/null +++ b/objects/vulnerability/vulnerability--42372ad7-6fc7-44af-bae6-48926ad38fa1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--587dfb1b-6ee0-48bb-a6e3-402a225c8130", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--42372ad7-6fc7-44af-bae6-48926ad38fa1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.41196Z", + "modified": "2025-01-28T00:38:05.41196Z", + "name": "CVE-2025-24120", + "description": "This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An attacker may be able to cause unexpected app termination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24120" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45706cf5-d699-4f50-a942-3d577b5a0144.json b/objects/vulnerability/vulnerability--45706cf5-d699-4f50-a942-3d577b5a0144.json new file mode 100644 index 0000000000..62d0d98f86 --- /dev/null +++ b/objects/vulnerability/vulnerability--45706cf5-d699-4f50-a942-3d577b5a0144.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--104316e0-0e8b-4e42-a6c0-81a36e074221", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45706cf5-d699-4f50-a942-3d577b5a0144", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:58.368464Z", + "modified": "2025-01-28T00:37:58.368464Z", + "name": "CVE-2022-4975", + "description": "A flaw was found in the Red Hat Advanced Cluster Security (RHACS) portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/* endpoints, the front-end generates a DOM table-element (id=\"pdf-table\"). This information is then populated with unsanitized data using innerHTML. An attacker with some control over the data rendered can trigger a cross-site scripting (XSS) vulnerability.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-4975" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--45b40f8e-3666-4de2-a839-82da05554f84.json b/objects/vulnerability/vulnerability--45b40f8e-3666-4de2-a839-82da05554f84.json new file mode 100644 index 0000000000..fdd37b9a77 --- /dev/null +++ b/objects/vulnerability/vulnerability--45b40f8e-3666-4de2-a839-82da05554f84.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8b2bf046-7c39-4a02-a958-58617000cae4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--45b40f8e-3666-4de2-a839-82da05554f84", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.081541Z", + "modified": "2025-01-28T00:37:55.081541Z", + "name": "CVE-2024-54507", + "description": "A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An attacker with user privileges may be able to read kernel memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54507" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--484ade62-d64f-44e4-bf14-0bdb586c3b25.json b/objects/vulnerability/vulnerability--484ade62-d64f-44e4-bf14-0bdb586c3b25.json new file mode 100644 index 0000000000..a8d095a31b --- /dev/null +++ b/objects/vulnerability/vulnerability--484ade62-d64f-44e4-bf14-0bdb586c3b25.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a42048f8-4171-4b7d-bf2b-dd741d194297", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--484ade62-d64f-44e4-bf14-0bdb586c3b25", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.459751Z", + "modified": "2025-01-28T00:38:05.459751Z", + "name": "CVE-2025-24671", + "description": "Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Object Injection. This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.4.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24671" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b329f89-43de-4281-9b9f-78a569c7bcd4.json b/objects/vulnerability/vulnerability--4b329f89-43de-4281-9b9f-78a569c7bcd4.json new file mode 100644 index 0000000000..670ee6529f --- /dev/null +++ b/objects/vulnerability/vulnerability--4b329f89-43de-4281-9b9f-78a569c7bcd4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--22dcf635-cc0b-4a64-97be-79187eef6535", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b329f89-43de-4281-9b9f-78a569c7bcd4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.399122Z", + "modified": "2025-01-28T00:38:05.399122Z", + "name": "CVE-2025-24159", + "description": "A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24159" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4b596d89-93fd-435a-b78b-944d76e219e3.json b/objects/vulnerability/vulnerability--4b596d89-93fd-435a-b78b-944d76e219e3.json new file mode 100644 index 0000000000..f7a2c9d2aa --- /dev/null +++ b/objects/vulnerability/vulnerability--4b596d89-93fd-435a-b78b-944d76e219e3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6e33843c-7c7d-430e-a7b8-24cc687dbec2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4b596d89-93fd-435a-b78b-944d76e219e3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.741832Z", + "modified": "2025-01-28T00:37:55.741832Z", + "name": "CVE-2024-56962", + "description": "An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56962" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4ba534e5-4225-4328-a3ee-c04c467987aa.json b/objects/vulnerability/vulnerability--4ba534e5-4225-4328-a3ee-c04c467987aa.json new file mode 100644 index 0000000000..81cae5fb3d --- /dev/null +++ b/objects/vulnerability/vulnerability--4ba534e5-4225-4328-a3ee-c04c467987aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bf1896ad-4990-46f6-9999-bc9e75ffcdd6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4ba534e5-4225-4328-a3ee-c04c467987aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.492397Z", + "modified": "2025-01-28T00:38:05.492397Z", + "name": "CVE-2025-24740", + "description": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress. This issue affects LearnPress: from n/a through 4.2.7.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24740" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4bba099b-cc67-4a1d-9d2a-a568f3da0a51.json b/objects/vulnerability/vulnerability--4bba099b-cc67-4a1d-9d2a-a568f3da0a51.json new file mode 100644 index 0000000000..d181208104 --- /dev/null +++ b/objects/vulnerability/vulnerability--4bba099b-cc67-4a1d-9d2a-a568f3da0a51.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e8fcef4a-5602-4570-a43b-7398c3ec793a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4bba099b-cc67-4a1d-9d2a-a568f3da0a51", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:00.857767Z", + "modified": "2025-01-28T00:38:00.857767Z", + "name": "CVE-2023-47159", + "description": "IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to enumerate usernames due to an observable discrepancy in request responses.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-47159" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4bd46c7e-92c7-4fb8-936e-9bb73d07e636.json b/objects/vulnerability/vulnerability--4bd46c7e-92c7-4fb8-936e-9bb73d07e636.json new file mode 100644 index 0000000000..76a0ba4929 --- /dev/null +++ b/objects/vulnerability/vulnerability--4bd46c7e-92c7-4fb8-936e-9bb73d07e636.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a53c5df0-060c-48b6-a4a8-ec16ee4082af", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4bd46c7e-92c7-4fb8-936e-9bb73d07e636", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.415533Z", + "modified": "2025-01-28T00:38:05.415533Z", + "name": "CVE-2025-24365", + "description": "vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be a part of the organization as an unprivileged user) and be the owner/admin of other organization (by default you can create your own organization) in order to attack. This vulnerability is fixed in 1.33.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24365" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4cfd8a1f-d317-4545-9664-daa70ce0a3d4.json b/objects/vulnerability/vulnerability--4cfd8a1f-d317-4545-9664-daa70ce0a3d4.json new file mode 100644 index 0000000000..5c7ceaa0e2 --- /dev/null +++ b/objects/vulnerability/vulnerability--4cfd8a1f-d317-4545-9664-daa70ce0a3d4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3df491e6-70dd-4299-be35-199ef8b17bf2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4cfd8a1f-d317-4545-9664-daa70ce0a3d4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.472952Z", + "modified": "2025-01-28T00:38:05.472952Z", + "name": "CVE-2025-24113", + "description": "The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24113" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4f4faf6e-0db1-4959-b5aa-73cc9524f5cd.json b/objects/vulnerability/vulnerability--4f4faf6e-0db1-4959-b5aa-73cc9524f5cd.json new file mode 100644 index 0000000000..a43d4ef733 --- /dev/null +++ b/objects/vulnerability/vulnerability--4f4faf6e-0db1-4959-b5aa-73cc9524f5cd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--80d1a615-f293-40d3-a2d1-5779c1196ce0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4f4faf6e-0db1-4959-b5aa-73cc9524f5cd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.321288Z", + "modified": "2025-01-28T00:38:05.321288Z", + "name": "CVE-2025-23529", + "description": "Missing Authorization vulnerability in Blokhaus Minterpress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Minterpress: from n/a through 1.0.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23529" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4fd4e5dd-bd98-4d47-8d07-1e29074e5c35.json b/objects/vulnerability/vulnerability--4fd4e5dd-bd98-4d47-8d07-1e29074e5c35.json new file mode 100644 index 0000000000..39a7e9fc7b --- /dev/null +++ b/objects/vulnerability/vulnerability--4fd4e5dd-bd98-4d47-8d07-1e29074e5c35.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--384c1957-8d31-417c-a525-adc097c06eee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4fd4e5dd-bd98-4d47-8d07-1e29074e5c35", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.424795Z", + "modified": "2025-01-28T00:38:05.424795Z", + "name": "CVE-2025-24369", + "description": "Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce (such as 42069), and then passes the challenge with difficulty zero. Commit e09d0226a628f04b1d80fd83bee777894a45cd02 fixes this behavior by not using a client-specified difficulty value.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24369" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5007cf2d-d739-4345-bd89-54527b18de39.json b/objects/vulnerability/vulnerability--5007cf2d-d739-4345-bd89-54527b18de39.json new file mode 100644 index 0000000000..affa72a2f3 --- /dev/null +++ b/objects/vulnerability/vulnerability--5007cf2d-d739-4345-bd89-54527b18de39.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4502dac6-e13b-4f04-aaa6-1c58909da126", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5007cf2d-d739-4345-bd89-54527b18de39", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.498506Z", + "modified": "2025-01-28T00:38:05.498506Z", + "name": "CVE-2025-24667", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.17.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24667" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--52b3a293-ddaf-4670-9934-7ecd9abdcec9.json b/objects/vulnerability/vulnerability--52b3a293-ddaf-4670-9934-7ecd9abdcec9.json new file mode 100644 index 0000000000..a74ced238a --- /dev/null +++ b/objects/vulnerability/vulnerability--52b3a293-ddaf-4670-9934-7ecd9abdcec9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--59e101e9-dd1e-4d3b-9e74-40c806c6deee", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--52b3a293-ddaf-4670-9934-7ecd9abdcec9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.035667Z", + "modified": "2025-01-28T00:37:55.035667Z", + "name": "CVE-2024-54497", + "description": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing web content may lead to a denial-of-service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54497" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5324c001-b574-4318-b5eb-9df1925440b3.json b/objects/vulnerability/vulnerability--5324c001-b574-4318-b5eb-9df1925440b3.json new file mode 100644 index 0000000000..43938f4673 --- /dev/null +++ b/objects/vulnerability/vulnerability--5324c001-b574-4318-b5eb-9df1925440b3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0763d665-45d9-4bb6-a508-85b96ae5aa7a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5324c001-b574-4318-b5eb-9df1925440b3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.367009Z", + "modified": "2025-01-28T00:38:05.367009Z", + "name": "CVE-2025-24367", + "description": "Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24367" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--53b17a66-29d8-4683-a5ef-b3ec12925772.json b/objects/vulnerability/vulnerability--53b17a66-29d8-4683-a5ef-b3ec12925772.json new file mode 100644 index 0000000000..c0f2fb83ed --- /dev/null +++ b/objects/vulnerability/vulnerability--53b17a66-29d8-4683-a5ef-b3ec12925772.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7c39965-b50f-46bc-8a87-70e050bd765f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--53b17a66-29d8-4683-a5ef-b3ec12925772", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.583897Z", + "modified": "2025-01-28T00:37:54.583897Z", + "name": "CVE-2024-12740", + "description": "Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12740" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--54576158-cf87-4ad8-bfd0-12a731e1e05c.json b/objects/vulnerability/vulnerability--54576158-cf87-4ad8-bfd0-12a731e1e05c.json new file mode 100644 index 0000000000..c88c78d93e --- /dev/null +++ b/objects/vulnerability/vulnerability--54576158-cf87-4ad8-bfd0-12a731e1e05c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51c3892a-c119-4873-bbd3-fd6207934cfa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--54576158-cf87-4ad8-bfd0-12a731e1e05c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.702Z", + "modified": "2025-01-28T00:37:55.702Z", + "name": "CVE-2024-56178", + "description": "An issue was discovered in Couchbase Server 7.6.x through 7.6.3. A user with the security_admin_local role can create a new user in a group that has the admin role.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56178" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--54d77cf5-e450-411c-b4d5-46be06a0c02f.json b/objects/vulnerability/vulnerability--54d77cf5-e450-411c-b4d5-46be06a0c02f.json new file mode 100644 index 0000000000..e79b51ec83 --- /dev/null +++ b/objects/vulnerability/vulnerability--54d77cf5-e450-411c-b4d5-46be06a0c02f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1bdbd307-e488-4703-9c3e-70ec4dea0a84", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--54d77cf5-e450-411c-b4d5-46be06a0c02f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.433611Z", + "modified": "2025-01-28T00:38:05.433611Z", + "name": "CVE-2025-24087", + "description": "The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24087" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--56dccf6c-2ef2-4487-992a-e2201209ce6b.json b/objects/vulnerability/vulnerability--56dccf6c-2ef2-4487-992a-e2201209ce6b.json new file mode 100644 index 0000000000..12268813e1 --- /dev/null +++ b/objects/vulnerability/vulnerability--56dccf6c-2ef2-4487-992a-e2201209ce6b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0864813e-5a1d-4451-a432-2cbb6d40a2c4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--56dccf6c-2ef2-4487-992a-e2201209ce6b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.307961Z", + "modified": "2025-01-28T00:38:05.307961Z", + "name": "CVE-2025-23754", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ulrich Sossou The Loops allows Reflected XSS. This issue affects The Loops: from n/a through 1.0.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23754" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--57f86350-8f9c-4218-8571-4a2d1f5979ef.json b/objects/vulnerability/vulnerability--57f86350-8f9c-4218-8571-4a2d1f5979ef.json new file mode 100644 index 0000000000..521bfff1ec --- /dev/null +++ b/objects/vulnerability/vulnerability--57f86350-8f9c-4218-8571-4a2d1f5979ef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bea4610f-5153-4e89-a7e6-10139a8a69b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--57f86350-8f9c-4218-8571-4a2d1f5979ef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.736185Z", + "modified": "2025-01-28T00:37:55.736185Z", + "name": "CVE-2024-56952", + "description": "An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56952" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--59cb2bd4-880b-4626-bedc-d55d1c3c61dd.json b/objects/vulnerability/vulnerability--59cb2bd4-880b-4626-bedc-d55d1c3c61dd.json new file mode 100644 index 0000000000..3baaa5f0c1 --- /dev/null +++ b/objects/vulnerability/vulnerability--59cb2bd4-880b-4626-bedc-d55d1c3c61dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99a5cae4-bd29-4e74-81dc-3b4f1098e090", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--59cb2bd4-880b-4626-bedc-d55d1c3c61dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.395149Z", + "modified": "2025-01-28T00:38:05.395149Z", + "name": "CVE-2025-24140", + "description": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. Files downloaded from the internet may not have the quarantine flag applied.