mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-13 19:42:57 +00:00
65 lines
3.0 KiB
JSON
65 lines
3.0 KiB
JSON
{
|
|
"epss_movers": [],
|
|
"generated": "2025-12-17",
|
|
"new_high_epss": [
|
|
{
|
|
"cve": "CVE-2025-8943",
|
|
"epss": 0.6583,
|
|
"percentile": 0.98431,
|
|
"poc_count": 1,
|
|
"summary": "The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks ro..."
|
|
},
|
|
{
|
|
"cve": "CVE-2025-8518",
|
|
"epss": 0.33903,
|
|
"percentile": 0.96794,
|
|
"poc_count": 1,
|
|
"summary": "A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation l..."
|
|
},
|
|
{
|
|
"cve": "CVE-2025-8730",
|
|
"epss": 0.11861,
|
|
"percentile": 0.93482,
|
|
"poc_count": 2,
|
|
"summary": "A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-c..."
|
|
},
|
|
{
|
|
"cve": "CVE-2025-7795",
|
|
"epss": 0.096,
|
|
"percentile": 0.926,
|
|
"poc_count": 3,
|
|
"summary": "A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument pa..."
|
|
},
|
|
{
|
|
"cve": "CVE-2025-9090",
|
|
"epss": 0.0924,
|
|
"percentile": 0.92438,
|
|
"poc_count": 4,
|
|
"summary": "A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible..."
|
|
},
|
|
{
|
|
"cve": "CVE-2025-8085",
|
|
"epss": 0.07832,
|
|
"percentile": 0.91666,
|
|
"poc_count": 1,
|
|
"summary": "The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs."
|
|
}
|
|
],
|
|
"new_kev_entries": [
|
|
{
|
|
"cve": "CVE-2025-6218",
|
|
"date_added": "2025-12-09",
|
|
"due_date": "2025-12-30",
|
|
"epss": null,
|
|
"notes": "https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6218",
|
|
"percentile": null,
|
|
"poc_count": 10,
|
|
"product": "WinRAR",
|
|
"required_action": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
"short_description": "RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.",
|
|
"vendor": "RARLAB"
|
|
}
|
|
],
|
|
"removed_high_epss": [],
|
|
"removed_kev_entries": []
|
|
} |