Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    260 vulnerabilities

    CVE-2026-45448 (GCVE-0-2026-45448)

    Vulnerability from cvelistv5 – Published: 2026-05-14 16:48 – Updated: 2026-05-14 18:35
    VLAI
    Title
    ntopng - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
    Summary
    CWE-601 URL redirection to untrusted site ('open redirect')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL redirection to untrusted site ('open redirect')
    Assigner
    Impacted products
    Vendor Product Version
    ntop ntopng Affected: ntopng-6.7.251215
    Create a notification for this product.
    Date Public
    2026-05-14 16:43
    Credits
    Sami Mirov
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45448",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T18:35:20.018392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T18:35:32.924Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "ntopng",
              "vendor": "ntop",
              "versions": [
                {
                  "status": "affected",
                  "version": "ntopng-6.7.251215"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sami Mirov"
            }
          ],
          "datePublic": "2026-05-14T16:43:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)"
                }
              ],
              "value": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T16:48:18.847Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to latest version."
                }
              ],
              "value": "Update to latest version."
            }
          ],
          "source": {
            "advisory": "ILVN-2026-0260",
            "discovery": "UNKNOWN"
          },
          "title": "ntopng - CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2026-45448",
        "datePublished": "2026-05-14T16:48:18.847Z",
        "dateReserved": "2026-05-12T15:11:23.921Z",
        "dateUpdated": "2026-05-14T18:35:32.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6923 (GCVE-0-2026-6923)

    Vulnerability from cvelistv5 – Published: 2026-05-14 16:14 – Updated: 2026-05-14 18:33
    VLAI
    Title
    Nuvoton - CWE-1300: Improper Protection of Physical Side Channels
    Summary
    A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1300 - Improper protection of physical side channels
    Assigner
    Impacted products
    Vendor Product Version
    Nuvoton NPCT7xx Affected: all versions below 7.2.4.0 (cpe)
    Create a notification for this product.
    Date Public
    2026-05-14 16:01
    Credits
    Robin Muller, Roman Korkikian - uSec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-14T18:32:58.551244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-14T18:33:12.447Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NPCT7xx",
              "vendor": "Nuvoton",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions below 7.2.4.0",
                  "versionType": "cpe"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Robin Muller, Roman Korkikian - uSec"
            }
          ],
          "datePublic": "2026-05-14T16:01:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key."
                }
              ],
              "value": "A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1300",
                  "description": "CWE-1300 Improper protection of physical side channels",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T16:14:33.541Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to version 7.2.4.0 or above."
                }
              ],
              "value": "Upgrade to version 7.2.4.0 or above."
            }
          ],
          "source": {
            "advisory": "ILVN-2026-0259",
            "discovery": "UNKNOWN"
          },
          "title": "Nuvoton - CWE-1300: Improper Protection of Physical Side Channels",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2026-6923",
        "datePublished": "2026-05-14T16:14:33.541Z",
        "dateReserved": "2026-04-23T16:23:24.316Z",
        "dateUpdated": "2026-05-14T18:33:12.447Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55065 (GCVE-0-2025-55065)

    Vulnerability from cvelistv5 – Published: 2026-01-01 18:30 – Updated: 2026-01-05 21:02
    VLAI
    Summary
    CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Date Public
    2026-01-01 18:22
    Credits
    Gad Abuhatziera, Nimrod Bickels, Itay Cherdman - Sophtix Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55065",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-05T21:01:51.562571Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-05T21:02:02.100Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "ReKord client",
              "vendor": "Kopek Reem",
              "versions": [
                {
                  "status": "affected",
                  "version": "latest"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Gad Abuhatziera, Nimrod Bickels, Itay Cherdman - Sophtix Security"
            }
          ],
          "datePublic": "2026-01-01T18:22:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\u003cbr\u003e"
                }
              ],
              "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-01T18:30:45.844Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0258",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55065",
        "datePublished": "2026-01-01T18:30:45.844Z",
        "dateReserved": "2025-08-06T11:06:54.841Z",
        "dateUpdated": "2026-01-05T21:02:02.100Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55064 (GCVE-0-2025-55064)

