diff --git a/mapping.csv b/mapping.csv index 0df3830e96..7fd5c3b4d4 100644 --- a/mapping.csv +++ b/mapping.csv @@ -261934,3 +261934,42 @@ vulnerability,CVE-2025-0176,vulnerability--074472e8-faaf-4a71-8606-fd9a6a277cb8 vulnerability,CVE-2025-0198,vulnerability--7a4b6244-270a-4891-b27f-3bd0c56134df vulnerability,CVE-2025-0197,vulnerability--c832c259-0542-40be-8978-50896271d354 vulnerability,CVE-2025-0195,vulnerability--040fee21-e870-4838-a614-420faf77c382 +vulnerability,CVE-2024-12701,vulnerability--a68b8519-4fd6-4798-9686-17600020b145 +vulnerability,CVE-2024-12221,vulnerability--6a16fc20-dad1-4f1a-a3f6-ba19e509b525 +vulnerability,CVE-2024-12279,vulnerability--bcc352d0-5943-4598-84f1-44b893e5d2db +vulnerability,CVE-2024-12583,vulnerability--9f001217-aff2-4bda-a241-f14964833c37 +vulnerability,CVE-2024-12047,vulnerability--15b40dcb-5163-4d61-98d7-e7156f8dfc4d +vulnerability,CVE-2024-12195,vulnerability--066834b9-1029-44a6-8c9c-4a94156b43ce +vulnerability,CVE-2024-12545,vulnerability--902b8241-e42e-452e-af39-303e9d127f32 +vulnerability,CVE-2024-12475,vulnerability--ec7a43df-9e1d-4d46-a946-f5c006912ac5 +vulnerability,CVE-2024-10957,vulnerability--bb614ee0-db36-42d5-a8e6-de567fab6a0e +vulnerability,CVE-2024-10932,vulnerability--1c2d3c64-8f10-4591-933f-8ef38ee30ffa +vulnerability,CVE-2024-11930,vulnerability--fb21438d-153e-4afd-8acd-c4289e8b406d +vulnerability,CVE-2024-11974,vulnerability--390d0301-e831-40a1-97a5-35b77d1ea3e0 +vulnerability,CVE-2024-41766,vulnerability--3dd2b714-9cc7-407e-b03a-69086ddbad7c +vulnerability,CVE-2024-41768,vulnerability--8d8cc659-f48e-43f8-9beb-fc4f04a19f3a +vulnerability,CVE-2024-41767,vulnerability--f85edfea-d73c-4217-ab58-d35a9c0949ac +vulnerability,CVE-2024-41765,vulnerability--ab2f8eea-7ad1-4ff6-bdb3-0e37b7cf387e +vulnerability,CVE-2024-41763,vulnerability--bbeb64ac-4c23-4765-944c-93ef393e2d0d +vulnerability,CVE-2025-22390,vulnerability--8f0de014-2990-432c-8b90-a56df0c1c1fc +vulnerability,CVE-2025-22385,vulnerability--3a7b33b7-d23d-424c-b937-41151dc1008e +vulnerability,CVE-2025-22383,vulnerability--be67e2b5-be1a-420f-b75b-eb4933197021 +vulnerability,CVE-2025-22388,vulnerability--188d2221-31b3-4961-9cff-fae9d93fa96f +vulnerability,CVE-2025-22386,vulnerability--3dfe7af4-f71a-4b30-b066-e98db925d7fa +vulnerability,CVE-2025-22389,vulnerability--a620b0ca-0f35-40ce-b310-b9a3a71b995f +vulnerability,CVE-2025-22387,vulnerability--fbcf69ab-55bf-4f83-995c-964cdbd3a227 +vulnerability,CVE-2025-22384,vulnerability--4fdd445d-1ff1-4e9b-92a2-32b666896071 +vulnerability,CVE-2025-0202,vulnerability--d5344e0b-401d-478e-b829-5762cda44286 +vulnerability,CVE-2025-0212,vulnerability--0fc6c086-2500-429a-b625-ba32e708f107 +vulnerability,CVE-2025-0204,vulnerability--c608a226-dff2-4cc2-bb56-c35cbfedbd0f +vulnerability,CVE-2025-0201,vulnerability--0d35ec05-b779-4c83-a40b-ad41dbfdfcb4 +vulnerability,CVE-2025-0200,vulnerability--de6a1dc0-a1ec-4491-82c0-6f3992f9d80a +vulnerability,CVE-2025-0213,vulnerability--262369f1-e68b-4bff-bdd5-bd0dde71f95e +vulnerability,CVE-2025-0210,vulnerability--8fa361a0-6823-4fe5-b059-533d0160fee3 +vulnerability,CVE-2025-0208,vulnerability--3cd9c1ba-6976-438e-a6dd-f4bf0d2a4ded +vulnerability,CVE-2025-0206,vulnerability--afa39420-be77-4f36-a121-fd3088159c8a +vulnerability,CVE-2025-0207,vulnerability--ce5a5b20-a3b3-4239-8bc5-0ae7b52720c0 +vulnerability,CVE-2025-0205,vulnerability--e7ac9d27-90fd-42a3-af78-8e1092be7db4 +vulnerability,CVE-2025-0214,vulnerability--e09f2db8-6062-492e-b211-b8c0eb71302b +vulnerability,CVE-2025-0211,vulnerability--6736c90c-ceb2-4199-a890-6a669d4e31a3 +vulnerability,CVE-2025-0203,vulnerability--5b0ae69e-df52-42ac-9d36-dc94d366891d diff --git a/objects/vulnerability/vulnerability--066834b9-1029-44a6-8c9c-4a94156b43ce.json b/objects/vulnerability/vulnerability--066834b9-1029-44a6-8c9c-4a94156b43ce.json new file mode 100644 index 0000000000..32fc9c6347 --- /dev/null +++ b/objects/vulnerability/vulnerability--066834b9-1029-44a6-8c9c-4a94156b43ce.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0d1d6205-4a0f-44b9-9e3b-1972bdfdf82e", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--066834b9-1029-44a6-8c9c-4a94156b43ce", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:22:59.482148Z", + "modified": "2025-01-05T00:22:59.482148Z", + "name": "CVE-2024-12195", + "description": "The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to, and including, 2.6.