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24140" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5c7f6a41-e7ca-45d3-b905-1da3904697ca.json b/objects/vulnerability/vulnerability--5c7f6a41-e7ca-45d3-b905-1da3904697ca.json new file mode 100644 index 0000000000..7386a43d7d --- /dev/null +++ b/objects/vulnerability/vulnerability--5c7f6a41-e7ca-45d3-b905-1da3904697ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--136d6dd6-db18-42e4-bb03-8780c7990f41", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5c7f6a41-e7ca-45d3-b905-1da3904697ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.338806Z", + "modified": "2025-01-28T00:38:05.338806Z", + "name": "CVE-2025-23669", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nurul Amin, Mohammad Saiful Islam WP Smart Tooltip allows Stored XSS. This issue affects WP Smart Tooltip: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23669" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5d0adccf-ac64-45b0-937f-dcb44db7aff2.json b/objects/vulnerability/vulnerability--5d0adccf-ac64-45b0-937f-dcb44db7aff2.json new file mode 100644 index 0000000000..d88a9972f2 --- /dev/null +++ b/objects/vulnerability/vulnerability--5d0adccf-ac64-45b0-937f-dcb44db7aff2.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f453c060-f13d-47e5-858d-efc35ed373e1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5d0adccf-ac64-45b0-937f-dcb44db7aff2", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:56.489058Z", + "modified": "2025-01-28T00:37:56.489058Z", + "name": "CVE-2024-48417", + "description": "Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48417" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5df8eb3a-d5cf-482f-a456-e23e6369625f.json b/objects/vulnerability/vulnerability--5df8eb3a-d5cf-482f-a456-e23e6369625f.json new file mode 100644 index 0000000000..a6e8ff4476 --- /dev/null +++ b/objects/vulnerability/vulnerability--5df8eb3a-d5cf-482f-a456-e23e6369625f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f96dca4d-68cd-49c2-8cad-2128b7b93d8c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5df8eb3a-d5cf-482f-a456-e23e6369625f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:56.445968Z", + "modified": "2025-01-28T00:37:56.445968Z", + "name": "CVE-2024-55228", + "description": "A cross-site scripting (XSS) vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55228" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5fa208b1-a252-4ff5-851e-e1931a8a7838.json b/objects/vulnerability/vulnerability--5fa208b1-a252-4ff5-851e-e1931a8a7838.json new file mode 100644 index 0000000000..1781a4f255 --- /dev/null +++ b/objects/vulnerability/vulnerability--5fa208b1-a252-4ff5-851e-e1931a8a7838.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bf39bde7-67b2-4b30-bfff-8472e3d022d7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5fa208b1-a252-4ff5-851e-e1931a8a7838", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.713443Z", + "modified": "2025-01-28T00:37:55.713443Z", + "name": "CVE-2024-56316", + "description": "In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve the permanent Denial of Service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56316" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5ff67fc6-8058-4168-beee-6b58e106fe6d.json b/objects/vulnerability/vulnerability--5ff67fc6-8058-4168-beee-6b58e106fe6d.json new file mode 100644 index 0000000000..772f3f34a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--5ff67fc6-8058-4168-beee-6b58e106fe6d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--fff0f697-55e5-4555-8f71-a493a8628d3f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5ff67fc6-8058-4168-beee-6b58e106fe6d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.461829Z", + "modified": "2025-01-28T00:38:05.461829Z", + "name": "CVE-2025-24151", + "description": "The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or corrupt kernel memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24151" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--608a41a2-e541-400d-9865-c0ac2b0670d7.json b/objects/vulnerability/vulnerability--608a41a2-e541-400d-9865-c0ac2b0670d7.json new file mode 100644 index 0000000000..5690b0c4bb --- /dev/null +++ b/objects/vulnerability/vulnerability--608a41a2-e541-400d-9865-c0ac2b0670d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b2f926c9-3bc5-4769-9b71-0ba7544ed014", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--608a41a2-e541-400d-9865-c0ac2b0670d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.410871Z", + "modified": "2025-01-28T00:38:05.410871Z", + "name": "CVE-2025-24139", + "description": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. Parsing a maliciously crafted file may lead to an unexpected app termination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24139" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--608c4ae8-ab43-440f-aacd-cc9ffd1cf3a1.json b/objects/vulnerability/vulnerability--608c4ae8-ab43-440f-aacd-cc9ffd1cf3a1.json new file mode 100644 index 0000000000..4758abcc98 --- /dev/null +++ b/objects/vulnerability/vulnerability--608c4ae8-ab43-440f-aacd-cc9ffd1cf3a1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84cdd31f-f6b2-4df4-90e9-241dd42e161c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--608c4ae8-ab43-440f-aacd-cc9ffd1cf3a1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.361148Z", + "modified": "2025-01-28T00:38:05.361148Z", + "name": "CVE-2025-24685", + "description": "Path Traversal vulnerability in MORKVA Morkva UA Shipping allows PHP Local File Inclusion. This issue affects Morkva UA Shipping: from n/a through 1.0.18.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24685" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62bdeadb-be37-4651-8767-679ec93a29d9.json b/objects/vulnerability/vulnerability--62bdeadb-be37-4651-8767-679ec93a29d9.json new file mode 100644 index 0000000000..5afdb9da0e --- /dev/null +++ b/objects/vulnerability/vulnerability--62bdeadb-be37-4651-8767-679ec93a29d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--24a17c78-2458-41f9-a42f-ff13d75f4320", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62bdeadb-be37-4651-8767-679ec93a29d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.948404Z", + "modified": "2025-01-28T00:37:54.948404Z", + "name": "CVE-2024-22316", + "description": "IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-22316" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--62c02926-b52f-41c2-a4ad-3720465f2375.json b/objects/vulnerability/vulnerability--62c02926-b52f-41c2-a4ad-3720465f2375.json new file mode 100644 index 0000000000..f8daad588b --- /dev/null +++ b/objects/vulnerability/vulnerability--62c02926-b52f-41c2-a4ad-3720465f2375.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82eb92ed-f404-4fba-9c20-61c4b71ae643", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--62c02926-b52f-41c2-a4ad-3720465f2375", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.238636Z", + "modified": "2025-01-28T00:37:55.238636Z", + "name": "CVE-2024-57052", + "description": "An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57052" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6326544e-d44d-4ea0-bba6-afe1fd73da48.json b/objects/vulnerability/vulnerability--6326544e-d44d-4ea0-bba6-afe1fd73da48.json new file mode 100644 index 0000000000..13e6ec1c1a --- /dev/null +++ b/objects/vulnerability/vulnerability--6326544e-d44d-4ea0-bba6-afe1fd73da48.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1c87181d-0db9-46ed-ad38-c8a28fabe5b8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6326544e-d44d-4ea0-bba6-afe1fd73da48", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.090568Z", + "modified": "2025-01-28T00:37:55.090568Z", + "name": "CVE-2024-54518", + "description": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54518" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63d30aa5-c9f3-41d0-b7cf-228de6182fbd.json b/objects/vulnerability/vulnerability--63d30aa5-c9f3-41d0-b7cf-228de6182fbd.json new file mode 100644 index 0000000000..edf5c787e3 --- /dev/null +++ b/objects/vulnerability/vulnerability--63d30aa5-c9f3-41d0-b7cf-228de6182fbd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4af8676c-a392-458c-9bc2-bbcf218ee874", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63d30aa5-c9f3-41d0-b7cf-228de6182fbd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.037454Z", + "modified": "2025-01-28T00:37:55.037454Z", + "name": "CVE-2024-54499", + "description": "A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54499" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--63da2ae3-2766-4c38-b6b0-c2dafbf58e82.json b/objects/vulnerability/vulnerability--63da2ae3-2766-4c38-b6b0-c2dafbf58e82.json new file mode 100644 index 0000000000..c7ddab5ecd --- /dev/null +++ b/objects/vulnerability/vulnerability--63da2ae3-2766-4c38-b6b0-c2dafbf58e82.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd46d9d7-edb6-4de6-8ef2-801186fb6e3b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--63da2ae3-2766-4c38-b6b0-c2dafbf58e82", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.346287Z", + "modified": "2025-01-28T00:38:05.346287Z", + "name": "CVE-2025-23792", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint allows Reflected XSS. This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through 1.1.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23792" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6455e4b1-323f-499f-9cbf-6bdf85286358.json b/objects/vulnerability/vulnerability--6455e4b1-323f-499f-9cbf-6bdf85286358.json new file mode 100644 index 0000000000..4000278d07 --- /dev/null +++ b/objects/vulnerability/vulnerability--6455e4b1-323f-499f-9cbf-6bdf85286358.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8bede78a-fa78-4745-9471-2d406e2a1b88", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6455e4b1-323f-499f-9cbf-6bdf85286358", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.465974Z", + "modified": "2025-01-28T00:38:05.465974Z", + "name": "CVE-2025-24538", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in slaFFik BuddyPress Groups Extras allows Cross Site Request Forgery. This issue affects BuddyPress Groups Extras: from n/a through 3.6.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24538" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--652432d1-1e52-436e-8cfc-64997fe8ec24.json b/objects/vulnerability/vulnerability--652432d1-1e52-436e-8cfc-64997fe8ec24.json new file mode 100644 index 0000000000..4353c83113 --- /dev/null +++ b/objects/vulnerability/vulnerability--652432d1-1e52-436e-8cfc-64997fe8ec24.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4e0b43c3-d151-4fee-b7a8-1f1ae41cfd46", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--652432d1-1e52-436e-8cfc-64997fe8ec24", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.363384Z", + "modified": "2025-01-28T00:38:05.363384Z", + "name": "CVE-2025-24176", + "description": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24176" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--65db94aa-0de4-4594-aa8d-5bbde317f8de.json b/objects/vulnerability/vulnerability--65db94aa-0de4-4594-aa8d-5bbde317f8de.json new file mode 100644 index 0000000000..bc030f0dab --- /dev/null +++ b/objects/vulnerability/vulnerability--65db94aa-0de4-4594-aa8d-5bbde317f8de.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a7094213-8385-4481-a803-c0284da05127", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--65db94aa-0de4-4594-aa8d-5bbde317f8de", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.487566Z", + "modified": "2025-01-28T00:38:05.487566Z", + "name": "CVE-2025-24102", + "description": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to determine a user’s current location.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24102" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--66df8471-6835-4d3e-9777-0cc10d2cdfd1.json b/objects/vulnerability/vulnerability--66df8471-6835-4d3e-9777-0cc10d2cdfd1.json new file mode 100644 index 0000000000..21ce8bb74f --- /dev/null +++ b/objects/vulnerability/vulnerability--66df8471-6835-4d3e-9777-0cc10d2cdfd1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d23b99f3-b3be-42da-b7b8-b5f09a51e5f2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--66df8471-6835-4d3e-9777-0cc10d2cdfd1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.240983Z", + "modified": "2025-01-28T00:37:55.240983Z", + "name": "CVE-2024-57547", + "description": "Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57547" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6908810a-5221-483f-9b19-aae44daf3878.json b/objects/vulnerability/vulnerability--6908810a-5221-483f-9b19-aae44daf3878.json new file mode 100644 index 0000000000..acd74e9776 --- /dev/null +++ b/objects/vulnerability/vulnerability--6908810a-5221-483f-9b19-aae44daf3878.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--acedaddb-4aeb-408a-af37-e7e4e6526260", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6908810a-5221-483f-9b19-aae44daf3878", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.37634Z", + "modified": "2025-01-28T00:38:05.37634Z", + "name": "CVE-2025-24117", + "description": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24117" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--695afa15-a8db-4bd4-88d8-3513e62076f8.json b/objects/vulnerability/vulnerability--695afa15-a8db-4bd4-88d8-3513e62076f8.json new file mode 100644 index 0000000000..c7ad9bf7c0 --- /dev/null +++ b/objects/vulnerability/vulnerability--695afa15-a8db-4bd4-88d8-3513e62076f8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3481efb9-f3bb-4ad0-bd34-2c9871969212", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--695afa15-a8db-4bd4-88d8-3513e62076f8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:56.485925Z", + "modified": "2025-01-28T00:37:56.485925Z", + "name": "CVE-2024-48662", + "description": "Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (4778) and before allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48662" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--69dc4df2-8fa7-4472-937b-939f2e01ed4c.json b/objects/vulnerability/vulnerability--69dc4df2-8fa7-4472-937b-939f2e01ed4c.json new file mode 100644 index 0000000000..22e4ed5a0d --- /dev/null +++ b/objects/vulnerability/vulnerability--69dc4df2-8fa7-4472-937b-939f2e01ed4c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--be7d6838-5a93-4e5f-a12b-c6ab8cefb894", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--69dc4df2-8fa7-4472-937b-939f2e01ed4c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.215356Z", + "modified": "2025-01-28T00:37:55.215356Z", + "name": "CVE-2024-57595", + "description": "DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter \"wps_pin\" passed to the apc_client_pin.cgi binary through a POST request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57595" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6aae3b17-daf9-42fd-84c1-1c2c4352e8d1.json b/objects/vulnerability/vulnerability--6aae3b17-daf9-42fd-84c1-1c2c4352e8d1.json new file mode 100644 index 0000000000..d2eb78b021 --- /dev/null +++ b/objects/vulnerability/vulnerability--6aae3b17-daf9-42fd-84c1-1c2c4352e8d1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--48080328-ba79-4848-a17c-fcbacd659e79", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6aae3b17-daf9-42fd-84c1-1c2c4352e8d1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.491242Z", + "modified": "2025-01-28T00:38:05.491242Z", + "name": "CVE-2025-24356", + "description": "fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This \"fast reconnect\" avoids having to wait for a session timeout (up to ~90s) until a new connection is established. Even a 1-byte UDP packet just containing the fastd packet type header can trigger a much larger handshake packet (~150 bytes of UDP payload). Including IPv4 and UDP headers, the resulting amplification factor is roughly 12-13. By sending data packets with a spoofed source address to fastd instances reachable on the internet, this amplification of UDP traffic might be used to facilitate a Distributed Denial of Service attack. This vulnerability is fixed in v23.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24356" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6b25ec2f-5b57-45b8-bbb3-3200202db39b.json b/objects/vulnerability/vulnerability--6b25ec2f-5b57-45b8-bbb3-3200202db39b.json new file mode 100644 index 0000000000..dd900dbd7d --- /dev/null +++ b/objects/vulnerability/vulnerability--6b25ec2f-5b57-45b8-bbb3-3200202db39b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e278ffa9-e874-4f88-952a-f362d802c9ce", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6b25ec2f-5b57-45b8-bbb3-3200202db39b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.693954Z", + "modified": "2025-01-28T00:37:55.693954Z", + "name": "CVE-2024-56954", + "description": "An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56954" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6c5445cb-c15d-4e12-862f-e2599eb12542.json b/objects/vulnerability/vulnerability--6c5445cb-c15d-4e12-862f-e2599eb12542.json new file mode 100644 index 0000000000..205aece73c --- /dev/null +++ b/objects/vulnerability/vulnerability--6c5445cb-c15d-4e12-862f-e2599eb12542.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a12f3dd0-f8d3-4d08-8082-2041b680b994", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6c5445cb-c15d-4e12-862f-e2599eb12542", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.253589Z", + "modified": "2025-01-28T00:37:55.253589Z", + "name": "CVE-2024-57590", + "description": "TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface \"ntp_sync.cgi\",which allows remote attackers to execute arbitrary commands via parameter \"ntp_server\" passed to the \"ntp_sync.cgi\" binary through a POST request.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57590" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6d98376b-53f3-4581-94dd-f073d4980365.json b/objects/vulnerability/vulnerability--6d98376b-53f3-4581-94dd-f073d4980365.json new file mode 100644 index 0000000000..7f216816ec --- /dev/null +++ b/objects/vulnerability/vulnerability--6d98376b-53f3-4581-94dd-f073d4980365.