    Vulnerability from cvelistv5 – Published: 2025-12-29 17:23 – Updated: 2025-12-29 18:54
    VLAI
    Title
    Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Summary
    CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Priority Web Affected: 24.1 and below
    Create a notification for this product.
    Date Public
    2025-12-29 17:20
    Credits
    Itamar Zalisher - MadSec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55064",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T18:54:13.358693Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T18:54:19.110Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web",
              "vendor": "Priority",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.1 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Itamar Zalisher - MadSec"
            }
          ],
          "datePublic": "2025-12-29T17:20:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
                }
              ],
              "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T17:23:31.236Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to the latest version or the fixed versions: 22.1, 23.0, 23.1, 24.0, 24.1.\u003cbr\u003e"
                }
              ],
              "value": "Upgrade to the latest version or the fixed versions: 22.1, 23.0, 23.1, 24.0, 24.1."
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0257",
            "discovery": "UNKNOWN"
          },
          "title": "Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55064",
        "datePublished": "2025-12-29T17:23:31.236Z",
        "dateReserved": "2025-08-06T11:06:54.841Z",
        "dateUpdated": "2025-12-29T18:54:19.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55063 (GCVE-0-2025-55063)

    Vulnerability from cvelistv5 – Published: 2025-12-29 17:19 – Updated: 2025-12-29 18:00
    VLAI
    Title
    Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Summary
    CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Priority Web Affected: 23.0 and below
    Create a notification for this product.
    Date Public
    2025-12-29 17:19
    Credits
    Dudu Moyal - Peersec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55063",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T17:59:50.726723Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T18:00:32.074Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web",
              "vendor": "Priority",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.0 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dudu Moyal - Peersec"
            }
          ],
          "datePublic": "2025-12-29T17:19:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
                }
              ],
              "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T17:19:52.718Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to the latest version"
                }
              ],
              "value": "Upgrade to the latest version"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0256",
            "discovery": "UNKNOWN"
          },
          "title": "Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55063",
        "datePublished": "2025-12-29T17:19:52.718Z",
        "dateReserved": "2025-08-06T11:06:54.841Z",
        "dateUpdated": "2025-12-29T18:00:32.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55062 (GCVE-0-2025-55062)

    Vulnerability from cvelistv5 – Published: 2025-12-29 17:18 – Updated: 2025-12-29 18:01
    VLAI
    Title
    Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Summary
    CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Priority Web Affected: 23.0 and below
    Create a notification for this product.
    Date Public
    2025-12-29 17:15
    Credits
    Dudu Moyal - Peersec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55062",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T18:00:54.865452Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T18:01:06.869Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web",
              "vendor": "Priority",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.0 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dudu Moyal - Peersec"
            }
          ],
          "datePublic": "2025-12-29T17:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
                }
              ],
              "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T17:18:50.684Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to the latest version"
                }
              ],
              "value": "Upgrade to the latest version"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0255",
            "discovery": "UNKNOWN"
          },
          "title": "Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55062",
        "datePublished": "2025-12-29T17:18:00.526Z",
        "dateReserved": "2025-08-06T11:06:54.841Z",
        "dateUpdated": "2025-12-29T18:01:06.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55061 (GCVE-0-2025-55061)

    Vulnerability from cvelistv5 – Published: 2025-12-29 17:14 – Updated: 2025-12-29 18:02
    VLAI
    Title
    Priority - CWE-434 Unrestricted Upload of File with Dangerous Type
    Summary
    CWE-434 Unrestricted Upload of File with Dangerous Type
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    Priority Web Affected: 23.0 and below
    Create a notification for this product.
    Date Public
    2025-12-29 17:11
    Credits
    Dudu Moyal - Peersec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55061",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T18:01:58.837360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T18:02:34.082Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web",
              "vendor": "Priority",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.0 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dudu Moyal - Peersec"
            }
          ],
          "datePublic": "2025-12-29T17:11:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                }
              ],
              "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T17:14:36.328Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to the latest version"
                }
              ],
              "value": "Upgrade to the latest version"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0254",
            "discovery": "UNKNOWN"
          },
          "title": "Priority - CWE-434 Unrestricted Upload of File with Dangerous Type",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55061",
        "datePublished": "2025-12-29T17:14:36.328Z",
        "dateReserved": "2025-08-06T11:06:54.841Z",
        "dateUpdated": "2025-12-29T18:02:34.082Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55060 (GCVE-0-2025-55060)