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, who have been granted access to a project, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12195" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0d35ec05-b779-4c83-a40b-ad41dbfdfcb4.json b/objects/vulnerability/vulnerability--0d35ec05-b779-4c83-a40b-ad41dbfdfcb4.json new file mode 100644 index 0000000000..6f5c17e6d6 --- /dev/null +++ b/objects/vulnerability/vulnerability--0d35ec05-b779-4c83-a40b-ad41dbfdfcb4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b1e505ce-233b-4a58-b84d-bb22e574dc3a", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0d35ec05-b779-4c83-a40b-ad41dbfdfcb4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.512471Z", + "modified": "2025-01-05T00:23:11.512471Z", + "name": "CVE-2025-0201", + "description": "A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/update_account.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0201" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--0fc6c086-2500-429a-b625-ba32e708f107.json b/objects/vulnerability/vulnerability--0fc6c086-2500-429a-b625-ba32e708f107.json new file mode 100644 index 0000000000..d1a6d9f253 --- /dev/null +++ b/objects/vulnerability/vulnerability--0fc6c086-2500-429a-b625-ba32e708f107.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--8f08626e-1eec-4df3-9e9a-d72c01daa025", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--0fc6c086-2500-429a-b625-ba32e708f107", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.507848Z", + "modified": "2025-01-05T00:23:11.507848Z", + "name": "CVE-2025-0212", + "description": "A vulnerability was found in Campcodes Student Grading System 1.0. It has been classified as critical. This affects an unknown part of the file /view_students.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0212" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--15b40dcb-5163-4d61-98d7-e7156f8dfc4d.json b/objects/vulnerability/vulnerability--15b40dcb-5163-4d61-98d7-e7156f8dfc4d.json new file mode 100644 index 0000000000..0428987f75 --- /dev/null +++ b/objects/vulnerability/vulnerability--15b40dcb-5163-4d61-98d7-e7156f8dfc4d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--89330bf3-12af-4e29-bed0-0e17b797b922", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--15b40dcb-5163-4d61-98d7-e7156f8dfc4d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:22:59.478167Z", + "modified": "2025-01-05T00:22:59.478167Z", + "name": "CVE-2024-12047", + "description": "The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12047" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--188d2221-31b3-4961-9cff-fae9d93fa96f.json b/objects/vulnerability/vulnerability--188d2221-31b3-4961-9cff-fae9d93fa96f.json new file mode 100644 index 0000000000..97114beda0 --- /dev/null +++ b/objects/vulnerability/vulnerability--188d2221-31b3-4961-9cff-fae9d93fa96f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b0fdb988-2ed2-4607-8bf7-d3666abad6c2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--188d2221-31b3-4961-9cff-fae9d93fa96f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.411556Z", + "modified": "2025-01-05T00:23:11.411556Z", + "name": "CVE-2025-22388", + "description": "An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22388" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--1c2d3c64-8f10-4591-933f-8ef38ee30ffa.json b/objects/vulnerability/vulnerability--1c2d3c64-8f10-4591-933f-8ef38ee30ffa.json new file mode 100644 index 0000000000..f4ccb206b1 --- /dev/null +++ b/objects/vulnerability/vulnerability--1c2d3c64-8f10-4591-933f-8ef38ee30ffa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--de854a81-7dea-4f4c-85ca-da9eb49da2c1", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--1c2d3c64-8f10-4591-933f-8ef38ee30ffa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:22:59.573583Z", + "modified": "2025-01-05T00:22:59.573583Z", + "name": "CVE-2024-10932", + "description": "The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site in order to trigger the exploit.