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7b6a79d4-d093-4fb9-bff7-fbf9b8e5cdc8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6d98376b-53f3-4581-94dd-f073d4980365", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.416663Z", + "modified": "2025-01-28T00:38:05.416663Z", + "name": "CVE-2025-24540", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Cross Site Request Forgery. This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.18.9.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24540" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f01a139-2a1e-4459-aa22-f7de0236062d.json b/objects/vulnerability/vulnerability--6f01a139-2a1e-4459-aa22-f7de0236062d.json new file mode 100644 index 0000000000..04275acf2a --- /dev/null +++ b/objects/vulnerability/vulnerability--6f01a139-2a1e-4459-aa22-f7de0236062d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ab98ca33-741e-48ec-bd59-6ba4e2bb7949", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f01a139-2a1e-4459-aa22-f7de0236062d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.336866Z", + "modified": "2025-01-28T00:38:05.336866Z", + "name": "CVE-2025-23849", + "description": "Missing Authorization vulnerability in Benjamin Piwowarski PAPERCITE allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PAPERCITE: from n/a through 0.5.18.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23849" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f2fbd72-6505-4e79-896f-5ca091a78b3c.json b/objects/vulnerability/vulnerability--6f2fbd72-6505-4e79-896f-5ca091a78b3c.json new file mode 100644 index 0000000000..eee8b70d90 --- /dev/null +++ b/objects/vulnerability/vulnerability--6f2fbd72-6505-4e79-896f-5ca091a78b3c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--712b509e-8bb9-424d-b21f-534bc30bcb3a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f2fbd72-6505-4e79-896f-5ca091a78b3c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:56.494161Z", + "modified": "2025-01-28T00:37:56.494161Z", + "name": "CVE-2024-48841", + "description": "Network access can be used to execute arbitrary code with elevated privileges. \n\n\n\n\n\nThis\nissue affects FLXEON 9.3.4 and older.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-48841" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6f92c883-896b-466c-9a27-121855cef9fb.json b/objects/vulnerability/vulnerability--6f92c883-896b-466c-9a27-121855cef9fb.json new file mode 100644 index 0000000000..8b3c64ec79 --- /dev/null +++ b/objects/vulnerability/vulnerability--6f92c883-896b-466c-9a27-121855cef9fb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9400a419-5d78-456e-8e04-7929072154bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6f92c883-896b-466c-9a27-121855cef9fb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.719551Z", + "modified": "2025-01-28T00:37:55.719551Z", + "name": "CVE-2024-56969", + "description": "An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56969" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--71c674f2-6ca1-4b5f-b25c-da2463fb2a54.json b/objects/vulnerability/vulnerability--71c674f2-6ca1-4b5f-b25c-da2463fb2a54.json new file mode 100644 index 0000000000..047933bfa9 --- /dev/null +++ b/objects/vulnerability/vulnerability--71c674f2-6ca1-4b5f-b25c-da2463fb2a54.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66a48b77-0047-40b1-a770-2884fe39fb68", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--71c674f2-6ca1-4b5f-b25c-da2463fb2a54", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.38222Z", + "modified": "2025-01-28T00:38:05.38222Z", + "name": "CVE-2025-24747", + "description": "Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24747" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7344e380-aa54-4010-bdd3-27196dc73ff0.json b/objects/vulnerability/vulnerability--7344e380-aa54-4010-bdd3-27196dc73ff0.json new file mode 100644 index 0000000000..8f853c4531 --- /dev/null +++ b/objects/vulnerability/vulnerability--7344e380-aa54-4010-bdd3-27196dc73ff0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c8a35b12-2699-4df2-98a9-12a0a047867c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7344e380-aa54-4010-bdd3-27196dc73ff0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.440431Z", + "modified": "2025-01-28T00:38:05.440431Z", + "name": "CVE-2025-24115", + "description": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read files outside of its sandbox.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24115" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7632ddd2-5f37-49dc-aa0f-bbf6b615c03c.json b/objects/vulnerability/vulnerability--7632ddd2-5f37-49dc-aa0f-bbf6b615c03c.json new file mode 100644 index 0000000000..c7d69031d4 --- /dev/null +++ b/objects/vulnerability/vulnerability--7632ddd2-5f37-49dc-aa0f-bbf6b615c03c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--528b7e54-f146-4de4-8880-1c10e01aee61", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7632ddd2-5f37-49dc-aa0f-bbf6b615c03c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.404749Z", + "modified": "2025-01-28T00:38:05.404749Z", + "name": "CVE-2025-24135", + "description": "This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24135" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7665f277-8f0d-491c-ab9e-7d70760a975f.json b/objects/vulnerability/vulnerability--7665f277-8f0d-491c-ab9e-7d70760a975f.json new file mode 100644 index 0000000000..1efa35b81b --- /dev/null +++ b/objects/vulnerability/vulnerability--7665f277-8f0d-491c-ab9e-7d70760a975f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c1e17c19-8078-44d1-b76d-12bf7a1e324c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7665f277-8f0d-491c-ab9e-7d70760a975f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:57.155258Z", + "modified": "2025-01-28T00:37:57.155258Z", + "name": "CVE-2024-43445", + "description": "A vulnerability exists in OTRS and ((OTRS Community Edition)) that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. \n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43445" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--78bc5e75-b525-4eb8-bf9d-7e245748a0b5.json b/objects/vulnerability/vulnerability--78bc5e75-b525-4eb8-bf9d-7e245748a0b5.json new file mode 100644 index 0000000000..164d4a3626 --- /dev/null +++ b/objects/vulnerability/vulnerability--78bc5e75-b525-4eb8-bf9d-7e245748a0b5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--46f6590f-def4-4014-8f16-ba890bb7a90a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--78bc5e75-b525-4eb8-bf9d-7e245748a0b5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.414308Z", + "modified": "2025-01-28T00:38:05.414308Z", + "name": "CVE-2025-24156", + "description": "An integer overflow was addressed through improved input validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to elevate privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24156" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ac78dc8-ba9a-47e7-86f5-951ead637512.json b/objects/vulnerability/vulnerability--7ac78dc8-ba9a-47e7-86f5-951ead637512.json new file mode 100644 index 0000000000..7cc27f9c21 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ac78dc8-ba9a-47e7-86f5-951ead637512.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e60adf9e-b210-45e7-a013-5efa8d1e1f21", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ac78dc8-ba9a-47e7-86f5-951ead637512", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.700942Z", + "modified": "2025-01-28T00:37:55.700942Z", + "name": "CVE-2024-56953", + "description": "An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56953" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7b5f9c5a-2ebb-4451-bca6-150a64910e25.json b/objects/vulnerability/vulnerability--7b5f9c5a-2ebb-4451-bca6-150a64910e25.json new file mode 100644 index 0000000000..61e39cd1ae --- /dev/null +++ b/objects/vulnerability/vulnerability--7b5f9c5a-2ebb-4451-bca6-150a64910e25.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--02898654-97d6-472b-864e-7a7e3c9ca337", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7b5f9c5a-2ebb-4451-bca6-150a64910e25", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.448661Z", + "modified": "2025-01-28T00:38:05.448661Z", + "name": "CVE-2025-24664", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology LTL Freight Quotes – Worldwide Express Edition allows SQL Injection. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.20.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24664" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7d51b747-ddd5-4f81-931e-ff1237495b8d.json b/objects/vulnerability/vulnerability--7d51b747-ddd5-4f81-931e-ff1237495b8d.json new file mode 100644 index 0000000000..a9a5f7f7f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--7d51b747-ddd5-4f81-931e-ff1237495b8d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a1c45af4-f233-45b6-8a35-41aac6e37173", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7d51b747-ddd5-4f81-931e-ff1237495b8d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:00.038506Z", + "modified": "2025-01-28T00:38:00.038506Z", + "name": "CVE-2023-46187", + "description": "IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-46187" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7e7bd360-3499-4a6a-81a6-7fb0220de373.json b/objects/vulnerability/vulnerability--7e7bd360-3499-4a6a-81a6-7fb0220de373.json new file mode 100644 index 0000000000..5533095b02 --- /dev/null +++ b/objects/vulnerability/vulnerability--7e7bd360-3499-4a6a-81a6-7fb0220de373.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c001ba82-f200-4239-8918-8961c51efe57", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7e7bd360-3499-4a6a-81a6-7fb0220de373", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.4369Z", + "modified": "2025-01-28T00:38:05.4369Z", + "name": "CVE-2025-24137", + "description": "A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24137" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7f178815-04dc-4f9c-928f-c6f46c04386b.json b/objects/vulnerability/vulnerability--7f178815-04dc-4f9c-928f-c6f46c04386b.json new file mode 100644 index 0000000000..32800580df --- /dev/null +++ b/objects/vulnerability/vulnerability--7f178815-04dc-4f9c-928f-c6f46c04386b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3ee46e8c-d8e8-4d99-831c-b6f87a37cf7a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7f178815-04dc-4f9c-928f-c6f46c04386b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.596027Z", + "modified": "2025-01-28T00:37:55.596027Z", + "name": "CVE-2024-13052", + "description": "The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13052" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ff4ca57-50e2-4018-a7ca-9255624ab5e7.json b/objects/vulnerability/vulnerability--7ff4ca57-50e2-4018-a7ca-9255624ab5e7.json new file mode 100644 index 0000000000..b3a79592bf --- /dev/null +++ b/objects/vulnerability/vulnerability--7ff4ca57-50e2-4018-a7ca-9255624ab5e7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3b25a4a3-7c24-4a6c-9506-62ad9e60c974", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ff4ca57-50e2-4018-a7ca-9255624ab5e7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:57.658207Z", + "modified": "2025-01-28T00:37:57.658207Z", + "name": "CVE-2022-31749", + "description": "An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard Firebox and XTM appliances", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2022-31749" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--7ffd8d02-c057-4ff1-9986-145322430a05.json b/objects/vulnerability/vulnerability--7ffd8d02-c057-4ff1-9986-145322430a05.json new file mode 100644 index 0000000000..f64659d698 --- /dev/null +++ b/objects/vulnerability/vulnerability--7ffd8d02-c057-4ff1-9986-145322430a05.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3a6d8608-173a-448e-978d-3fd7e8cd7549", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--7ffd8d02-c057-4ff1-9986-145322430a05", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.730922Z", + "modified": "2025-01-28T00:37:55.730922Z", + "name": "CVE-2024-56960", + "description": "An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56960" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--839690cc-684c-4531-907f-1d27ef246094.json b/objects/vulnerability/vulnerability--839690cc-684c-4531-907f-1d27ef246094.json new file mode 100644 index 0000000000..a066e112a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--839690cc-684c-4531-907f-1d27ef246094.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d1e5c2c-2c66-41c3-a9d1-8354da005971", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--839690cc-684c-4531-907f-1d27ef246094", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.438021Z", + "modified": "2025-01-28T00:38:05.438021Z", + "name": "CVE-2025-24628", + "description": "Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24628" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--83d512d0-442f-4e9b-900e-44e777f9d96d.json b/objects/vulnerability/vulnerability--83d512d0-442f-4e9b-900e-44e777f9d96d.json new file mode 100644 index 0000000000..8c63c17485 --- /dev/null +++ b/objects/vulnerability/vulnerability--83d512d0-442f-4e9b-900e-44e777f9d96d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2bce4654-7d7e-4e12-85e6-aa17b0c77069", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--83d512d0-442f-4e9b-900e-44e777f9d96d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.429009Z", + "modified": "2025-01-28T00:38:05.429009Z", + "name": "CVE-2025-24626", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Music Store allows Reflected XSS. This issue affects Music Store: from n/a through 1.1.19.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24626" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--85236328-6511-4c4b-85df-624aefec2928.json b/objects/vulnerability/vulnerability--85236328-6511-4c4b-85df-624aefec2928.json new file mode 100644 index 0000000000..0bfd370bd4 --- /dev/null +++ b/objects/vulnerability/vulnerability--85236328-6511-4c4b-85df-624aefec2928.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7443d03f-b603-402b-b66a-259c19b8feb9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--85236328-6511-4c4b-85df-624aefec2928", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.486398Z", + "modified": "2025-01-28T00:38:05.486398Z", + "name": "CVE-2025-24127", + "description": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24127" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8540fa20-354e-452a-a76c-6067f534c2d9.json b/objects/vulnerability/vulnerability--8540fa20-354e-452a-a76c-6067f534c2d9.json new file mode 100644 index 0000000000..02936cf031 --- /dev/null +++ b/objects/vulnerability/vulnerability--8540fa20-354e-452a-a76c-6067f534c2d9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85c90d28-20f9-4452-abd3-3f7366cddf40", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8540fa20-354e-452a-a76c-6067f534c2d9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.456288Z", + "modified": "2025-01-28T00:38:05.456288Z", + "name": "CVE-2025-24152", + "description": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app may be able to cause unexpected system termination or corrupt kernel memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24152" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--85589134-6bc8-42d3-bce8-8950ca67095f.json b/objects/vulnerability/vulnerability--85589134-6bc8-42d3-bce8-8950ca67095f.json new file mode 100644 index 0000000000..9d88212c45 --- /dev/null +++ b/objects/vulnerability/vulnerability--85589134-6bc8-42d3-bce8-8950ca67095f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--40bd2a85-bd28-4529-9278-13a4f98bf908", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--85589134-6bc8-42d3-bce8-8950ca67095f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.747919Z", + "modified": "2025-01-28T00:37:55.747919Z", + "name": "CVE-2024-56947", + "description": "An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56947" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--85740425-92cd-49a2-a3a4-fb848e88298f.json b/objects/vulnerability/vulnerability--85740425-92cd-49a2-a3a4-fb848e88298f.json new file mode 100644 index 0000000000..4040debf17 --- /dev/null +++ b/objects/vulnerability/vulnerability--85740425-92cd-49a2-a3a4-fb848e88298f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94f69302-03ba-4eab-9310-bdb7fc7ea4b3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--85740425-92cd-49a2-a3a4-fb848e88298f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.05299Z", + "modified": "2025-01-28T00:37:55.05299Z", + "name": "CVE-2024-54522", + "description": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54522" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8a14f3da-d969-40bc-b6fd-d7cae8b7bd4d.json b/objects/vulnerability/vulnerability--8a14f3da-d969-40bc-b6fd-d7cae8b7bd4d.json new file mode 100644 index 0000000000..0ec58a669f --- /dev/null +++ b/objects/vulnerability/vulnerability--8a14f3da-d969-40bc-b6fd-d7cae8b7bd4d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--71632c21-af2b-4e93-b591-661c6fc890aa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8a14f3da-d969-40bc-b6fd-d7cae8b7bd4d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.44695Z", + "modified": "2025-01-28T00:38:05.44695Z", + "name": "CVE-2025-24653", + "description": "Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24653" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8a8fd4df-3713-4bd9-bf72-1d5f8baae67f.json b/objects/vulnerability/vulnerability--8a8fd4df-3713-4bd9-bf72-1d5f8baae67f.json new file mode 100644 index 0000000000..f8442c698f --- /dev/null +++ b/objects/vulnerability/vulnerability--8a8fd4df-3713-4bd9-bf72-1d5f8baae67f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0f75bf51-75f8-4693-9236-e483896f1f91", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8a8fd4df-3713-4bd9-bf72-1d5f8baae67f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.391224Z", + "modified": "2025-01-28T00:38:05.391224Z", + "name": "CVE-2025-24130", + "description": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24130" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8be43e9c-bc02-4320-93cb-e8bc9c27604a.json b/objects/vulnerability/vulnerability--8be43e9c-bc02-4320-93cb-e8bc9c27604a.json new file mode 100644 index 0000000000..66fb603317 --- /dev/null +++ b/objects/vulnerability/vulnerability--8be43e9c-bc02-4320-93cb-e8bc9c27604a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb2a83ff-10f2-4426-9d50-b180e9212c45", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8be43e9c-bc02-4320-93cb-e8bc9c27604a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.624438Z", + "modified": "2025-01-28T00:37:55.624438Z", + "name": "CVE-2024-13057", + "description": "The Dyn Business Panel WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13057" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8c57dad5-ffe4-4b34-a51e-2d28387ba5d8.json b/objects/vulnerability/vulnerability--8c57dad5-ffe4-4b34-a51e-2d28387ba5d8.json new file mode 100644 index 0000000000..31bfa5faed --- /dev/null +++ b/objects/vulnerability/vulnerability--8c57dad5-ffe4-4b34-a51e-2d28387ba5d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f851a8f5-e85d-4d03-8840-a0183ca7e8e0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8c57dad5-ffe4-4b34-a51e-2d28387ba5d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.392473Z", + "modified": "2025-01-28T00:38:05.392473Z", + "name": "CVE-2025-24754", + "description": "Missing Authorization vulnerability in Houzez.co Houzez. This issue affects Houzez: from n/a through 3.4.