    Vulnerability from cvelistv5 – Published: 2025-12-29 17:11 – Updated: 2025-12-29 18:03
    VLAI
    Title
    Priority - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
    Summary
    CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Priority Web Affected: 23.0 and below
    Create a notification for this product.
    Date Public
    2025-12-29 16:57
    Credits
    Dudu Moyal - Peersec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55060",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-29T18:03:03.963111Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-29T18:03:14.911Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web",
              "vendor": "Priority",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.0 and below"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dudu Moyal - Peersec"
            }
          ],
          "datePublic": "2025-12-29T16:57:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
                }
              ],
              "value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-29T17:11:10.544Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to the latest version"
                }
              ],
              "value": "Upgrade to the latest version"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0253",
            "discovery": "UNKNOWN"
          },
          "title": "Priority - CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55060",
        "datePublished": "2025-12-29T17:11:10.544Z",
        "dateReserved": "2025-08-06T11:06:54.841Z",
        "dateUpdated": "2025-12-29T18:03:14.911Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55059 (GCVE-0-2025-55059)

    Vulnerability from cvelistv5 – Published: 2025-11-17 17:36 – Updated: 2025-11-18 16:35
    VLAI
    Summary
    CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55059",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T16:34:56.582213Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:35:38.079Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\u003cbr\u003e"
                }
              ],
              "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:36:20.332Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0252",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55059",
        "datePublished": "2025-11-17T17:36:20.332Z",
        "dateReserved": "2025-08-06T11:06:54.840Z",
        "dateUpdated": "2025-11-18T16:35:38.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55058 (GCVE-0-2025-55058)

    Vulnerability from cvelistv5 – Published: 2025-11-17 17:33 – Updated: 2025-11-18 16:36
    VLAI
    Summary
    CWE-20 Improper Input Validation
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55058",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-17T18:24:16.307418Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:36:00.451Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-20 Improper Input Validation\u003cbr\u003e"
                }
              ],
              "value": "CWE-20 Improper Input Validation"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:33:55.882Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0251",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55058",
        "datePublished": "2025-11-17T17:33:55.882Z",
        "dateReserved": "2025-08-06T11:06:54.840Z",
        "dateUpdated": "2025-11-18T16:36:00.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55057 (GCVE-0-2025-55057)

    Vulnerability from cvelistv5 – Published: 2025-11-17 17:31 – Updated: 2025-11-17 21:21
    VLAI
    Summary
    Multiple CWE-352 Cross-Site Request Forgery (CSRF)
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Multiple CWE-352 Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-17T21:21:43.892099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-17T21:21:55.928Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple CWE-352 Cross-Site Request Forgery (CSRF)\u003cbr\u003e"
                }
              ],
              "value": "Multiple CWE-352 Cross-Site Request Forgery (CSRF)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Multiple CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:31:23.641Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0250",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55057",
        "datePublished": "2025-11-17T17:31:23.641Z",
        "dateReserved": "2025-08-06T11:06:54.840Z",
        "dateUpdated": "2025-11-17T21:21:55.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55056 (GCVE-0-2025-55056)

    Vulnerability from cvelistv5 – Published: 2025-11-17 17:28 – Updated: 2025-11-17 21:24
    VLAI
    Summary
    Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55056",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-17T21:22:30.564540Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-17T21:24:21.835Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\u003cbr\u003e"
                }
              ],
              "value": "Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:28:28.345Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0249",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55056",
        "datePublished": "2025-11-17T17:28:28.345Z",
        "dateReserved": "2025-08-06T11:04:25.089Z",
        "dateUpdated": "2025-11-17T21:24:21.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55055 (GCVE-0-2025-55055)