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10932" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--262369f1-e68b-4bff-bdd5-bd0dde71f95e.json b/objects/vulnerability/vulnerability--262369f1-e68b-4bff-bdd5-bd0dde71f95e.json new file mode 100644 index 0000000000..11f3d414f5 --- /dev/null +++ b/objects/vulnerability/vulnerability--262369f1-e68b-4bff-bdd5-bd0dde71f95e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b18440b5-01c5-4f54-add2-f65a39e8da16", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--262369f1-e68b-4bff-bdd5-bd0dde71f95e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.517678Z", + "modified": "2025-01-05T00:23:11.517678Z", + "name": "CVE-2025-0213", + "description": "A vulnerability was found in Campcodes Project Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forms/update_forms.php?action=change_pic2&id=4. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0213" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--390d0301-e831-40a1-97a5-35b77d1ea3e0.json b/objects/vulnerability/vulnerability--390d0301-e831-40a1-97a5-35b77d1ea3e0.json new file mode 100644 index 0000000000..1cb8678f7a --- /dev/null +++ b/objects/vulnerability/vulnerability--390d0301-e831-40a1-97a5-35b77d1ea3e0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f5e1fd91-d1f5-4bee-93b3-45377d64269b", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--390d0301-e831-40a1-97a5-35b77d1ea3e0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:00.020392Z", + "modified": "2025-01-05T00:23:00.020392Z", + "name": "CVE-2024-11974", + "description": "The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions up to, and including, 3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11974" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3a7b33b7-d23d-424c-b937-41151dc1008e.json b/objects/vulnerability/vulnerability--3a7b33b7-d23d-424c-b937-41151dc1008e.json new file mode 100644 index 0000000000..c1d8aefc77 --- /dev/null +++ b/objects/vulnerability/vulnerability--3a7b33b7-d23d-424c-b937-41151dc1008e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e0f57421-633d-48cf-acfa-2f414b20806d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3a7b33b7-d23d-424c-b937-41151dc1008e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.406258Z", + "modified": "2025-01-05T00:23:11.406258Z", + "name": "CVE-2025-22385", + "description": "An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested storefront accounts can be created on behalf of visitors.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22385" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3cd9c1ba-6976-438e-a6dd-f4bf0d2a4ded.json b/objects/vulnerability/vulnerability--3cd9c1ba-6976-438e-a6dd-f4bf0d2a4ded.json new file mode 100644 index 0000000000..5874ce11c5 --- /dev/null +++ b/objects/vulnerability/vulnerability--3cd9c1ba-6976-438e-a6dd-f4bf0d2a4ded.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--87e2c5cc-fc02-4f3e-933c-905475e37492", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3cd9c1ba-6976-438e-a6dd-f4bf0d2a4ded", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.519734Z", + "modified": "2025-01-05T00:23:11.519734Z", + "name": "CVE-2025-0208", + "description": "A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0208" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3dd2b714-9cc7-407e-b03a-69086ddbad7c.json b/objects/vulnerability/vulnerability--3dd2b714-9cc7-407e-b03a-69086ddbad7c.json new file mode 100644 index 0000000000..4687677456 --- /dev/null +++ b/objects/vulnerability/vulnerability--3dd2b714-9cc7-407e-b03a-69086ddbad7c.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4ecce9ac-a40f-4a8e-99f7-ca4890455f03", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3dd2b714-9cc7-407e-b03a-69086ddbad7c", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:00.578195Z", + "modified": "2025-01-05T00:23:00.578195Z", + "name": "CVE-2024-41766", + "description": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41766" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--3dfe7af4-f71a-4b30-b066-e98db925d7fa.json b/objects/vulnerability/vulnerability--3dfe7af4-f71a-4b30-b066-e98db925d7fa.json new file mode 100644 index 0000000000..e7ba5eb4a2 --- /dev/null +++ b/objects/vulnerability/vulnerability--3dfe7af4-f71a-4b30-b066-e98db925d7fa.