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24754" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8e70b6ca-d74a-47e4-943f-13a3aa3e00eb.json b/objects/vulnerability/vulnerability--8e70b6ca-d74a-47e4-943f-13a3aa3e00eb.json new file mode 100644 index 0000000000..66f5eb65da --- /dev/null +++ b/objects/vulnerability/vulnerability--8e70b6ca-d74a-47e4-943f-13a3aa3e00eb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ada2f9fc-9ba3-496b-a757-a4ae28c16904", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8e70b6ca-d74a-47e4-943f-13a3aa3e00eb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.441651Z", + "modified": "2025-01-28T00:38:05.441651Z", + "name": "CVE-2025-24129", + "description": "A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24129" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9082ad6f-3e7e-4747-bdd9-443dc457b9ca.json b/objects/vulnerability/vulnerability--9082ad6f-3e7e-4747-bdd9-443dc457b9ca.json new file mode 100644 index 0000000000..4786decb8e --- /dev/null +++ b/objects/vulnerability/vulnerability--9082ad6f-3e7e-4747-bdd9-443dc457b9ca.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d5cf7570-31dd-4ccc-9bea-28d14243d9a9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9082ad6f-3e7e-4747-bdd9-443dc457b9ca", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.371799Z", + "modified": "2025-01-28T00:38:05.371799Z", + "name": "CVE-2025-24593", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WisdmLabs Edwiser Bridge allows Reflected XSS. This issue affects Edwiser Bridge: from n/a through 3.0.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24593" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--909e60d0-5409-411f-a6e9-198c9d43c98f.json b/objects/vulnerability/vulnerability--909e60d0-5409-411f-a6e9-198c9d43c98f.json new file mode 100644 index 0000000000..a7f17bbc42 --- /dev/null +++ b/objects/vulnerability/vulnerability--909e60d0-5409-411f-a6e9-198c9d43c98f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6655a8ed-1a4e-4848-8ab1-e39cb266a06c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--909e60d0-5409-411f-a6e9-198c9d43c98f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.727881Z", + "modified": "2025-01-28T00:37:55.727881Z", + "name": "CVE-2024-56967", + "description": "An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56967" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--90a3f0ae-6fc0-4b4b-b74e-d1166c1e8bed.json b/objects/vulnerability/vulnerability--90a3f0ae-6fc0-4b4b-b74e-d1166c1e8bed.json new file mode 100644 index 0000000000..e672525ba5 --- /dev/null +++ b/objects/vulnerability/vulnerability--90a3f0ae-6fc0-4b4b-b74e-d1166c1e8bed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dabe57ba-3c63-4416-9bf9-7feee76639d5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--90a3f0ae-6fc0-4b4b-b74e-d1166c1e8bed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.458513Z", + "modified": "2025-01-28T00:38:05.458513Z", + "name": "CVE-2025-24112", + "description": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3. Parsing a file may lead to an unexpected app termination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24112" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--91bd878c-ab10-4c0a-972c-26551f9d446b.json b/objects/vulnerability/vulnerability--91bd878c-ab10-4c0a-972c-26551f9d446b.json new file mode 100644 index 0000000000..afe305f40c --- /dev/null +++ b/objects/vulnerability/vulnerability--91bd878c-ab10-4c0a-972c-26551f9d446b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--357bc223-e340-4cad-a737-257f7d4fa187", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--91bd878c-ab10-4c0a-972c-26551f9d446b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.444131Z", + "modified": "2025-01-28T00:38:05.444131Z", + "name": "CVE-2025-24783", + "description": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon.\n\nThis issue affects Apache Cocoon: all versions.\n\nWhen a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to.\n\nAs a mitigation, you may enable the \"session-bound-continuations\" option to make sure continuations are not shared across sessions.\n\n\nAs this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24783" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--923c5a5c-b319-46ce-bdc7-44f110bebba7.json b/objects/vulnerability/vulnerability--923c5a5c-b319-46ce-bdc7-44f110bebba7.json new file mode 100644 index 0000000000..a8b50ed699 --- /dev/null +++ b/objects/vulnerability/vulnerability--923c5a5c-b319-46ce-bdc7-44f110bebba7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--547429ff-fcc8-42dc-ae02-35215f7e9bc6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--923c5a5c-b319-46ce-bdc7-44f110bebba7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:57.004484Z", + "modified": "2025-01-28T00:37:57.004484Z", + "name": "CVE-2024-11348", + "description": "Eura7 CMSmanager in version 4.6 and below is vulnerable to Reflected XSS attacks through manipulation of return GET request parameter sent to a specific endpoint.\nThe vulnerability has been fixed by a patche patch 17012022 addressing all affected versions in use.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11348" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9249afb2-1f48-4f10-9429-3e497ad64671.json b/objects/vulnerability/vulnerability--9249afb2-1f48-4f10-9429-3e497ad64671.json new file mode 100644 index 0000000000..6d39dbd15c --- /dev/null +++ b/objects/vulnerability/vulnerability--9249afb2-1f48-4f10-9429-3e497ad64671.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--09f343d6-ec48-46a4-b182-36271e9420c8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9249afb2-1f48-4f10-9429-3e497ad64671", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.316628Z", + "modified": "2025-01-28T00:38:05.316628Z", + "name": "CVE-2025-23197", + "description": "matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service (DoS) whereby it can crash on restart due to a missing check. The impact is greater to you untrusted users can add their own GitHub organizations to Hookshot in order to connect their room to a repository. This vulnerability is fixed in 6.0.2 and 5.4.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23197" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--95419a10-3934-4a7a-995d-28579c4b5eb9.json b/objects/vulnerability/vulnerability--95419a10-3934-4a7a-995d-28579c4b5eb9.json new file mode 100644 index 0000000000..51b21e9824 --- /dev/null +++ b/objects/vulnerability/vulnerability--95419a10-3934-4a7a-995d-28579c4b5eb9.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3fc1bfc4-7685-4ab2-a65c-6afb5e1c71e6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--95419a10-3934-4a7a-995d-28579c4b5eb9", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.614174Z", + "modified": "2025-01-28T00:37:55.614174Z", + "name": "CVE-2024-13116", + "description": "The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13116" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--96c87bca-553a-4506-9391-a0bc5b16bece.json b/objects/vulnerability/vulnerability--96c87bca-553a-4506-9391-a0bc5b16bece.json new file mode 100644 index 0000000000..3b9ae16200 --- /dev/null +++ b/objects/vulnerability/vulnerability--96c87bca-553a-4506-9391-a0bc5b16bece.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c2c303e3-1b26-4da1-8d34-2bc545862cca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--96c87bca-553a-4506-9391-a0bc5b16bece", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.484424Z", + "modified": "2025-01-28T00:38:05.484424Z", + "name": "CVE-2025-24136", + "description": "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious app may be able to create symlinks to protected regions of the disk.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24136" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--983575c5-de0a-4c15-a5ae-81120f3b4a92.json b/objects/vulnerability/vulnerability--983575c5-de0a-4c15-a5ae-81120f3b4a92.json new file mode 100644 index 0000000000..fc2fadbae2 --- /dev/null +++ b/objects/vulnerability/vulnerability--983575c5-de0a-4c15-a5ae-81120f3b4a92.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41624cca-c229-44a5-8f6e-cdb8a37e819e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--983575c5-de0a-4c15-a5ae-81120f3b4a92", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.032926Z", + "modified": "2025-01-28T00:37:55.032926Z", + "name": "CVE-2024-54523", + "description": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54523" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--99853d43-c01f-48d9-879c-d9e998ea829e.json b/objects/vulnerability/vulnerability--99853d43-c01f-48d9-879c-d9e998ea829e.json new file mode 100644 index 0000000000..b30f29227c --- /dev/null +++ b/objects/vulnerability/vulnerability--99853d43-c01f-48d9-879c-d9e998ea829e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc8a803d-7ad8-4c37-9dec-9ebb37f73000", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--99853d43-c01f-48d9-879c-d9e998ea829e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.690814Z", + "modified": "2025-01-28T00:37:55.690814Z", + "name": "CVE-2024-56966", + "description": "An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56966" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c16eb9a-dcc6-4a06-883c-cd49d10a26f0.json b/objects/vulnerability/vulnerability--9c16eb9a-dcc6-4a06-883c-cd49d10a26f0.json new file mode 100644 index 0000000000..0637465551 --- /dev/null +++ b/objects/vulnerability/vulnerability--9c16eb9a-dcc6-4a06-883c-cd49d10a26f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c86ba443-c62b-4e5a-9ea3-e51daf0e3fa8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c16eb9a-dcc6-4a06-883c-cd49d10a26f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.51167Z", + "modified": "2025-01-28T00:38:05.51167Z", + "name": "CVE-2025-0732", + "description": "A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0732" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9c76ea82-a0d8-4df5-97b5-dfd2bfe3b140.json b/objects/vulnerability/vulnerability--9c76ea82-a0d8-4df5-97b5-dfd2bfe3b140.json new file mode 100644 index 0000000000..6c5036984d --- /dev/null +++ b/objects/vulnerability/vulnerability--9c76ea82-a0d8-4df5-97b5-dfd2bfe3b140.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--af60f81d-bbfd-4252-b231-26aa9bf76cb2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9c76ea82-a0d8-4df5-97b5-dfd2bfe3b140", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.093361Z", + "modified": "2025-01-28T00:37:55.093361Z", + "name": "CVE-2024-54728", + "description": "Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54728" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9d1c1987-1a4b-4ae0-91ea-455b76ab1612.json b/objects/vulnerability/vulnerability--9d1c1987-1a4b-4ae0-91ea-455b76ab1612.json new file mode 100644 index 0000000000..b69981916b --- /dev/null +++ b/objects/vulnerability/vulnerability--9d1c1987-1a4b-4ae0-91ea-455b76ab1612.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f7ccbad6-d350-4461-9ffd-c413c6e04e7e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9d1c1987-1a4b-4ae0-91ea-455b76ab1612", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.468127Z", + "modified": "2025-01-28T00:38:05.468127Z", + "name": "CVE-2025-24680", + "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS. This issue affects WP Multi Store Locator: from n/a through 2.4.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24680" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9d6d6ab7-6c2a-498d-8b59-3f4e8b7d0696.json b/objects/vulnerability/vulnerability--9d6d6ab7-6c2a-498d-8b59-3f4e8b7d0696.json new file mode 100644 index 0000000000..74b3ec8c82 --- /dev/null +++ b/objects/vulnerability/vulnerability--9d6d6ab7-6c2a-498d-8b59-3f4e8b7d0696.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0833e762-c13b-48ce-882b-342a3206398c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9d6d6ab7-6c2a-498d-8b59-3f4e8b7d0696", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.714539Z", + "modified": "2025-01-28T00:37:54.714539Z", + "name": "CVE-2024-28766", + "description": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28766" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9dcfd695-97d3-47ef-912c-f3b1404233aa.json b/objects/vulnerability/vulnerability--9dcfd695-97d3-47ef-912c-f3b1404233aa.json new file mode 100644 index 0000000000..157bf3e828 --- /dev/null +++ b/objects/vulnerability/vulnerability--9dcfd695-97d3-47ef-912c-f3b1404233aa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4bd844f6-2d5d-4b82-a892-08131e689642", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9dcfd695-97d3-47ef-912c-f3b1404233aa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.434832Z", + "modified": "2025-01-28T00:38:05.434832Z", + "name": "CVE-2025-24100", + "description": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access information about a user's contacts.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24100" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e5d1fb6-0971-48bb-a267-d3a3a90ce590.json b/objects/vulnerability/vulnerability--9e5d1fb6-0971-48bb-a267-d3a3a90ce590.json new file mode 100644 index 0000000000..727e327426 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e5d1fb6-0971-48bb-a267-d3a3a90ce590.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--761a77ba-6ef4-4f2a-9204-ad275d77fe51", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e5d1fb6-0971-48bb-a267-d3a3a90ce590", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.407596Z", + "modified": "2025-01-28T00:38:05.407596Z", + "name": "CVE-2025-24603", + "description": "Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce products/orders. This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24603" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e6a81e3-df01-410d-a2d8-7e0deb801358.json b/objects/vulnerability/vulnerability--9e6a81e3-df01-410d-a2d8-7e0deb801358.json new file mode 100644 index 0000000000..759594fdb9 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e6a81e3-df01-410d-a2d8-7e0deb801358.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9fb96837-dd0c-4143-9048-e41d967a8326", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e6a81e3-df01-410d-a2d8-7e0deb801358", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.429959Z", + "modified": "2025-01-28T00:38:05.429959Z", + "name": "CVE-2025-24665", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Unishippers Edition allows SQL Injection. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24665" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9e71dfbc-7b89-482b-9fd6-8538b2d5e1cb.json b/objects/vulnerability/vulnerability--9e71dfbc-7b89-482b-9fd6-8538b2d5e1cb.json new file mode 100644 index 0000000000..09d8c1cba9 --- /dev/null +++ b/objects/vulnerability/vulnerability--9e71dfbc-7b89-482b-9fd6-8538b2d5e1cb.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6b8f39db-9392-452f-b538-409e706f2fd7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9e71dfbc-7b89-482b-9fd6-8538b2d5e1cb", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.602824Z", + "modified": "2025-01-28T00:37:55.602824Z", + "name": "CVE-2024-13056", + "description": "The Dyn Business Panel WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13056" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f468d10-05ac-495e-b6d0-60cbd9c66067.json b/objects/vulnerability/vulnerability--9f468d10-05ac-495e-b6d0-60cbd9c66067.json new file mode 100644 index 0000000000..968d1272f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--9f468d10-05ac-495e-b6d0-60cbd9c66067.