    Vulnerability from cvelistv5 – Published: 2025-11-17 17:25 – Updated: 2025-11-17 21:24
    VLAI
    Summary
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Rumpus FTP Server Affected: 9.0.12
    Create a notification for this product.
    Date Public
    2025-11-17 17:21
    Credits
    Moshe Mizrahi, Almog Cygel, Naor Yaacob
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55055",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-17T21:24:43.083071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-17T21:24:53.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "FTP Server",
              "vendor": "Rumpus",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moshe Mizrahi, Almog Cygel, Naor Yaacob"
            }
          ],
          "datePublic": "2025-11-17T17:21:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\u003cbr\u003e"
                }
              ],
              "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-17T17:25:36.697Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0248",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55055",
        "datePublished": "2025-11-17T17:25:36.697Z",
        "dateReserved": "2025-08-06T11:04:25.089Z",
        "dateUpdated": "2025-11-17T21:24:53.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55054 (GCVE-0-2025-55054)

    Vulnerability from cvelistv5 – Published: 2025-09-09 19:14 – Updated: 2025-09-10 14:03
    VLAI
    Summary
    CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Baicells EG7035E-M11 Affected: BaiCE_BM_2.5.26_NA
    Create a notification for this product.
    Date Public
    2025-09-09 19:11
    Credits
    Shahaf Levi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55054",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T14:03:27.429213Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T14:03:32.964Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EG7035E-M11",
              "vendor": "Baicells",
              "versions": [
                {
                  "status": "affected",
                  "version": "BaiCE_BM_2.5.26_NA"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Shahaf Levi"
            }
          ],
          "datePublic": "2025-09-09T19:11:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\u003cbr\u003e"
                }
              ],
              "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T19:14:20.330Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0247",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55054",
        "datePublished": "2025-09-09T19:14:20.330Z",
        "dateReserved": "2025-08-06T11:04:25.089Z",
        "dateUpdated": "2025-09-10T14:03:32.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55053 (GCVE-0-2025-55053)

    Vulnerability from cvelistv5 – Published: 2025-09-09 19:10 – Updated: 2025-09-10 14:03
    VLAI
    Summary
    CWE-328: Use of Weak Hash
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Baicells NOVA430e/430i, NOVA436Q, NEUTRINO430, NOVA846 Affected: BaiBLQ_3.0.12 and older versions. BaiBU_DNB4_2.4.9 and older versions
    Create a notification for this product.
    Date Public
    2025-09-09 19:08
    Credits
    Shahaf Levi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T14:03:43.426910Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T14:03:48.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NOVA430e/430i, NOVA436Q, NEUTRINO430, NOVA846",
              "vendor": "Baicells",
              "versions": [
                {
                  "status": "affected",
                  "version": "BaiBLQ_3.0.12 and older versions. BaiBU_DNB4_2.4.9 and older versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Shahaf Levi"
            }
          ],
          "datePublic": "2025-09-09T19:08:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-328: Use of Weak Hash\u003cbr\u003e"
                }
              ],
              "value": "CWE-328: Use of Weak Hash"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-328",
                  "description": "CWE-328: Use of Weak Hash",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T19:10:49.874Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0246",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55053",
        "datePublished": "2025-09-09T19:10:49.874Z",
        "dateReserved": "2025-08-06T11:04:25.088Z",
        "dateUpdated": "2025-09-10T14:03:48.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55052 (GCVE-0-2025-55052)

    Vulnerability from cvelistv5 – Published: 2025-09-09 19:06 – Updated: 2025-09-10 20:13
    VLAI
    Summary
    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Baicells NEUTRINO430, NOVA436Q, NOVA430e/430i, NOVA846, NOVA246, NOVA243, NOVA233, NOVA227 Affected: BaiBS_RTS_3.. and older versions. BaiBS_RTD_3.. and older versions
    Create a notification for this product.
    Date Public
    2025-09-09 19:02
    Credits
    Shahaf Levi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T20:13:08.902267Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T20:13:26.229Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NEUTRINO430, NOVA436Q, NOVA430e/430i, NOVA846, NOVA246, NOVA243, NOVA233, NOVA227",
              "vendor": "Baicells",
              "versions": [
                {
                  "status": "affected",
                  "version": "BaiBS_RTS_3.. and older versions. BaiBS_RTD_3.. and older versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Shahaf Levi"
            }
          ],
          "datePublic": "2025-09-09T19:02:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\u003cbr\u003e"
                }
              ],
              "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T19:06:18.558Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0245",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55052",
        "datePublished": "2025-09-09T19:06:18.558Z",
        "dateReserved": "2025-08-06T11:04:25.088Z",
        "dateUpdated": "2025-09-10T20:13:26.229Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55051 (GCVE-0-2025-55051)