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f95ac595-d665-45ff-aa53-3ee062c38ee2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--3dfe7af4-f71a-4b30-b066-e98db925d7fa", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.417679Z", + "modified": "2025-01-05T00:23:11.417679Z", + "name": "CVE-2025-22386", + "description": "An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22386" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--4fdd445d-1ff1-4e9b-92a2-32b666896071.json b/objects/vulnerability/vulnerability--4fdd445d-1ff1-4e9b-92a2-32b666896071.json new file mode 100644 index 0000000000..3f016e4c6c --- /dev/null +++ b/objects/vulnerability/vulnerability--4fdd445d-1ff1-4e9b-92a2-32b666896071.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--c98f5ecb-8c4b-421f-b795-8f4306ebdcde", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--4fdd445d-1ff1-4e9b-92a2-32b666896071", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.42425Z", + "modified": "2025-01-05T00:23:11.42425Z", + "name": "CVE-2025-22384", + "description": "An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22384" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--5b0ae69e-df52-42ac-9d36-dc94d366891d.json b/objects/vulnerability/vulnerability--5b0ae69e-df52-42ac-9d36-dc94d366891d.json new file mode 100644 index 0000000000..31ac2371a3 --- /dev/null +++ b/objects/vulnerability/vulnerability--5b0ae69e-df52-42ac-9d36-dc94d366891d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--231ce5ee-6855-4223-b72a-0517d23ba38d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--5b0ae69e-df52-42ac-9d36-dc94d366891d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.529011Z", + "modified": "2025-01-05T00:23:11.529011Z", + "name": "CVE-2025-0203", + "description": "A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0203" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6736c90c-ceb2-4199-a890-6a669d4e31a3.json b/objects/vulnerability/vulnerability--6736c90c-ceb2-4199-a890-6a669d4e31a3.json new file mode 100644 index 0000000000..f86a2dc79a --- /dev/null +++ b/objects/vulnerability/vulnerability--6736c90c-ceb2-4199-a890-6a669d4e31a3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--979da1ac-b907-456d-a05d-fd26f4b64108", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6736c90c-ceb2-4199-a890-6a669d4e31a3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.527493Z", + "modified": "2025-01-05T00:23:11.527493Z", + "name": "CVE-2025-0211", + "description": "A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0211" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--6a16fc20-dad1-4f1a-a3f6-ba19e509b525.json b/objects/vulnerability/vulnerability--6a16fc20-dad1-4f1a-a3f6-ba19e509b525.json new file mode 100644 index 0000000000..e271567cfb --- /dev/null +++ b/objects/vulnerability/vulnerability--6a16fc20-dad1-4f1a-a3f6-ba19e509b525.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--4b41cf40-ba71-4841-847d-f902ca5b2c34", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--6a16fc20-dad1-4f1a-a3f6-ba19e509b525", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:22:59.456863Z", + "modified": "2025-01-05T00:22:59.456863Z", + "name": "CVE-2024-12221", + "description": "The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12221" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8d8cc659-f48e-43f8-9beb-fc4f04a19f3a.json b/objects/vulnerability/vulnerability--8d8cc659-f48e-43f8-9beb-fc4f04a19f3a.json new file mode 100644 index 0000000000..505335891a --- /dev/null +++ b/objects/vulnerability/vulnerability--8d8cc659-f48e-43f8-9beb-fc4f04a19f3a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--1d899d6d-b075-46f1-9a4a-d5bf168e7f81", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8d8cc659-f48e-43f8-9beb-fc4f04a19f3a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:00.603901Z", + "modified": "2025-01-05T00:23:00.603901Z", + "name": "CVE-2024-41768", + "description": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41768" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8f0de014-2990-432c-8b90-a56df0c1c1fc.json b/objects/vulnerability/vulnerability--8f0de014-2990-432c-8b90-a56df0c1c1fc.json new file mode 100644 index 0000000000..8e184d5ae2 --- /dev/null +++ b/objects/vulnerability/vulnerability--8f0de014-2990-432c-8b90-a56df0c1c1fc.