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c327cd27-52ed-4abb-a1d1-8e53c67a63de", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f468d10-05ac-495e-b6d0-60cbd9c66067", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.470925Z", + "modified": "2025-01-28T00:38:05.470925Z", + "name": "CVE-2025-24086", + "description": "The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24086" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a265d9d1-219e-41b5-8447-21d15919d918.json b/objects/vulnerability/vulnerability--a265d9d1-219e-41b5-8447-21d15919d918.json new file mode 100644 index 0000000000..978274387e --- /dev/null +++ b/objects/vulnerability/vulnerability--a265d9d1-219e-41b5-8447-21d15919d918.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--69f6ff64-3f1c-40cf-83d6-6e2496a9c4d7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a265d9d1-219e-41b5-8447-21d15919d918", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.041951Z", + "modified": "2025-01-28T00:37:55.041951Z", + "name": "CVE-2024-54519", + "description": "The issue was resolved by sanitizing logging. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to read sensitive location information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54519" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a2cc136b-4f46-4570-85c7-3900dc298de7.json b/objects/vulnerability/vulnerability--a2cc136b-4f46-4570-85c7-3900dc298de7.json new file mode 100644 index 0000000000..c0bbdcb845 --- /dev/null +++ b/objects/vulnerability/vulnerability--a2cc136b-4f46-4570-85c7-3900dc298de7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--51d36fae-68d2-466a-9b03-e246f249410f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a2cc136b-4f46-4570-85c7-3900dc298de7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.423507Z", + "modified": "2025-01-28T00:38:05.423507Z", + "name": "CVE-2025-24085", + "description": "A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24085" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a2dcfe1d-1ac3-4152-a7f5-c92e8f064439.json b/objects/vulnerability/vulnerability--a2dcfe1d-1ac3-4152-a7f5-c92e8f064439.json new file mode 100644 index 0000000000..6e81b726f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--a2dcfe1d-1ac3-4152-a7f5-c92e8f064439.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb9c0043-e992-47a6-8c79-c2a0a018a39c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a2dcfe1d-1ac3-4152-a7f5-c92e8f064439", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.584466Z", + "modified": "2025-01-28T00:37:55.584466Z", + "name": "CVE-2024-13094", + "description": "The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13094" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a34199d5-89d7-48f2-8516-610872800e6d.json b/objects/vulnerability/vulnerability--a34199d5-89d7-48f2-8516-610872800e6d.json new file mode 100644 index 0000000000..72c7a9f889 --- /dev/null +++ b/objects/vulnerability/vulnerability--a34199d5-89d7-48f2-8516-610872800e6d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--03ca005d-ae97-4b6d-b913-4b2ea9cd1f20", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a34199d5-89d7-48f2-8516-610872800e6d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.68559Z", + "modified": "2025-01-28T00:37:55.68559Z", + "name": "CVE-2024-56948", + "description": "An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56948" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a3e715eb-2702-47e1-a6d2-8b2a56a63cb0.json b/objects/vulnerability/vulnerability--a3e715eb-2702-47e1-a6d2-8b2a56a63cb0.json new file mode 100644 index 0000000000..358a2f5830 --- /dev/null +++ b/objects/vulnerability/vulnerability--a3e715eb-2702-47e1-a6d2-8b2a56a63cb0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f1208133-891b-4356-a576-aa874ad28202", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a3e715eb-2702-47e1-a6d2-8b2a56a63cb0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.252001Z", + "modified": "2025-01-28T00:38:05.252001Z", + "name": "CVE-2025-22513", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple Locator allows Reflected XSS. This issue affects Simple Locator: from n/a through 2.0.4.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22513" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a5c7ccf9-68c6-49a4-9ca6-d7a12597e9ab.json b/objects/vulnerability/vulnerability--a5c7ccf9-68c6-49a4-9ca6-d7a12597e9ab.json new file mode 100644 index 0000000000..0103d7af93 --- /dev/null +++ b/objects/vulnerability/vulnerability--a5c7ccf9-68c6-49a4-9ca6-d7a12597e9ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9601180f-f2b9-439f-a0d3-602628ef61cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a5c7ccf9-68c6-49a4-9ca6-d7a12597e9ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.383755Z", + "modified": "2025-01-28T00:38:05.383755Z", + "name": "CVE-2025-24169", + "description": "A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24169" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a5fcad6d-b2d5-457a-b5f9-f2b17df61b36.json b/objects/vulnerability/vulnerability--a5fcad6d-b2d5-457a-b5f9-f2b17df61b36.json new file mode 100644 index 0000000000..a162087a8d --- /dev/null +++ b/objects/vulnerability/vulnerability--a5fcad6d-b2d5-457a-b5f9-f2b17df61b36.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5f17b27d-5744-4acf-9a94-1207a715123c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a5fcad6d-b2d5-457a-b5f9-f2b17df61b36", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.496513Z", + "modified": "2025-01-28T00:38:05.496513Z", + "name": "CVE-2025-24118", + "description": "The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24118" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a69d98fa-444d-42d5-867d-5503fe0242f0.json b/objects/vulnerability/vulnerability--a69d98fa-444d-42d5-867d-5503fe0242f0.json new file mode 100644 index 0000000000..5d642c1515 --- /dev/null +++ b/objects/vulnerability/vulnerability--a69d98fa-444d-42d5-867d-5503fe0242f0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--388f1477-81e9-4861-8b3f-d08a3693c3cf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a69d98fa-444d-42d5-867d-5503fe0242f0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.678946Z", + "modified": "2025-01-28T00:37:55.678946Z", + "name": "CVE-2024-56949", + "description": "An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56949" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a6c60afa-9e1b-423d-a9a7-e09c69fe28bf.json b/objects/vulnerability/vulnerability--a6c60afa-9e1b-423d-a9a7-e09c69fe28bf.json new file mode 100644 index 0000000000..7f6ebe39de --- /dev/null +++ b/objects/vulnerability/vulnerability--a6c60afa-9e1b-423d-a9a7-e09c69fe28bf.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10f4aea1-ec09-4798-bd62-0aafc7a0eb3f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a6c60afa-9e1b-423d-a9a7-e09c69fe28bf", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.083529Z", + "modified": "2025-01-28T00:37:55.083529Z", + "name": "CVE-2024-54557", + "description": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54557" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a7cae20b-1d59-4ed8-b57a-6bb6606d6338.json b/objects/vulnerability/vulnerability--a7cae20b-1d59-4ed8-b57a-6bb6606d6338.json new file mode 100644 index 0000000000..67d8294137 --- /dev/null +++ b/objects/vulnerability/vulnerability--a7cae20b-1d59-4ed8-b57a-6bb6606d6338.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6febd4fe-8134-4ab2-bb0d-8f485c373f8c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a7cae20b-1d59-4ed8-b57a-6bb6606d6338", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:00.342396Z", + "modified": "2025-01-28T00:38:00.342396Z", + "name": "CVE-2023-52292", + "description": "IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2023-52292" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a8c69368-f076-4ce3-8f98-8a96e8ab8338.json b/objects/vulnerability/vulnerability--a8c69368-f076-4ce3-8f98-8a96e8ab8338.json new file mode 100644 index 0000000000..b5b23a1fe9 --- /dev/null +++ b/objects/vulnerability/vulnerability--a8c69368-f076-4ce3-8f98-8a96e8ab8338.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2785e8b-ec82-4b56-9207-e5656f0dcdd3", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a8c69368-f076-4ce3-8f98-8a96e8ab8338", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.497504Z", + "modified": "2025-01-28T00:38:05.497504Z", + "name": "CVE-2025-24163", + "description": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24163" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa222fa9-0216-4272-ab68-9b18da5aecda.json b/objects/vulnerability/vulnerability--aa222fa9-0216-4272-ab68-9b18da5aecda.json new file mode 100644 index 0000000000..acd0a99cbe --- /dev/null +++ b/objects/vulnerability/vulnerability--aa222fa9-0216-4272-ab68-9b18da5aecda.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a4af2d86-0761-44fb-98af-1567bf3533fa", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa222fa9-0216-4272-ab68-9b18da5aecda", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.953986Z", + "modified": "2025-01-28T00:37:55.953986Z", + "name": "CVE-2024-37527", + "description": "IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-37527" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aa5b0fad-928e-4180-9e3b-96d082ac24af.json b/objects/vulnerability/vulnerability--aa5b0fad-928e-4180-9e3b-96d082ac24af.json new file mode 100644 index 0000000000..003a1c7a60 --- /dev/null +++ b/objects/vulnerability/vulnerability--aa5b0fad-928e-4180-9e3b-96d082ac24af.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b08d5b0b-71e1-485a-9029-4a270022ee12", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aa5b0fad-928e-4180-9e3b-96d082ac24af", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.488645Z", + "modified": "2025-01-28T00:38:05.488645Z", + "name": "CVE-2025-24128", + "description": "The issue was addressed by adding additional logic. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Visiting a malicious website may lead to address bar spoofing.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24128" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aab832fe-ee82-4d3f-bf3d-483919f2f549.json b/objects/vulnerability/vulnerability--aab832fe-ee82-4d3f-bf3d-483919f2f549.json new file mode 100644 index 0000000000..178e01c0bb --- /dev/null +++ b/objects/vulnerability/vulnerability--aab832fe-ee82-4d3f-bf3d-483919f2f549.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3292465a-bdc5-4d02-9196-d37ad5455f3a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aab832fe-ee82-4d3f-bf3d-483919f2f549", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.714773Z", + "modified": "2025-01-28T00:37:55.714773Z", + "name": "CVE-2024-56964", + "description": "An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56964" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--aafaec90-b7a4-42c9-a071-7c69c5521a0b.json b/objects/vulnerability/vulnerability--aafaec90-b7a4-42c9-a071-7c69c5521a0b.json new file mode 100644 index 0000000000..84d9fcd4fb --- /dev/null +++ b/objects/vulnerability/vulnerability--aafaec90-b7a4-42c9-a071-7c69c5521a0b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bd68904c-c790-48fe-9fbb-27ed203c2b00", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--aafaec90-b7a4-42c9-a071-7c69c5521a0b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.665484Z", + "modified": "2025-01-28T00:37:54.665484Z", + "name": "CVE-2024-28770", + "description": "IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-28770" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab46a8d4-4d9d-4f34-a8ca-119e7a29c4ed.json b/objects/vulnerability/vulnerability--ab46a8d4-4d9d-4f34-a8ca-119e7a29c4ed.json new file mode 100644 index 0000000000..da1e27f777 --- /dev/null +++ b/objects/vulnerability/vulnerability--ab46a8d4-4d9d-4f34-a8ca-119e7a29c4ed.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--eaf22c5f-ccbe-4ecc-bd9c-c743b4bbe5ab", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab46a8d4-4d9d-4f34-a8ca-119e7a29c4ed", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.422327Z", + "modified": "2025-01-28T00:38:05.422327Z", + "name": "CVE-2025-24584", + "description": "Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24584" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b19ffcf7-78e1-4dcb-b500-759253b7ae1f.json b/objects/vulnerability/vulnerability--b19ffcf7-78e1-4dcb-b500-759253b7ae1f.json new file mode 100644 index 0000000000..3282c13cd4 --- /dev/null +++ b/objects/vulnerability/vulnerability--b19ffcf7-78e1-4dcb-b500-759253b7ae1f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f7fa5ac7-4015-4c87-827c-148b69cd274b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b19ffcf7-78e1-4dcb-b500-759253b7ae1f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.303465Z", + "modified": "2025-01-28T00:38:05.303465Z", + "name": "CVE-2025-23457", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Clodeo Shipdeo allows Reflected XSS. This issue affects Shipdeo: from n/a through 1.2.8.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23457" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b2231200-b989-4c09-b220-88d883e05dee.json b/objects/vulnerability/vulnerability--b2231200-b989-4c09-b220-88d883e05dee.json new file mode 100644 index 0000000000..fd67899ca5 --- /dev/null +++ b/objects/vulnerability/vulnerability--b2231200-b989-4c09-b220-88d883e05dee.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--888a772a-1ad4-4653-ba6b-efac6fe7cd55", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b2231200-b989-4c09-b220-88d883e05dee", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.469964Z", + "modified": "2025-01-28T00:38:05.469964Z", + "name": "CVE-2025-24161", + "description": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24161" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b27e026a-59d3-40b7-8536-176a6014f351.json b/objects/vulnerability/vulnerability--b27e026a-59d3-40b7-8536-176a6014f351.json new file mode 100644 index 0000000000..4e1a362eac --- /dev/null +++ b/objects/vulnerability/vulnerability--b27e026a-59d3-40b7-8536-176a6014f351.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e37bb0da-20ae-43cd-b4b8-c738f49348bf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b27e026a-59d3-40b7-8536-176a6014f351", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.364712Z", + "modified": "2025-01-28T00:38:05.364712Z", + "name": "CVE-2025-24734", + "description": "Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24734" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b459f49e-eb35-4e97-8217-cf10e128cdce.json b/objects/vulnerability/vulnerability--b459f49e-eb35-4e97-8217-cf10e128cdce.json new file mode 100644 index 0000000000..a35284817d --- /dev/null +++ b/objects/vulnerability/vulnerability--b459f49e-eb35-4e97-8217-cf10e128cdce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7508a284-1974-48eb-86f1-3f5cc9047623", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b459f49e-eb35-4e97-8217-cf10e128cdce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.029885Z", + "modified": "2025-01-28T00:37:55.029885Z", + "name": "CVE-2024-54468", + "description": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to break out of its sandbox.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54468" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b4a3ed44-4c2c-47d7-a57a-9b974ccbdf35.json b/objects/vulnerability/vulnerability--b4a3ed44-4c2c-47d7-a57a-9b974ccbdf35.json new file mode 100644 index 0000000000..25e99ae180 --- /dev/null +++ b/objects/vulnerability/vulnerability--b4a3ed44-4c2c-47d7-a57a-9b974ccbdf35.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--daf40dca-caee-458b-98d2-8823ba2f1cf2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b4a3ed44-4c2c-47d7-a57a-9b974ccbdf35", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.553019Z", + "modified": "2025-01-28T00:37:54.553019Z", + "name": "CVE-2024-12345", + "description": "A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumption. It is possible to launch the attack on the local host. Other endpoints might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12345" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b8c3d584-babd-405e-84db-6fcba11465ab.json b/objects/vulnerability/vulnerability--b8c3d584-babd-405e-84db-6fcba11465ab.json new file mode 100644 index 0000000000..ad6ccaf62b --- /dev/null +++ b/objects/vulnerability/vulnerability--b8c3d584-babd-405e-84db-6fcba11465ab.