    Vulnerability from cvelistv5 – Published: 2025-09-09 19:01 – Updated: 2025-09-10 14:29
    VLAI
    Summary
    CWE-1392: Use of Default Credentials
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Baicells NOVA430e/430i, NOVA436Q, NEUTRINO430, NOVA846 Affected: BaiBLQ_3.0.12 and older versions. BaiBU_DNB4_2.4.9 and older versions
    Create a notification for this product.
    Date Public
    2025-09-09 18:58
    Credits
    Shahaf Levi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55051",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T14:08:34.398985Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T14:29:10.806Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NOVA430e/430i, NOVA436Q, NEUTRINO430, NOVA846",
              "vendor": "Baicells",
              "versions": [
                {
                  "status": "affected",
                  "version": "BaiBLQ_3.0.12 and older versions. BaiBU_DNB4_2.4.9 and older versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Shahaf Levi"
            }
          ],
          "datePublic": "2025-09-09T18:58:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-1392: Use of Default Credentials\u003cbr\u003e"
                }
              ],
              "value": "CWE-1392: Use of Default Credentials"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392: Use of Default Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T19:01:43.249Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0244",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55051",
        "datePublished": "2025-09-09T19:01:43.249Z",
        "dateReserved": "2025-08-06T11:04:25.088Z",
        "dateUpdated": "2025-09-10T14:29:10.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55050 (GCVE-0-2025-55050)

    Vulnerability from cvelistv5 – Published: 2025-09-09 18:56 – Updated: 2025-09-10 14:29
    VLAI
    Summary
    CWE-1242: Inclusion of Undocumented Features
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Baicells NOVA430e/430i, NOVA436Q, NEUTRINO430, NOVA846 Affected: BaiBLQ_3.0.12 and older versions. BaiBU_DNB4_2.4.9 and older versions
    Create a notification for this product.
    Date Public
    2025-09-09 18:52
    Credits
    Shahaf Levi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55050",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T14:14:42.350737Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T14:29:16.462Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NOVA430e/430i, NOVA436Q, NEUTRINO430, NOVA846",
              "vendor": "Baicells",
              "versions": [
                {
                  "status": "affected",
                  "version": "BaiBLQ_3.0.12 and older versions. BaiBU_DNB4_2.4.9 and older versions"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Shahaf Levi"
            }
          ],
          "datePublic": "2025-09-09T18:52:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-1242: Inclusion of Undocumented Features"
                }
              ],
              "value": "CWE-1242: Inclusion of Undocumented Features"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1242",
                  "description": "CWE-1242",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T18:56:59.092Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0243",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55050",
        "datePublished": "2025-09-09T18:56:59.092Z",
        "dateReserved": "2025-08-06T11:04:25.088Z",
        "dateUpdated": "2025-09-10T14:29:16.462Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55049 (GCVE-0-2025-55049)

    Vulnerability from cvelistv5 – Published: 2025-09-09 18:52 – Updated: 2025-09-10 16:09
    VLAI
    Summary
    Use of Default Cryptographic Key (CWE-1394)
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Baicells NEUTRINO430 Affected: BaiBLQ_3.0.12
    Create a notification for this product.
    Date Public
    2025-09-09 18:47
    Credits
    Shahaf Levi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T13:43:00.215495Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1394",
                    "description": "CWE-1394 Use of Default Cryptographic Key",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T16:09:54.644Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NEUTRINO430",
              "vendor": "Baicells",
              "versions": [
                {
                  "status": "affected",
                  "version": "BaiBLQ_3.0.12"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Shahaf Levi"
            }
          ],
          "datePublic": "2025-09-09T18:47:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Default Cryptographic Key (CWE-1394)"
                }
              ],
              "value": "Use of Default Cryptographic Key (CWE-1394)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1394",
                  "description": "CWE-1394",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T18:52:00.329Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0242",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55049",
        "datePublished": "2025-09-09T18:52:00.329Z",
        "dateReserved": "2025-08-06T11:04:25.088Z",
        "dateUpdated": "2025-09-10T16:09:54.644Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55048 (GCVE-0-2025-55048)