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b1ee6b6e-7c58-4a00-8c48-59d4c57d9ddb", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8f0de014-2990-432c-8b90-a56df0c1c1fc", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.393246Z", + "modified": "2025-01-05T00:23:11.393246Z", + "name": "CVE-2025-22390", + "description": "An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22390" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--8fa361a0-6823-4fe5-b059-533d0160fee3.json b/objects/vulnerability/vulnerability--8fa361a0-6823-4fe5-b059-533d0160fee3.json new file mode 100644 index 0000000000..a7082492a6 --- /dev/null +++ b/objects/vulnerability/vulnerability--8fa361a0-6823-4fe5-b059-533d0160fee3.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f4980b0a-6d4d-496b-a444-5486f7b3cc53", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--8fa361a0-6823-4fe5-b059-533d0160fee3", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.518723Z", + "modified": "2025-01-05T00:23:11.518723Z", + "name": "CVE-2025-0210", + "description": "A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0210" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--902b8241-e42e-452e-af39-303e9d127f32.json b/objects/vulnerability/vulnerability--902b8241-e42e-452e-af39-303e9d127f32.json new file mode 100644 index 0000000000..9c0dfb3f01 --- /dev/null +++ b/objects/vulnerability/vulnerability--902b8241-e42e-452e-af39-303e9d127f32.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--f8d4dc0c-57f3-450d-92a8-f560b91c2199", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--902b8241-e42e-452e-af39-303e9d127f32", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:22:59.491275Z", + "modified": "2025-01-05T00:22:59.491275Z", + "name": "CVE-2024-12545", + "description": "The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the plugin’s installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12545" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--9f001217-aff2-4bda-a241-f14964833c37.json b/objects/vulnerability/vulnerability--9f001217-aff2-4bda-a241-f14964833c37.json new file mode 100644 index 0000000000..b94b254b71 --- /dev/null +++ b/objects/vulnerability/vulnerability--9f001217-aff2-4bda-a241-f14964833c37.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--85bd1a19-f1bc-4cf5-bbd0-06acd25a3da4", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--9f001217-aff2-4bda-a241-f14964833c37", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:22:59.474075Z", + "modified": "2025-01-05T00:22:59.474075Z", + "name": "CVE-2024-12583", + "description": "The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12583" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a620b0ca-0f35-40ce-b310-b9a3a71b995f.json b/objects/vulnerability/vulnerability--a620b0ca-0f35-40ce-b310-b9a3a71b995f.json new file mode 100644 index 0000000000..51f9950338 --- /dev/null +++ b/objects/vulnerability/vulnerability--a620b0ca-0f35-40ce-b310-b9a3a71b995f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--04aeecc9-1ab5-4ef4-9c7c-02d2353bc1fd", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a620b0ca-0f35-40ce-b310-b9a3a71b995f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.419513Z", + "modified": "2025-01-05T00:23:11.419513Z", + "name": "CVE-2025-22389", + "description": "An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22389" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--a68b8519-4fd6-4798-9686-17600020b145.json b/objects/vulnerability/vulnerability--a68b8519-4fd6-4798-9686-17600020b145.json new file mode 100644 index 0000000000..eb7266a369 --- /dev/null +++ b/objects/vulnerability/vulnerability--a68b8519-4fd6-4798-9686-17600020b145.