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c44fee9b-f243-417d-baf9-c3f67b2d76c0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b8c3d584-babd-405e-84db-6fcba11465ab", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.480539Z", + "modified": "2025-01-28T00:38:05.480539Z", + "name": "CVE-2025-24153", + "description": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app with root privileges may be able to execute arbitrary code with kernel privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24153" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b9530c89-1efe-4cd8-9a3e-09459f86b5a8.json b/objects/vulnerability/vulnerability--b9530c89-1efe-4cd8-9a3e-09459f86b5a8.json new file mode 100644 index 0000000000..e3a2fb2471 --- /dev/null +++ b/objects/vulnerability/vulnerability--b9530c89-1efe-4cd8-9a3e-09459f86b5a8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--08fdb88c-3e4d-4336-ba56-4d58047b071d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b9530c89-1efe-4cd8-9a3e-09459f86b5a8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.457225Z", + "modified": "2025-01-28T00:38:05.457225Z", + "name": "CVE-2025-24814", + "description": "Core creation allows users to replace \"trusted\" configset files with arbitrary configuration\n\nSolr instances that (1) use the \"FileSystemConfigSetService\" component (the default in \"standalone\" or \"user-managed\" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual \"trusted\" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem.  These replacement config files are treated as \"trusted\" and can use \"\" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin.\n\nThis issue affects all Apache Solr versions up through Solr 9.7.  Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from \"FileSystemConfigSetService\").  Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of \"\" tags by default.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24814" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--b9f4759f-6595-4470-aff9-b5b6f0ac4748.json b/objects/vulnerability/vulnerability--b9f4759f-6595-4470-aff9-b5b6f0ac4748.json new file mode 100644 index 0000000000..ddedbdf437 --- /dev/null +++ b/objects/vulnerability/vulnerability--b9f4759f-6595-4470-aff9-b5b6f0ac4748.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cc618114-6d63-47d1-86c1-e4a41f934a9f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--b9f4759f-6595-4470-aff9-b5b6f0ac4748", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.385691Z", + "modified": "2025-01-28T00:38:05.385691Z", + "name": "CVE-2025-24162", + "description": "This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24162" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ba8e1d3c-19bd-4100-8217-55d76ad90aef.json b/objects/vulnerability/vulnerability--ba8e1d3c-19bd-4100-8217-55d76ad90aef.json new file mode 100644 index 0000000000..233c78a245 --- /dev/null +++ b/objects/vulnerability/vulnerability--ba8e1d3c-19bd-4100-8217-55d76ad90aef.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1b9633c9-1fd4-4ecc-9ac3-63cc1a7f5b62", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ba8e1d3c-19bd-4100-8217-55d76ad90aef", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.369371Z", + "modified": "2025-01-28T00:38:05.369371Z", + "name": "CVE-2025-24590", + "description": "Missing Authorization vulnerability in Haptiq picu – Online Photo Proofing Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects picu – Online Photo Proofing Gallery: from n/a through 2.4.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24590" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bbab3caa-ad52-4a06-9471-b369e11ffd52.json b/objects/vulnerability/vulnerability--bbab3caa-ad52-4a06-9471-b369e11ffd52.json new file mode 100644 index 0000000000..9dffdd1cac --- /dev/null +++ b/objects/vulnerability/vulnerability--bbab3caa-ad52-4a06-9471-b369e11ffd52.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--99e42a5d-da0f-4307-917f-fe7be094799d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bbab3caa-ad52-4a06-9471-b369e11ffd52", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.426808Z", + "modified": "2025-01-28T00:38:05.426808Z", + "name": "CVE-2025-24150", + "description": "A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24150" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bc6b4bef-ec18-46f3-93f7-80e828ebf293.json b/objects/vulnerability/vulnerability--bc6b4bef-ec18-46f3-93f7-80e828ebf293.json new file mode 100644 index 0000000000..1c7f09249c --- /dev/null +++ b/objects/vulnerability/vulnerability--bc6b4bef-ec18-46f3-93f7-80e828ebf293.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6050698d-2029-4ed9-8e35-1675cfab603b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bc6b4bef-ec18-46f3-93f7-80e828ebf293", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.711291Z", + "modified": "2025-01-28T00:37:55.711291Z", + "name": "CVE-2024-56968", + "description": "An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56968" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c1ae7643-be31-4f84-a89c-59681a359c0a.json b/objects/vulnerability/vulnerability--c1ae7643-be31-4f84-a89c-59681a359c0a.json new file mode 100644 index 0000000000..1ff6303ea7 --- /dev/null +++ b/objects/vulnerability/vulnerability--c1ae7643-be31-4f84-a89c-59681a359c0a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--66b09bb4-8eab-4e68-a629-a99f4cb3b1dc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c1ae7643-be31-4f84-a89c-59681a359c0a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.454945Z", + "modified": "2025-01-28T00:38:05.454945Z", + "name": "CVE-2025-24689", + "description": "Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a through 1.27.12.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24689" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c22ee53a-293f-4257-bb71-b0e063c62a35.json b/objects/vulnerability/vulnerability--c22ee53a-293f-4257-bb71-b0e063c62a35.json new file mode 100644 index 0000000000..484d24ce06 --- /dev/null +++ b/objects/vulnerability/vulnerability--c22ee53a-293f-4257-bb71-b0e063c62a35.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--84891a2a-0f8e-40ce-acf2-493c1fe62b87", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c22ee53a-293f-4257-bb71-b0e063c62a35", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.230736Z", + "modified": "2025-01-28T00:37:55.230736Z", + "name": "CVE-2024-57272", + "description": "SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site Scripting (XSS).", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57272" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c3f949d7-d3a6-4649-aabb-db1a9700f3fd.json b/objects/vulnerability/vulnerability--c3f949d7-d3a6-4649-aabb-db1a9700f3fd.json new file mode 100644 index 0000000000..a9919a536c --- /dev/null +++ b/objects/vulnerability/vulnerability--c3f949d7-d3a6-4649-aabb-db1a9700f3fd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d7ceb2e-e394-45a8-9705-dd8e7a0ea273", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c3f949d7-d3a6-4649-aabb-db1a9700f3fd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.368403Z", + "modified": "2025-01-28T00:38:05.368403Z", + "name": "CVE-2025-24103", + "description": "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access protected user data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24103" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c4e040d1-eb4a-4f9a-935c-e6e61dd74496.json b/objects/vulnerability/vulnerability--c4e040d1-eb4a-4f9a-935c-e6e61dd74496.json new file mode 100644 index 0000000000..cd06914913 --- /dev/null +++ b/objects/vulnerability/vulnerability--c4e040d1-eb4a-4f9a-935c-e6e61dd74496.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--d9cd06ff-90a1-4d94-9ec9-318dfa17c377", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c4e040d1-eb4a-4f9a-935c-e6e61dd74496", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.03882Z", + "modified": "2025-01-28T00:37:55.03882Z", + "name": "CVE-2024-54488", + "description": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Photos in the Hidden Photos Album may be viewed without authentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54488" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c62d68cd-5377-4a37-879c-14e99b4d31dd.json b/objects/vulnerability/vulnerability--c62d68cd-5377-4a37-879c-14e99b4d31dd.json new file mode 100644 index 0000000000..e9066478fe --- /dev/null +++ b/objects/vulnerability/vulnerability--c62d68cd-5377-4a37-879c-14e99b4d31dd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e34664af-cd58-4843-aa99-0350fc8a9423", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c62d68cd-5377-4a37-879c-14e99b4d31dd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.396156Z", + "modified": "2025-01-28T00:38:05.396156Z", + "name": "CVE-2025-24107", + "description": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, iOS 18.3 and iPadOS 18.3. A malicious app may be able to gain root privileges.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24107" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c828f746-1079-41ed-9473-33206436384d.json b/objects/vulnerability/vulnerability--c828f746-1079-41ed-9473-33206436384d.json new file mode 100644 index 0000000000..9a823e6754 --- /dev/null +++ b/objects/vulnerability/vulnerability--c828f746-1079-41ed-9473-33206436384d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d6dfd76-eb63-401a-b1be-e7e4ffec2a24", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c828f746-1079-41ed-9473-33206436384d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.841992Z", + "modified": "2025-01-28T00:37:54.841992Z", + "name": "CVE-2024-27256", + "description": "IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-27256" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c89f85f8-c6dd-4811-abd6-5e28683a900f.json b/objects/vulnerability/vulnerability--c89f85f8-c6dd-4811-abd6-5e28683a900f.json new file mode 100644 index 0000000000..fcba2ad9ba --- /dev/null +++ b/objects/vulnerability/vulnerability--c89f85f8-c6dd-4811-abd6-5e28683a900f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--943f4592-e177-4ddf-810a-38775cc1061f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c89f85f8-c6dd-4811-abd6-5e28683a900f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.059058Z", + "modified": "2025-01-28T00:37:55.059058Z", + "name": "CVE-2024-54541", + "description": "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to access user-sensitive data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54541" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c9a80e73-23d5-4cfe-a1a9-2041942cd368.json b/objects/vulnerability/vulnerability--c9a80e73-23d5-4cfe-a1a9-2041942cd368.json new file mode 100644 index 0000000000..efc3322592 --- /dev/null +++ b/objects/vulnerability/vulnerability--c9a80e73-23d5-4cfe-a1a9-2041942cd368.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--41eb6505-3aa8-4aab-8b6f-ad0d968e7aa2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c9a80e73-23d5-4cfe-a1a9-2041942cd368", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.291767Z", + "modified": "2025-01-28T00:38:05.291767Z", + "name": "CVE-2025-23531", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David F. Carr RSVPMaker Volunteer Roles allows Reflected XSS. This issue affects RSVPMaker Volunteer Roles: from n/a through 1.5.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23531" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ca3783db-e3b4-44d8-86a2-38979ff1f6ec.json b/objects/vulnerability/vulnerability--ca3783db-e3b4-44d8-86a2-38979ff1f6ec.json new file mode 100644 index 0000000000..e92832d9c7 --- /dev/null +++ b/objects/vulnerability/vulnerability--ca3783db-e3b4-44d8-86a2-38979ff1f6ec.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7633afb0-5915-4782-9bef-881fee332e97", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ca3783db-e3b4-44d8-86a2-38979ff1f6ec", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.070672Z", + "modified": "2025-01-28T00:37:55.070672Z", + "name": "CVE-2024-54542", + "description": "An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, macOS Sequoia 15.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2. Private Browsing tabs may be accessed without authentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54542" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cbca9a8b-0eac-4842-b169-3e50bdc12026.json b/objects/vulnerability/vulnerability--cbca9a8b-0eac-4842-b169-3e50bdc12026.json new file mode 100644 index 0000000000..526eb6f7db --- /dev/null +++ b/objects/vulnerability/vulnerability--cbca9a8b-0eac-4842-b169-3e50bdc12026.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b165e99d-23e9-4251-8e31-dc9ebff9505f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cbca9a8b-0eac-4842-b169-3e50bdc12026", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.397963Z", + "modified": "2025-01-28T00:38:05.397963Z", + "name": "CVE-2025-24093", + "description": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3. An app may be able to access removable volumes without user consent.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24093" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cccdb4a0-1d1a-45a7-97ce-ff2ed3336f3d.json b/objects/vulnerability/vulnerability--cccdb4a0-1d1a-45a7-97ce-ff2ed3336f3d.json new file mode 100644 index 0000000000..54d7f5c36b --- /dev/null +++ b/objects/vulnerability/vulnerability--cccdb4a0-1d1a-45a7-97ce-ff2ed3336f3d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c5dd2078-ca01-49b0-90ad-49e3a5bd9156", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cccdb4a0-1d1a-45a7-97ce-ff2ed3336f3d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:56.400099Z", + "modified": "2025-01-28T00:37:56.400099Z", + "name": "CVE-2024-55931", + "description": "Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. \n\nThe patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55931" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cdf63b7a-dc86-4801-85de-110c0370c3e6.json b/objects/vulnerability/vulnerability--cdf63b7a-dc86-4801-85de-110c0370c3e6.json new file mode 100644 index 0000000000..aeeeb4eec4 --- /dev/null +++ b/objects/vulnerability/vulnerability--cdf63b7a-dc86-4801-85de-110c0370c3e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e2b70f30-5b2e-4cf4-bed0-b66c4283540f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cdf63b7a-dc86-4801-85de-110c0370c3e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.479003Z", + "modified": "2025-01-28T00:38:05.479003Z", + "name": "CVE-2025-24134", + "description": "An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24134" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce514081-68be-4def-99f8-9bd9a80038d8.json b/objects/vulnerability/vulnerability--ce514081-68be-4def-99f8-9bd9a80038d8.json new file mode 100644 index 0000000000..0fac5ed81d --- /dev/null +++ b/objects/vulnerability/vulnerability--ce514081-68be-4def-99f8-9bd9a80038d8.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--de64cee3-42d3-4032-914a-0bfdcc95a0ec", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce514081-68be-4def-99f8-9bd9a80038d8", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.478008Z", + "modified": "2025-01-28T00:38:05.478008Z", + "name": "CVE-2025-24177", + "description": "A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. A remote attacker may be able to cause a denial-of-service.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24177" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--cf7ae5a6-0205-4977-928b-b236b3ef414e.json b/objects/vulnerability/vulnerability--cf7ae5a6-0205-4977-928b-b236b3ef414e.json new file mode 100644 index 0000000000..a95a9cbceb --- /dev/null +++ b/objects/vulnerability/vulnerability--cf7ae5a6-0205-4977-928b-b236b3ef414e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--417e3b92-c1d4-4810-bde2-bc291d1b06ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--cf7ae5a6-0205-4977-928b-b236b3ef414e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.52254Z", + "modified": "2025-01-28T00:38:05.52254Z", + "name": "CVE-2025-0729", + "description": "A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0729" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d0bbb17a-cc11-4286-9836-fcb9409a94e6.json b/objects/vulnerability/vulnerability--d0bbb17a-cc11-4286-9836-fcb9409a94e6.json new file mode 100644 index 0000000000..7ee2f63730 --- /dev/null +++ b/objects/vulnerability/vulnerability--d0bbb17a-cc11-4286-9836-fcb9409a94e6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a52002cf-b482-4e88-9fa3-beca726a6455", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d0bbb17a-cc11-4286-9836-fcb9409a94e6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.568689Z", + "modified": "2025-01-28T00:37:54.568689Z", + "name": "CVE-2024-12774", + "description": "The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12774" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d0db3098-8fb1-4fbd-a838-0347f69a2283.json b/objects/vulnerability/vulnerability--d0db3098-8fb1-4fbd-a838-0347f69a2283.json new file mode 100644 index 0000000000..deb95dd115 --- /dev/null +++ b/objects/vulnerability/vulnerability--d0db3098-8fb1-4fbd-a838-0347f69a2283.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--18b53cc4-0bc7-4011-a74a-f12eff8c59bc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d0db3098-8fb1-4fbd-a838-0347f69a2283", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.393722Z", + "modified": "2025-01-28T00:38:05.393722Z", + "name": "CVE-2025-24154", + "description": "An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An attacker may be able to cause unexpected system termination or corrupt kernel memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24154" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d2723949-3bd6-4c90-a141-0a3b8393f225.json b/objects/vulnerability/vulnerability--d2723949-3bd6-4c90-a141-0a3b8393f225.json new file mode 100644 index 0000000000..31a8820206 --- /dev/null +++ b/objects/vulnerability/vulnerability--d2723949-3bd6-4c90-a141-0a3b8393f225.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--476166ac-8960-4245-acde-456c5dc35864", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d2723949-3bd6-4c90-a141-0a3b8393f225", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.298113Z", + "modified": "2025-01-28T00:37:55.298113Z", + "name": "CVE-2024-38325", + "description": "IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI \n\ncould allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-38325" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d2dff6df-7b41-4ce9-b586-47c2b9b287bc.json b/objects/vulnerability/vulnerability--d2dff6df-7b41-4ce9-b586-47c2b9b287bc.json new file mode 100644 index 0000000000..68351eb44f --- /dev/null +++ b/objects/vulnerability/vulnerability--d2dff6df-7b41-4ce9-b586-47c2b9b287bc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2a92f8ef-4650-4982-a60b-761ebb20bf8d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d2dff6df-7b41-4ce9-b586-47c2b9b287bc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.507694Z", + "modified": "2025-01-28T00:38:05.507694Z", + "name": "CVE-2025-0733", + "description": "A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0733" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d306a65f-213b-43c9-951f-629fb5416c8d.json b/objects/vulnerability/vulnerability--d306a65f-213b-43c9-951f-629fb5416c8d.json new file mode 100644 index 0000000000..721f3455f8 --- /dev/null +++ b/objects/vulnerability/vulnerability--d306a65f-213b-43c9-951f-629fb5416c8d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--14272aa8-cac7-4c8b-9dda-031dc7d2b7ca", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d306a65f-213b-43c9-951f-629fb5416c8d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.028381Z", + "modified": "2025-01-28T00:37:55.028381Z", + "name": "CVE-2024-54550", + "description": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54550" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d55a96b3-739f-45cc-bcbd-781893ec96e4.json b/objects/vulnerability/vulnerability--d55a96b3-739f-45cc-bcbd-781893ec96e4.json new file mode 100644 index 0000000000..0522b7c85a --- /dev/null +++ b/objects/vulnerability/vulnerability--d55a96b3-739f-45cc-bcbd-781893ec96e4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f9b9ed7-a660-4858-86cb-f05b7183db66", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d55a96b3-739f-45cc-bcbd-781893ec96e4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.056335Z", + "modified": "2025-01-28T00:37:55.056335Z", + "name": "CVE-2024-54146", + "description": "Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54146" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d55cae89-3475-4e53-846c-168ad422bc7d.json b/objects/vulnerability/vulnerability--d55cae89-3475-4e53-846c-168ad422bc7d.json new file mode 100644 index 0000000000..92e825c227 --- /dev/null +++ b/objects/vulnerability/vulnerability--d55cae89-3475-4e53-846c-168ad422bc7d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--49ea2847-9ec5-4bfa-a483-c6437fbe5c51", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d55cae89-3475-4e53-846c-168ad422bc7d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.097554Z", + "modified": "2025-01-28T00:37:55.097554Z", + "name": "CVE-2024-54530", + "description": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, visionOS 2.2, iOS 18.2 and iPadOS 18.2. Password autofill may fill in passwords after failing authentication.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54530" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d6190523-a8d0-41a0-aaad-3bf6b994e3a6.json b/objects/vulnerability/vulnerability--d6190523-a8d0-41a0-aaad-3bf6b994e3a6.json new file mode 100644 index 0000000000..266d886121 --- /dev/null +++ b/objects/vulnerability/vulnerability--d6190523-a8d0-41a0-aaad-3bf6b994e3a6.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a35e50bb-aa98-4552-9409-6e60b8df3d42", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d6190523-a8d0-41a0-aaad-3bf6b994e3a6", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.377564Z", + "modified": "2025-01-28T00:38:05.377564Z", + "name": "CVE-2025-24116", + "description": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to bypass Privacy preferences.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24116" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d80af963-7ae0-457b-bd11-8f985748a68f.json b/objects/vulnerability/vulnerability--d80af963-7ae0-457b-bd11-8f985748a68f.json new file mode 100644 index 0000000000..2b254fe7b3 --- /dev/null +++ b/objects/vulnerability/vulnerability--d80af963-7ae0-457b-bd11-8f985748a68f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0b06fb9b-059f-45ba-a01c-df5db503637d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d80af963-7ae0-457b-bd11-8f985748a68f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.501572Z", + "modified": "2025-01-28T00:38:05.501572Z", + "name": "CVE-2025-0696", + "description": "A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0696" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--da0b4d56-9476-4c60-836c-6bccc7f300e1.json b/objects/vulnerability/vulnerability--da0b4d56-9476-4c60-836c-6bccc7f300e1.json new file mode 100644 index 0000000000..d4e3c1afab --- /dev/null +++ b/objects/vulnerability/vulnerability--da0b4d56-9476-4c60-836c-6bccc7f300e1.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--6c13c9f2-a004-4107-ab91-2c9cd91d90ea", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--da0b4d56-9476-4c60-836c-6bccc7f300e1", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.305238Z", + "modified": "2025-01-28T00:38:05.305238Z", + "name": "CVE-2025-23756", + "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivan Chernyakov LawPress – Law Firm Website Management allows Reflected XSS. This issue affects LawPress – Law Firm Website Management: from n/a through 1.4.5.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23756" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--db848e23-9094-4ac8-92f3-f7a182c9c84f.json b/objects/vulnerability/vulnerability--db848e23-9094-4ac8-92f3-f7a182c9c84f.json new file mode 100644 index 0000000000..a612fae64b --- /dev/null +++ b/objects/vulnerability/vulnerability--db848e23-9094-4ac8-92f3-f7a182c9c84f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--47e81d15-5feb-4af6-844a-fc85354a07fc", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--db848e23-9094-4ac8-92f3-f7a182c9c84f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.513281Z", + "modified": "2025-01-28T00:38:05.513281Z", + "name": "CVE-2025-0734", + "description": "A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0734" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--db941036-9b6b-4ab9-a1be-490c7df64532.json b/objects/vulnerability/vulnerability--db941036-9b6b-4ab9-a1be-490c7df64532.json new file mode 100644 index 0000000000..bcfcceb289 --- /dev/null +++ b/objects/vulnerability/vulnerability--db941036-9b6b-4ab9-a1be-490c7df64532.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--56b6a7a4-f9ce-4c46-aa2f-46e2d4eabaae", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--db941036-9b6b-4ab9-a1be-490c7df64532", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.590801Z", + "modified": "2025-01-28T00:37:54.590801Z", + "name": "CVE-2024-12321", + "description": "The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12321" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--dde38779-67ae-4823-8e66-938fc1d68cd7.json b/objects/vulnerability/vulnerability--dde38779-67ae-4823-8e66-938fc1d68cd7.json new file mode 100644 index 0000000000..90f6f16b56 --- /dev/null +++ b/objects/vulnerability/vulnerability--dde38779-67ae-4823-8e66-938fc1d68cd7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f0f062c7-463a-4b5a-80cd-474eb889d571", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--dde38779-67ae-4823-8e66-938fc1d68cd7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.362257Z", + "modified": "2025-01-28T00:38:05.362257Z", + "name": "CVE-2025-24741", + "description": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KB Support KB Support. This issue affects KB Support: from n/a through 1.6.7.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24741" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e1583b2d-8297-453b-9c5a-0c446e175724.json b/objects/vulnerability/vulnerability--e1583b2d-8297-453b-9c5a-0c446e175724.json new file mode 100644 index 0000000000..6f002ef772 --- /dev/null +++ b/objects/vulnerability/vulnerability--e1583b2d-8297-453b-9c5a-0c446e175724.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--deb90387-4325-4e6f-9a5a-5338920669a7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e1583b2d-8297-453b-9c5a-0c446e175724", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.449905Z", + "modified": "2025-01-28T00:38:05.449905Z", + "name": "CVE-2025-24782", + "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.10.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24782" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e27a2583-bce6-45cf-ab78-35ada026b95c.json b/objects/vulnerability/vulnerability--e27a2583-bce6-45cf-ab78-35ada026b95c.json new file mode 100644 index 0000000000..f15314a6ae --- /dev/null +++ b/objects/vulnerability/vulnerability--e27a2583-bce6-45cf-ab78-35ada026b95c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e7d81fb0-6cdd-4500-bfdb-46b7a5cf0bd5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e27a2583-bce6-45cf-ab78-35ada026b95c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:57.141516Z", + "modified": "2025-01-28T00:37:57.141516Z", + "name": "CVE-2024-43446", + "description": "An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. \n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-43446" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e2823644-e419-44eb-b92f-177bc69faa36.json b/objects/vulnerability/vulnerability--e2823644-e419-44eb-b92f-177bc69faa36.json new file mode 100644 index 0000000000..4c65445023 --- /dev/null +++ b/objects/vulnerability/vulnerability--e2823644-e419-44eb-b92f-177bc69faa36.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ffeea21-5d97-4748-815b-9d2cf6ed464a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e2823644-e419-44eb-b92f-177bc69faa36", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.475501Z", + "modified": "2025-01-28T00:38:05.475501Z", + "name": "CVE-2025-24368", + "description": "Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24368" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e4af81bd-0a05-4a0e-8e72-ee919d17a027.json b/objects/vulnerability/vulnerability--e4af81bd-0a05-4a0e-8e72-ee919d17a027.json new file mode 100644 index 0000000000..774d1bbe48 --- /dev/null +++ b/objects/vulnerability/vulnerability--e4af81bd-0a05-4a0e-8e72-ee919d17a027.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e069f755-416f-4a1d-a6ba-8dc78eb47971", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e4af81bd-0a05-4a0e-8e72-ee919d17a027", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.078054Z", + "modified": "2025-01-28T00:37:55.078054Z", + "name": "CVE-2024-54516", + "description": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to approve a launch daemon without user consent.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54516" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e6deabec-e70c-4b77-b37e-5837b6957c8c.json b/objects/vulnerability/vulnerability--e6deabec-e70c-4b77-b37e-5837b6957c8c.json new file mode 100644 index 0000000000..9f465a9181 --- /dev/null +++ b/objects/vulnerability/vulnerability--e6deabec-e70c-4b77-b37e-5837b6957c8c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8c8b7f01-6682-43dd-9fcb-814f8ed9cf2a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e6deabec-e70c-4b77-b37e-5837b6957c8c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.313301Z", + "modified": "2025-01-28T00:38:05.313301Z", + "name": "CVE-2025-23982", + "description": "Missing Authorization vulnerability in Marian Kanev Cab fare calculator allows Stored XSS. This issue affects Cab fare calculator: from n/a through 1.1.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23982" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e8a0adbe-25ce-4b04-b3e9-43b6782fd040.json b/objects/vulnerability/vulnerability--e8a0adbe-25ce-4b04-b3e9-43b6782fd040.json new file mode 100644 index 0000000000..af2ee6361c --- /dev/null +++ b/objects/vulnerability/vulnerability--e8a0adbe-25ce-4b04-b3e9-43b6782fd040.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9fb2079f-c192-4000-af80-ab1af8323376", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e8a0adbe-25ce-4b04-b3e9-43b6782fd040", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.703356Z", + "modified": "2025-01-28T00:37:55.703356Z", + "name": "CVE-2024-56972", + "description": "An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56972" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e96c7e1f-9ed3-495c-b6de-3bed2d1b8879.json b/objects/vulnerability/vulnerability--e96c7e1f-9ed3-495c-b6de-3bed2d1b8879.json new file mode 100644 index 0000000000..f3d1b6ac11 --- /dev/null +++ b/objects/vulnerability/vulnerability--e96c7e1f-9ed3-495c-b6de-3bed2d1b8879.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9e24fd9e-9289-4255-8b04-8fd4ed33d544", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e96c7e1f-9ed3-495c-b6de-3bed2d1b8879", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.098879Z", + "modified": "2025-01-28T00:37:55.098879Z", + "name": "CVE-2024-54536", + "description": "The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.2. An app may be able to edit NVRAM variables.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54536" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea5ae2b7-82c2-4198-8eb2-e69b71f0f073.json b/objects/vulnerability/vulnerability--ea5ae2b7-82c2-4198-8eb2-e69b71f0f073.json new file mode 100644 index 0000000000..7f345b2c07 --- /dev/null +++ b/objects/vulnerability/vulnerability--ea5ae2b7-82c2-4198-8eb2-e69b71f0f073.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--cf69c166-f347-47e0-b175-71f66113dc3a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea5ae2b7-82c2-4198-8eb2-e69b71f0f073", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.400943Z", + "modified": "2025-01-28T00:38:05.400943Z", + "name": "CVE-2025-24143", + "description": "The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24143" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ea5d290d-d410-40a1-9882-c42ecaa9e5fe.json b/objects/vulnerability/vulnerability--ea5d290d-d410-40a1-9882-c42ecaa9e5fe.json new file mode 100644 index 0000000000..af2493f0a7 --- /dev/null +++ b/objects/vulnerability/vulnerability--ea5d290d-d410-40a1-9882-c42ecaa9e5fe.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f2e1c54-da64-4681-ad81-b1106217f2b6", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ea5d290d-d410-40a1-9882-c42ecaa9e5fe", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.408591Z", + "modified": "2025-01-28T00:38:05.408591Z", + "name": "CVE-2025-24104", + "description": "This issue was addressed with improved handling of symlinks. This issue is fixed in iPadOS 17.7.4, iOS 18.3 and iPadOS 18.3. Restoring a maliciously crafted backup file may lead to modification of protected system files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24104" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ead4416a-a240-4c09-b9de-b57095802ede.json b/objects/vulnerability/vulnerability--ead4416a-a240-4c09-b9de-b57095802ede.json new file mode 100644 index 0000000000..084d159dd0 --- /dev/null +++ b/objects/vulnerability/vulnerability--ead4416a-a240-4c09-b9de-b57095802ede.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--77168aff-c496-46b4-ad97-42e8f5bb3142", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ead4416a-a240-4c09-b9de-b57095802ede", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.420972Z", + "modified": "2025-01-28T00:38:05.420972Z", + "name": "CVE-2025-24174", + "description": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to bypass Privacy preferences.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24174" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec06ec11-6c64-49f3-afda-8ebe4845115d.json b/objects/vulnerability/vulnerability--ec06ec11-6c64-49f3-afda-8ebe4845115d.json new file mode 100644 index 0000000000..067fb27f3b --- /dev/null +++ b/objects/vulnerability/vulnerability--ec06ec11-6c64-49f3-afda-8ebe4845115d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--ebfeffd9-df16-46fb-bbb8-16a87a5ead03", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec06ec11-6c64-49f3-afda-8ebe4845115d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.237077Z", + "modified": "2025-01-28T00:37:55.237077Z", + "name": "CVE-2024-57276", + "description": "In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-57276" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec46aff7-a4d8-4191-b02c-dde3e1fb43db.json b/objects/vulnerability/vulnerability--ec46aff7-a4d8-4191-b02c-dde3e1fb43db.json new file mode 100644 index 0000000000..60a6715e64 --- /dev/null +++ b/objects/vulnerability/vulnerability--ec46aff7-a4d8-4191-b02c-dde3e1fb43db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--23f81fe7-39e3-4874-b70e-7880d3b17dff", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec46aff7-a4d8-4191-b02c-dde3e1fb43db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.082514Z", + "modified": "2025-01-28T00:37:55.082514Z", + "name": "CVE-2024-54145", + "description": "Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54145" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--edec0919-e448-43ad-bd20-8189775e54ff.json b/objects/vulnerability/vulnerability--edec0919-e448-43ad-bd20-8189775e54ff.json new file mode 100644 index 0000000000..97f9cb07f7 --- /dev/null +++ b/objects/vulnerability/vulnerability--edec0919-e448-43ad-bd20-8189775e54ff.