    Vulnerability from cvelistv5 – Published: 2025-09-09 18:45 – Updated: 2025-09-10 16:20
    VLAI
    Summary
    Multiple CWE-78
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Baicells NEUTRINO430, NOVA436Q, NOVA430e/430i, NOVA846, NOVA246, NOVA243, NOVA233, NOVA227 Affected: BaiBS_RTS_3.6.6, BaiBS_RTS_3.7.10, BaiBS_RTS_3.7.11, BaiBS_RTS_3.7.11.3, BaiBS_RTS_3.7.11.6, BaiBS_RTS_3.7.11.8, BaiBS_RTS_3.7.11.11, BaiBS_RTS_3.7.11.16, BaiBS_RTD_3.7.11.6
    Create a notification for this product.
    Date Public
    2025-09-09 18:42
    Credits
    Shahaf Levi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55048",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T16:19:58.024064Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T16:20:06.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NEUTRINO430, NOVA436Q, NOVA430e/430i, NOVA846, NOVA246, NOVA243, NOVA233, NOVA227",
              "vendor": "Baicells",
              "versions": [
                {
                  "status": "affected",
                  "version": "BaiBS_RTS_3.6.6, BaiBS_RTS_3.7.10, BaiBS_RTS_3.7.11, BaiBS_RTS_3.7.11.3, BaiBS_RTS_3.7.11.6, BaiBS_RTS_3.7.11.8, BaiBS_RTS_3.7.11.11, BaiBS_RTS_3.7.11.16, BaiBS_RTD_3.7.11.6"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Shahaf Levi"
            }
          ],
          "datePublic": "2025-09-09T18:42:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Multiple CWE-78"
                }
              ],
              "value": "Multiple CWE-78"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Multiple CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T18:45:42.603Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0241",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55048",
        "datePublished": "2025-09-09T18:45:42.603Z",
        "dateReserved": "2025-08-06T11:04:25.088Z",
        "dateUpdated": "2025-09-10T16:20:06.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55047 (GCVE-0-2025-55047)

    Vulnerability from cvelistv5 – Published: 2025-09-09 18:40 – Updated: 2025-09-10 16:22
    VLAI
    Summary
    CWE-798 Use of Hard-coded Credentials
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Baicells SPECTRA LTE-U eNB Affected: U4G-AP1000 BaiStation_FDD
    Create a notification for this product.
    Date Public
    2025-09-09 18:35
    Credits
    Shahaf Levi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-10T16:22:39.862801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-10T16:22:49.554Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SPECTRA LTE-U eNB",
              "vendor": "Baicells",
              "versions": [
                {
                  "status": "affected",
                  "version": "U4G-AP1000 BaiStation_FDD"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Shahaf Levi"
            }
          ],
          "datePublic": "2025-09-09T18:35:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-798 Use of Hard-coded Credentials"
                }
              ],
              "value": "CWE-798 Use of Hard-coded Credentials"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-09T18:40:54.248Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0240",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-55047",
        "datePublished": "2025-09-09T18:40:54.248Z",
        "dateReserved": "2025-08-06T11:04:25.088Z",
        "dateUpdated": "2025-09-10T16:22:49.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46391 (GCVE-0-2025-46391)

    Vulnerability from cvelistv5 – Published: 2025-08-06 11:00 – Updated: 2025-08-06 13:11
    VLAI
    Summary
    CWE-284: Improper Access Control
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Emby MediaBrowser Affected: 4.9.0.35
    Create a notification for this product.
    Date Public
    2025-08-06 10:55
    Credits
    Moriel Harush
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46391",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T13:11:22.244790Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T13:11:29.960Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaBrowser",
              "vendor": "Emby",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.9.0.35"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moriel Harush"
            }
          ],
          "datePublic": "2025-08-06T10:55:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-284: Improper Access Control"
                }
              ],
              "value": "CWE-284: Improper Access Control"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-06T11:00:08.481Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0239",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-46391",
        "datePublished": "2025-08-06T11:00:08.481Z",
        "dateReserved": "2025-04-23T10:46:25.710Z",
        "dateUpdated": "2025-08-06T13:11:29.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46390 (GCVE-0-2025-46390)