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--5068f89a-6a5a-462a-bb81-62fe13bb0c6d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--a68b8519-4fd6-4798-9686-17600020b145", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:22:59.444041Z", + "modified": "2025-01-05T00:22:59.444041Z", + "name": "CVE-2024-12701", + "description": "The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12701" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ab2f8eea-7ad1-4ff6-bdb3-0e37b7cf387e.json b/objects/vulnerability/vulnerability--ab2f8eea-7ad1-4ff6-bdb3-0e37b7cf387e.json new file mode 100644 index 0000000000..4bd2434652 --- /dev/null +++ b/objects/vulnerability/vulnerability--ab2f8eea-7ad1-4ff6-bdb3-0e37b7cf387e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e12b8c4a-1f93-4d76-8538-23d9336c127c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ab2f8eea-7ad1-4ff6-bdb3-0e37b7cf387e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:00.619249Z", + "modified": "2025-01-05T00:23:00.619249Z", + "name": "CVE-2024-41765", + "description": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41765" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--afa39420-be77-4f36-a121-fd3088159c8a.json b/objects/vulnerability/vulnerability--afa39420-be77-4f36-a121-fd3088159c8a.json new file mode 100644 index 0000000000..1c2acfc12c --- /dev/null +++ b/objects/vulnerability/vulnerability--afa39420-be77-4f36-a121-fd3088159c8a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--e50682e3-1109-471b-8ea3-51d81ea01e61", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--afa39420-be77-4f36-a121-fd3088159c8a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.522014Z", + "modified": "2025-01-05T00:23:11.522014Z", + "name": "CVE-2025-0206", + "description": "A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0206" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bb614ee0-db36-42d5-a8e6-de567fab6a0e.json b/objects/vulnerability/vulnerability--bb614ee0-db36-42d5-a8e6-de567fab6a0e.json new file mode 100644 index 0000000000..0c52cc6ea3 --- /dev/null +++ b/objects/vulnerability/vulnerability--bb614ee0-db36-42d5-a8e6-de567fab6a0e.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--dcf31188-316b-42c1-a55e-574450864ec0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bb614ee0-db36-42d5-a8e6-de567fab6a0e", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:22:59.529138Z", + "modified": "2025-01-05T00:22:59.529138Z", + "name": "CVE-2024-10957", + "description": "The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-10957" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bbeb64ac-4c23-4765-944c-93ef393e2d0d.json b/objects/vulnerability/vulnerability--bbeb64ac-4c23-4765-944c-93ef393e2d0d.json new file mode 100644 index 0000000000..9f341c05fa --- /dev/null +++ b/objects/vulnerability/vulnerability--bbeb64ac-4c23-4765-944c-93ef393e2d0d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--a2f692c9-fa5d-49a0-ab9b-7a55d5ac8866", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bbeb64ac-4c23-4765-944c-93ef393e2d0d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:00.622319Z", + "modified": "2025-01-05T00:23:00.622319Z", + "name": "CVE-2024-41763", + "description": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41763" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--bcc352d0-5943-4598-84f1-44b893e5d2db.json b/objects/vulnerability/vulnerability--bcc352d0-5943-4598-84f1-44b893e5d2db.json new file mode 100644 index 0000000000..b509b3513e --- /dev/null +++ b/objects/vulnerability/vulnerability--bcc352d0-5943-4598-84f1-44b893e5d2db.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--816fbeaf-7fb0-4eb3-b6fc-1f383f0a5273", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--bcc352d0-5943-4598-84f1-44b893e5d2db", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:22:59.460191Z", + "modified": "2025-01-05T00:22:59.460191Z", + "name": "CVE-2024-12279", + "description": "The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12279" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--be67e2b5-be1a-420f-b75b-eb4933197021.json b/objects/vulnerability/vulnerability--be67e2b5-be1a-420f-b75b-eb4933197021.json new file mode 100644 index 0000000000..3ef276c61a --- /dev/null +++ b/objects/vulnerability/vulnerability--be67e2b5-be1a-420f-b75b-eb4933197021.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--2f301213-2545-4833-aff8-e2e470fe2c72", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--be67e2b5-be1a-420f-b75b-eb4933197021", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.409528Z", + "modified": "2025-01-05T00:23:11.409528Z", + "name": "CVE-2025-22383", + "description": "An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific scenarios.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22383" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--c608a226-dff2-4cc2-bb56-c35cbfedbd0f.json b/objects/vulnerability/vulnerability--c608a226-dff2-4cc2-bb56-c35cbfedbd0f.json new file mode 100644 index 0000000000..1b03feafc7 --- /dev/null +++ b/objects/vulnerability/vulnerability--c608a226-dff2-4cc2-bb56-c35cbfedbd0f.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--94a507b6-a65a-4080-88d2-902aaa87697d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--c608a226-dff2-4cc2-bb56-c35cbfedbd0f", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.510398Z", + "modified": "2025-01-05T00:23:11.510398Z", + "name": "CVE-2025-0204", + "description": "A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0204" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ce5a5b20-a3b3-4239-8bc5-0ae7b52720c0.json b/objects/vulnerability/vulnerability--ce5a5b20-a3b3-4239-8bc5-0ae7b52720c0.json new file mode 100644 index 0000000000..e0bf52b088 --- /dev/null +++ b/objects/vulnerability/vulnerability--ce5a5b20-a3b3-4239-8bc5-0ae7b52720c0.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7a0be234-1b9b-4b4b-a10c-4822b1315e01", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ce5a5b20-a3b3-4239-8bc5-0ae7b52720c0", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.52299Z", + "modified": "2025-01-05T00:23:11.52299Z", + "name": "CVE-2025-0207", + "description": "A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0207" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--d5344e0b-401d-478e-b829-5762cda44286.json b/objects/vulnerability/vulnerability--d5344e0b-401d-478e-b829-5762cda44286.json new file mode 100644 index 0000000000..1307b83444 --- /dev/null +++ b/objects/vulnerability/vulnerability--d5344e0b-401d-478e-b829-5762cda44286.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--abf84e2c-7dde-40e4-a145-e08983422fa2", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--d5344e0b-401d-478e-b829-5762cda44286", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.506868Z", + "modified": "2025-01-05T00:23:11.506868Z", + "name": "CVE-2025-0202", + "description": "A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an unknown part of the file /REPORTS/REPORTS_SHOW_FILE.jsp. The manipulation of the argument FilePath leads to file inclusion.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0202" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--de6a1dc0-a1ec-4491-82c0-6f3992f9d80a.json b/objects/vulnerability/vulnerability--de6a1dc0-a1ec-4491-82c0-6f3992f9d80a.json new file mode 100644 index 0000000000..03a300afa2 --- /dev/null +++ b/objects/vulnerability/vulnerability--de6a1dc0-a1ec-4491-82c0-6f3992f9d80a.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--475a33eb-8a07-4f35-8c7d-611a7409386c", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--de6a1dc0-a1ec-4491-82c0-6f3992f9d80a", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.514813Z", + "modified": "2025-01-05T00:23:11.514813Z", + "name": "CVE-2025-0200", + "description": "A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /user/search_num.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0200" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e09f2db8-6062-492e-b211-b8c0eb71302b.json b/objects/vulnerability/vulnerability--e09f2db8-6062-492e-b211-b8c0eb71302b.json new file mode 100644 index 0000000000..f266a053a1 --- /dev/null +++ b/objects/vulnerability/vulnerability--e09f2db8-6062-492e-b211-b8c0eb71302b.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--93738e8c-dca9-4f54-a587-3a9316a98ad8", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e09f2db8-6062-492e-b211-b8c0eb71302b", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.525064Z", + "modified": "2025-01-05T00:23:11.525064Z", + "name": "CVE-2025-0214", + "description": "A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as problematic. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument headermenu_id leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0214" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--e7ac9d27-90fd-42a3-af78-8e1092be7db4.json b/objects/vulnerability/vulnerability--e7ac9d27-90fd-42a3-af78-8e1092be7db4.json new file mode 100644 index 0000000000..818abcee8f --- /dev/null +++ b/objects/vulnerability/vulnerability--e7ac9d27-90fd-42a3-af78-8e1092be7db4.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--3362a232-2f6f-40de-a2b7-c352495faec7", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--e7ac9d27-90fd-42a3-af78-8e1092be7db4", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.524003Z", + "modified": "2025-01-05T00:23:11.524003Z", + "name": "CVE-2025-0205", + "description": "A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-0205" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--ec7a43df-9e1d-4d46-a946-f5c006912ac5.json b/objects/vulnerability/vulnerability--ec7a43df-9e1d-4d46-a946-f5c006912ac5.json new file mode 100644 index 0000000000..01bbbcbdb5 --- /dev/null +++ b/objects/vulnerability/vulnerability--ec7a43df-9e1d-4d46-a946-f5c006912ac5.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0fc43ea8-217a-4162-97d0-2165cb8eeadf", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--ec7a43df-9e1d-4d46-a946-f5c006912ac5", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:22:59.508371Z", + "modified": "2025-01-05T00:22:59.508371Z", + "name": "CVE-2024-12475", + "description": "The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-12475" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--f85edfea-d73c-4217-ab58-d35a9c0949ac.json b/objects/vulnerability/vulnerability--f85edfea-d73c-4217-ab58-d35a9c0949ac.json new file mode 100644 index 0000000000..44a211d620 --- /dev/null +++ b/objects/vulnerability/vulnerability--f85edfea-d73c-4217-ab58-d35a9c0949ac.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--7f5ca8f5-1250-4c09-8c19-5fdb1fc6ef3d", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--f85edfea-d73c-4217-ab58-d35a9c0949ac", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:00.612206Z", + "modified": "2025-01-05T00:23:00.612206Z", + "name": "CVE-2024-41767", + "description": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-41767" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fb21438d-153e-4afd-8acd-c4289e8b406d.json b/objects/vulnerability/vulnerability--fb21438d-153e-4afd-8acd-c4289e8b406d.json new file mode 100644 index 0000000000..84c8e2851c --- /dev/null +++ b/objects/vulnerability/vulnerability--fb21438d-153e-4afd-8acd-c4289e8b406d.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--0271415b-af5d-4fdc-9b20-e8f17cafbbb0", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fb21438d-153e-4afd-8acd-c4289e8b406d", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:22:59.978565Z", + "modified": "2025-01-05T00:22:59.978565Z", + "name": "CVE-2024-11930", + "description": "The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2024-11930" + } + ] + } + ] +} \ No newline at end of file diff --git a/objects/vulnerability/vulnerability--fbcf69ab-55bf-4f83-995c-964cdbd3a227.json b/objects/vulnerability/vulnerability--fbcf69ab-55bf-4f83-995c-964cdbd3a227.json new file mode 100644 index 0000000000..230d131a8a --- /dev/null +++ b/objects/vulnerability/vulnerability--fbcf69ab-55bf-4f83-995c-964cdbd3a227.json @@ -0,0 +1,22 @@ +{ + "type": "bundle", + "id": "bundle--b8e53434-c44b-4049-9225-f9b1102ac1c5", + "objects": [ + { + "type": "vulnerability", + "spec_version": "2.1", + "id": "vulnerability--fbcf69ab-55bf-4f83-995c-964cdbd3a227", + "created_by_ref": "identity--8ce3f695-d5a4-4dc8-9e93-a65af453a31a", + "created": "2025-01-05T00:23:11.421943Z", + "modified": "2025-01-05T00:23:11.421943Z", + "name": "CVE-2025-22387", + "description": "An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.", + "external_references": [ + { + "source_name": "cve", + "external_id": "CVE-2025-22387" + } + ] + } + ] +} \ No newline at end of file