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--db00be2c-9564-444a-af65-b4c92de50335", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--edec0919-e448-43ad-bd20-8189775e54ff", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.370752Z", + "modified": "2025-01-28T00:38:05.370752Z", + "name": "CVE-2025-24364", + "description": "vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. The attacker could then change some settings to use sendmail as mail agent but adjust the settings in such a way that it would use a shell command. It then also needed to craft a special favicon image which would have the commands embedded to run during for example sending a test email. This vulnerability is fixed in 1.33.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24364" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--eed77a5b-7a4c-4ff6-b436-3ea8b2a0e897.json b/objects/vulnerability/vulnerability--eed77a5b-7a4c-4ff6-b436-3ea8b2a0e897.json new file mode 100644 index 0000000000..d99326bb4f --- /dev/null +++ b/objects/vulnerability/vulnerability--eed77a5b-7a4c-4ff6-b436-3ea8b2a0e897.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--bb425fcf-0305-425c-9a43-d6f6d7f1c8c4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--eed77a5b-7a4c-4ff6-b436-3ea8b2a0e897", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.606536Z", + "modified": "2025-01-28T00:37:55.606536Z", + "name": "CVE-2024-13117", + "description": "The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-13117" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f0aef6e1-40e2-4cb0-84da-5cf02ed5af1e.json b/objects/vulnerability/vulnerability--f0aef6e1-40e2-4cb0-84da-5cf02ed5af1e.json new file mode 100644 index 0000000000..08300058d7 --- /dev/null +++ b/objects/vulnerability/vulnerability--f0aef6e1-40e2-4cb0-84da-5cf02ed5af1e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1be40e81-40a5-4f77-bc87-b68d5347f74f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f0aef6e1-40e2-4cb0-84da-5cf02ed5af1e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.725322Z", + "modified": "2025-01-28T00:37:55.725322Z", + "name": "CVE-2024-56963", + "description": "An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56963" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f307f2b7-eb5f-4ad5-a8ce-e3d7c3de21d7.json b/objects/vulnerability/vulnerability--f307f2b7-eb5f-4ad5-a8ce-e3d7c3de21d7.json new file mode 100644 index 0000000000..c463ee05b4 --- /dev/null +++ b/objects/vulnerability/vulnerability--f307f2b7-eb5f-4ad5-a8ce-e3d7c3de21d7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--876c4649-4ff9-4f6b-8c4f-d4c2e72b114d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f307f2b7-eb5f-4ad5-a8ce-e3d7c3de21d7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.378612Z", + "modified": "2025-01-28T00:38:05.378612Z", + "name": "CVE-2025-24124", + "description": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24124" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f315d9bf-e47b-4673-a83a-2f5541111404.json b/objects/vulnerability/vulnerability--f315d9bf-e47b-4673-a83a-2f5541111404.json new file mode 100644 index 0000000000..d9472d0a75 --- /dev/null +++ b/objects/vulnerability/vulnerability--f315d9bf-e47b-4673-a83a-2f5541111404.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b3557ff4-d14b-415f-b4cc-8fbac984638f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f315d9bf-e47b-4673-a83a-2f5541111404", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.431254Z", + "modified": "2025-01-28T00:38:05.431254Z", + "name": "CVE-2025-24533", + "description": "Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider allows Cross Site Request Forgery. This issue affects Responsive Slider by MetaSlider: from n/a through 3.92.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24533" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f4a63bd9-4628-420b-abbf-f5cab78ea79c.json b/objects/vulnerability/vulnerability--f4a63bd9-4628-420b-abbf-f5cab78ea79c.json new file mode 100644 index 0000000000..8149fb358f --- /dev/null +++ b/objects/vulnerability/vulnerability--f4a63bd9-4628-420b-abbf-f5cab78ea79c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--37b44795-eaa8-4bf0-a5b4-85c10029b1a1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f4a63bd9-4628-420b-abbf-f5cab78ea79c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.096541Z", + "modified": "2025-01-28T00:37:55.096541Z", + "name": "CVE-2024-54517", + "description": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54517" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f4b1aea0-08c9-41d1-860f-d7eb4a748abd.json b/objects/vulnerability/vulnerability--f4b1aea0-08c9-41d1-860f-d7eb4a748abd.json new file mode 100644 index 0000000000..ac3c2b715d --- /dev/null +++ b/objects/vulnerability/vulnerability--f4b1aea0-08c9-41d1-860f-d7eb4a748abd.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94b5748a-677a-419a-8060-7d4292124f0e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f4b1aea0-08c9-41d1-860f-d7eb4a748abd", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.374308Z", + "modified": "2025-01-28T00:38:05.374308Z", + "name": "CVE-2025-24166", + "description": "This issue was addressed through improved state management. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24166" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f5130562-b224-4fc9-9b1a-81aaf68499ce.json b/objects/vulnerability/vulnerability--f5130562-b224-4fc9-9b1a-81aaf68499ce.json new file mode 100644 index 0000000000..c1618c77d1 --- /dev/null +++ b/objects/vulnerability/vulnerability--f5130562-b224-4fc9-9b1a-81aaf68499ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9b44d1fc-b496-4a62-9d67-f7b84bee5f7b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f5130562-b224-4fc9-9b1a-81aaf68499ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.044264Z", + "modified": "2025-01-28T00:37:55.044264Z", + "name": "CVE-2024-54537", + "description": "This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to read and write files outside of its sandbox.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54537" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f727830f-576f-4baf-8683-278f6a57b380.json b/objects/vulnerability/vulnerability--f727830f-576f-4baf-8683-278f6a57b380.json new file mode 100644 index 0000000000..df8346b048 --- /dev/null +++ b/objects/vulnerability/vulnerability--f727830f-576f-4baf-8683-278f6a57b380.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f47162d6-7531-4fc2-8f20-4461078290ad", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f727830f-576f-4baf-8683-278f6a57b380", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.101381Z", + "modified": "2025-01-28T00:37:55.101381Z", + "name": "CVE-2024-54547", + "description": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2, macOS Ventura 13.7.2. An app may be able to access protected user data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-54547" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f801a3cc-9aba-4e76-be3a-ba7310995e10.json b/objects/vulnerability/vulnerability--f801a3cc-9aba-4e76-be3a-ba7310995e10.json new file mode 100644 index 0000000000..1e51d778b8 --- /dev/null +++ b/objects/vulnerability/vulnerability--f801a3cc-9aba-4e76-be3a-ba7310995e10.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e29b6033-178e-4115-aa89-9f5a1899f74b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f801a3cc-9aba-4e76-be3a-ba7310995e10", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.388195Z", + "modified": "2025-01-28T00:38:05.388195Z", + "name": "CVE-2025-24101", + "description": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24101" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f87d7193-fa46-4e75-baa5-e8a42d08114b.json b/objects/vulnerability/vulnerability--f87d7193-fa46-4e75-baa5-e8a42d08114b.json new file mode 100644 index 0000000000..f648cd6bfe --- /dev/null +++ b/objects/vulnerability/vulnerability--f87d7193-fa46-4e75-baa5-e8a42d08114b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0bafc0d-66cd-4d91-8756-9cbd12acec73", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f87d7193-fa46-4e75-baa5-e8a42d08114b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.366007Z", + "modified": "2025-01-28T00:38:05.366007Z", + "name": "CVE-2025-24096", + "description": "This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to access arbitrary files.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24096" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f8e7fa32-b570-43f0-a351-b2cdfe74db01.json b/objects/vulnerability/vulnerability--f8e7fa32-b570-43f0-a351-b2cdfe74db01.json new file mode 100644 index 0000000000..41bf7d9cd6 --- /dev/null +++ b/objects/vulnerability/vulnerability--f8e7fa32-b570-43f0-a351-b2cdfe74db01.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c7606216-11d3-427d-95a2-ac7e4db5ec88", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f8e7fa32-b570-43f0-a351-b2cdfe74db01", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.283666Z", + "modified": "2025-01-28T00:38:05.283666Z", + "name": "CVE-2025-22604", + "description": "Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22604" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fa76e285-7bee-46c7-bd97-305c7ab6477a.json b/objects/vulnerability/vulnerability--fa76e285-7bee-46c7-bd97-305c7ab6477a.json new file mode 100644 index 0000000000..16ab76e330 --- /dev/null +++ b/objects/vulnerability/vulnerability--fa76e285-7bee-46c7-bd97-305c7ab6477a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--9102bbc5-0d70-4c4c-a3c1-4490912b49f8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fa76e285-7bee-46c7-bd97-305c7ab6477a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.493389Z", + "modified": "2025-01-28T00:38:05.493389Z", + "name": "CVE-2025-24389", + "description": "Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator.\n\nThis issue affects: \n\n * OTRS 7.0.X\n\n * OTRS 8.0.X\n * OTRS 2023.X\n * OTRS 2024.X\n\n * ((OTRS)) Community Edition: 6.0.x\n\nProducts based on the ((OTRS)) Community Edition also very likely to be affected", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24389" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--faa006f8-7f67-4565-aa29-3901e12d11fa.json b/objects/vulnerability/vulnerability--faa006f8-7f67-4565-aa29-3901e12d11fa.json new file mode 100644 index 0000000000..3c455efa12 --- /dev/null +++ b/objects/vulnerability/vulnerability--faa006f8-7f67-4565-aa29-3901e12d11fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--967323e0-e364-4dca-90bf-ebda5df1dbd9", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--faa006f8-7f67-4565-aa29-3901e12d11fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.443192Z", + "modified": "2025-01-28T00:38:05.443192Z", + "name": "CVE-2025-24612", + "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MORKVA Shipping for Nova Poshta allows SQL Injection. This issue affects Shipping for Nova Poshta: from n/a through 1.19.6.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24612" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fb2b5053-d660-4f68-99c9-6b868ce23429.json b/objects/vulnerability/vulnerability--fb2b5053-d660-4f68-99c9-6b868ce23429.json new file mode 100644 index 0000000000..c99f93bcd3 --- /dev/null +++ b/objects/vulnerability/vulnerability--fb2b5053-d660-4f68-99c9-6b868ce23429.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--560b52b9-c52c-47ec-8583-c955a5305f0f", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fb2b5053-d660-4f68-99c9-6b868ce23429", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:55.737647Z", + "modified": "2025-01-28T00:37:55.737647Z", + "name": "CVE-2024-56957", + "description": "An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-56957" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fbd1b33d-5d67-4ff1-bfa5-0b252f12473d.json b/objects/vulnerability/vulnerability--fbd1b33d-5d67-4ff1-bfa5-0b252f12473d.json new file mode 100644 index 0000000000..f175e41834 --- /dev/null +++ b/objects/vulnerability/vulnerability--fbd1b33d-5d67-4ff1-bfa5-0b252f12473d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8050f21f-89f4-408b-8264-d1f831847bf2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fbd1b33d-5d67-4ff1-bfa5-0b252f12473d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:56.415692Z", + "modified": "2025-01-28T00:37:56.415692Z", + "name": "CVE-2024-55227", + "description": "A cross-site scripting (XSS) vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-55227" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fc3d2f51-f42b-4553-a5e3-44ac4adfd0ae.json b/objects/vulnerability/vulnerability--fc3d2f51-f42b-4553-a5e3-44ac4adfd0ae.json new file mode 100644 index 0000000000..347d798e1b --- /dev/null +++ b/objects/vulnerability/vulnerability--fc3d2f51-f42b-4553-a5e3-44ac4adfd0ae.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--10d8d353-0e09-45f7-a6c3-385a70dd2594", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fc3d2f51-f42b-4553-a5e3-44ac4adfd0ae", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.41983Z", + "modified": "2025-01-28T00:38:05.41983Z", + "name": "CVE-2025-24744", + "description": "Missing Authorization vulnerability in NotFound Bridge Core. This issue affects Bridge Core: from n/a through 3.3.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24744" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fd72b3e8-6003-4c8e-ae8f-b9e8e4c24f73.json b/objects/vulnerability/vulnerability--fd72b3e8-6003-4c8e-ae8f-b9e8e4c24f73.json new file mode 100644 index 0000000000..5bc74e4b02 --- /dev/null +++ b/objects/vulnerability/vulnerability--fd72b3e8-6003-4c8e-ae8f-b9e8e4c24f73.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--adbe20af-08a1-4b66-97b3-1fe5576cf4ac", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fd72b3e8-6003-4c8e-ae8f-b9e8e4c24f73", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.355605Z", + "modified": "2025-01-28T00:38:05.355605Z", + "name": "CVE-2025-23656", + "description": "Missing Authorization vulnerability in Saul Morales Pacheco Donate visa allows Stored XSS. This issue affects Donate visa: from n/a through 1.0.0.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-23656" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ff059c7c-e9f4-4621-a97f-4a270d20f9c7.json b/objects/vulnerability/vulnerability--ff059c7c-e9f4-4621-a97f-4a270d20f9c7.json new file mode 100644 index 0000000000..4ba4c22581 --- /dev/null +++ b/objects/vulnerability/vulnerability--ff059c7c-e9f4-4621-a97f-4a270d20f9c7.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b64788c3-ad3a-47d8-a13d-c5fdf9b7d23b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ff059c7c-e9f4-4621-a97f-4a270d20f9c7", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.409808Z", + "modified": "2025-01-28T00:38:05.409808Z", + "name": "CVE-2025-24092", + "description": "This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read sensitive location information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24092" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ff8973f4-7ba3-471f-a1f9-885fca7fda9d.json b/objects/vulnerability/vulnerability--ff8973f4-7ba3-471f-a1f9-885fca7fda9d.json new file mode 100644 index 0000000000..fcf6ac994d --- /dev/null +++ b/objects/vulnerability/vulnerability--ff8973f4-7ba3-471f-a1f9-885fca7fda9d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--82c584d3-58ce-406a-91fe-61d8712024be", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ff8973f4-7ba3-471f-a1f9-885fca7fda9d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:37:54.79765Z", + "modified": "2025-01-28T00:37:54.79765Z", + "name": "CVE-2024-45598", + "description": "Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-45598" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ff942414-ff73-436c-8276-a7329ef60c79.json b/objects/vulnerability/vulnerability--ff942414-ff73-436c-8276-a7329ef60c79.json new file mode 100644 index 0000000000..9053368b18 --- /dev/null +++ b/objects/vulnerability/vulnerability--ff942414-ff73-436c-8276-a7329ef60c79.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7c5f9d96-9a2d-47da-a0a0-2fffc7a6e18e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ff942414-ff73-436c-8276-a7329ef60c79", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.45364Z", + "modified": "2025-01-28T00:38:05.45364Z", + "name": "CVE-2025-24123", + "description": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24123" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ffc04b6d-29b2-4e6a-90cb-8bd567ba25b4.json b/objects/vulnerability/vulnerability--ffc04b6d-29b2-4e6a-90cb-8bd567ba25b4.json new file mode 100644 index 0000000000..41d6df4900 --- /dev/null +++ b/objects/vulnerability/vulnerability--ffc04b6d-29b2-4e6a-90cb-8bd567ba25b4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a3619c7f-f45b-4c5a-9c4b-774853197ac7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ffc04b6d-29b2-4e6a-90cb-8bd567ba25b4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-28T00:38:05.460688Z", + "modified": "2025-01-28T00:38:05.460688Z", + "name": "CVE-2025-24145", + "description": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone number in system logs.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-24145" + } + ] + } + ] +} \ No newline at end of file