    Vulnerability from cvelistv5 – Published: 2025-08-06 10:55 – Updated: 2025-08-06 13:12
    VLAI
    Summary
    CWE-204: Observable Response Discrepancy
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    Emby MediaBrowser Affected: 4.9.0.35
    Create a notification for this product.
    Date Public
    2025-08-06 10:51
    Credits
    Moriel Harush
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46390",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T13:12:22.589329Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T13:12:30.252Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaBrowser",
              "vendor": "Emby",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.9.0.35"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moriel Harush"
            }
          ],
          "datePublic": "2025-08-06T10:51:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-204: Observable Response Discrepancy"
                }
              ],
              "value": "CWE-204: Observable Response Discrepancy"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204: Observable Response Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-06T10:55:50.202Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0238",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-46390",
        "datePublished": "2025-08-06T10:55:50.202Z",
        "dateReserved": "2025-04-23T10:46:25.710Z",
        "dateUpdated": "2025-08-06T13:12:30.252Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46389 (GCVE-0-2025-46389)

    Vulnerability from cvelistv5 – Published: 2025-08-06 10:51 – Updated: 2025-08-06 13:13
    VLAI
    Summary
    CWE-620: Unverified Password Change
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-620 - Unverified Password Change
    Assigner
    Impacted products
    Vendor Product Version
    Emby MediaBrowser Affected: 4.9.0.35
    Create a notification for this product.
    Date Public
    2025-08-06 10:47
    Credits
    Moriel Harush
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46389",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T13:13:17.404899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T13:13:24.031Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaBrowser",
              "vendor": "Emby",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.9.0.35"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moriel Harush"
            }
          ],
          "datePublic": "2025-08-06T10:47:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-620: Unverified Password Change"
                }
              ],
              "value": "CWE-620: Unverified Password Change"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-620",
                  "description": "CWE-620: Unverified Password Change",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-06T10:51:32.533Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0237",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-46389",
        "datePublished": "2025-08-06T10:51:32.533Z",
        "dateReserved": "2025-04-23T10:46:25.710Z",
        "dateUpdated": "2025-08-06T13:13:24.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46388 (GCVE-0-2025-46388)

    Vulnerability from cvelistv5 – Published: 2025-08-06 10:47 – Updated: 2025-08-06 13:14
    VLAI
    Summary
    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Emby MediaBrowser Affected: 4.9.0.35
    Create a notification for this product.
    Date Public
    2025-08-06 10:43
    Credits
    Moriel Harush
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46388",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T13:13:54.648456Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T13:14:02.258Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaBrowser",
              "vendor": "Emby",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.9.0.35"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moriel Harush"
            }
          ],
          "datePublic": "2025-08-06T10:43:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
                }
              ],
              "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-06T10:47:56.756Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0236",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-46388",
        "datePublished": "2025-08-06T10:47:56.756Z",
        "dateReserved": "2025-04-23T10:46:25.710Z",
        "dateUpdated": "2025-08-06T13:14:02.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46387 (GCVE-0-2025-46387)

    Vulnerability from cvelistv5 – Published: 2025-08-06 10:43 – Updated: 2025-08-06 13:14
    VLAI
    Summary
    CWE-639 Authorization Bypass Through User-Controlled Key
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    Emby MediaBrowser Affected: 4.9.0.35
    Create a notification for this product.
    Date Public
    2025-08-06 10:38
    Credits
    Moriel Harush
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46387",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T13:14:23.251661Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T13:14:33.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaBrowser",
              "vendor": "Emby",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.9.0.35"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moriel Harush"
            }
          ],
          "datePublic": "2025-08-06T10:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                }
              ],
              "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-06T10:43:49.456Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0235",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-46387",
        "datePublished": "2025-08-06T10:43:49.456Z",
        "dateReserved": "2025-04-23T10:46:25.709Z",
        "dateUpdated": "2025-08-06T13:14:33.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46386 (GCVE-0-2025-46386)

    Vulnerability from cvelistv5 – Published: 2025-08-06 10:14 – Updated: 2025-08-06 13:23
    VLAI
    Summary
    CWE-639 Authorization Bypass Through User-Controlled Key
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    Emby MediaBrowser Affected: 4.9.0.35
    Create a notification for this product.
    Date Public
    2025-08-06 10:08
    Credits
    Moriel Harush
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46386",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-06T13:23:37.624206Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-06T13:23:44.180Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaBrowser",
              "vendor": "Emby",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.9.0.35"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Moriel Harush"
            }
          ],
          "datePublic": "2025-08-06T10:08:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                }
              ],
              "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-06T10:14:19.177Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0234",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-46386",
        "datePublished": "2025-08-06T10:14:19.177Z",
        "dateReserved": "2025-04-23T10:46:25.709Z",
        "dateUpdated": "2025-08-06T13:23:44.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46385 (GCVE-0-2025-46385)

    Vulnerability from cvelistv5 – Published: 2025-07-20 14:42 – Updated: 2025-07-21 12:40
    VLAI
    Summary
    CWE-918 Server-Side Request Forgery (SSRF)
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Emby Windows Affected: 4.8
    Create a notification for this product.
    Date Public
    2025-07-20 14:40
    Credits
    Guy Hayou
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46385",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T12:40:02.779963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T12:40:09.062Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Windows",
              "vendor": "Emby",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Guy Hayou"
            }
          ],
          "datePublic": "2025-07-20T14:40:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-918 Server-Side Request Forgery (SSRF)\u003cbr\u003e"
                }
              ],
              "value": "CWE-918 Server-Side Request Forgery (SSRF)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-20T14:42:32.213Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0233",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-46385",
        "datePublished": "2025-07-20T14:42:32.213Z",
        "dateReserved": "2025-04-23T10:46:25.709Z",
        "dateUpdated": "2025-07-21T12:40:09.062Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46384 (GCVE-0-2025-46384)

    Vulnerability from cvelistv5 – Published: 2025-07-20 14:40 – Updated: 2025-07-21 20:36
    VLAI
    Summary
    CWE-434 Unrestricted Upload of File with Dangerous Type
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    Emby Windows Affected: 4.8
    Create a notification for this product.
    Date Public
    2025-07-20 14:38
    Credits
    Guy Hayou
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46384",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T16:13:30.699741Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T20:36:56.862Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Windows",
              "vendor": "Emby",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Guy Hayou"
            }
          ],
          "datePublic": "2025-07-20T14:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-434 Unrestricted Upload of File with Dangerous Type\u003cbr\u003e"
                }
              ],
              "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-20T14:40:22.895Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0232",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-46384",
        "datePublished": "2025-07-20T14:40:22.895Z",
        "dateReserved": "2025-04-23T10:46:25.709Z",
        "dateUpdated": "2025-07-21T20:36:56.862Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-46383 (GCVE-0-2025-46383)

    Vulnerability from cvelistv5 – Published: 2025-07-20 14:35 – Updated: 2025-07-21 20:37
    VLAI
    Summary
    CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Emby Windows Affected: 4.8
    Create a notification for this product.
    Date Public
    2025-07-20 14:26
    Credits
    Guy Hayou
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-46383",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-21T16:13:39.215658Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-21T20:37:03.283Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Windows",
              "vendor": "Emby",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.8"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Guy Hayou"
            }
          ],
          "datePublic": "2025-07-20T14:26:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\u003cbr\u003e"
                }
              ],
              "value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-20T14:36:08.442Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to version 4.8.9"
                }
              ],
              "value": "Update to version 4.8.9"
            }
          ],
          "source": {
            "advisory": "ILVN-2025-0231",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2025-46383",
        "datePublished": "2025-07-20T14:35:19.273Z",
        "dateReserved": "2025-04-23T10:46:25.709Z",
        "dateUpdated": "2025-07-21T20:37:03.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }