-------------------------<br/>Populate JSON<br/>Get data fron NVD and CVE<br/>-------------------------<br/>Téléchargement des vulnerabilites sur : https://services.nvd.nist.gov/rest/json/cves/2.0/?lastModStartDate=2025-05-20T00:00:00.000%2B00:00&lastModEndDate=2025-05-20T23:59:59.000%2B00:00<br/>{"resultsPerPage":9,"startIndex":0,"totalResults":9,"format":"NVD_CVE","version":"2.0","timestamp":"2025-05-20T05:38:01.200","vulnerabilities":[{"cve":{"id":"CVE-2023-38950","sourceIdentifier":"cve@mitre.org","published":"2023-08-03T23:15:11.117","lastModified":"2025-05-20T01:00:02.310","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"cisaExploitAdd":"2025-05-19","cisaActionDue":"2025-06-09","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"ZKTeco BioTime Path Traversal Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zkteco:biotime:8.5.5:*:*:*:*:*:*:*","matchCriteriaId":"1C1ABA20-2F3E-4EB4-8AAB-0C3C93A382A0"}]}]}],"references":[{"url":"http:\/\/zkteco.com","source":"cve@mitre.org","tags":["Product"]},{"url":"https:\/\/claroty.com\/team82\/disclosure-dashboard\/cve-2023-38950","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http:\/\/zkteco.com","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https:\/\/claroty.com\/team82\/disclosure-dashboard\/cve-2023-38950","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https:\/\/sploitus.com\/exploit?id=PACKETSTORM:177859","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https:\/\/www.fortinet.com\/content\/dam\/fortinet\/assets\/reports\/report-incident-response-middle-east.pdf","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2024-27443","sourceIdentifier":"cve@mitre.org","published":"2024-08-12T15:15:20.283","lastModified":"2025-05-20T01:00:02.310","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code."},{"lang":"es","value":"Se descubrió un problema en Zimbra Collaboration (ZCS) 9.0 y 10.0. Existe una vulnerabilidad de cross site scripting (XSS) en la función CalendarInvite de la interfaz de usuario clásica del correo web de Zimbra, debido a una validación de entrada incorrecta en el manejo del encabezado del calendario. Un atacante puede aprovechar esto a través de un mensaje de correo electrónico que contenga un encabezado de calendario manipulado con un payload XSS incorporado. Cuando una víctima ve este mensaje en la interfaz clásica del correo web de Zimbra, el payload se ejecuta en el contexto de la sesión de la víctima, lo que potencialmente conduce a la ejecución de código JavaScript arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"cisaExploitAdd":"2025-05-19","cisaActionDue":"2025-06-09","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.7","matchCriteriaId":"4CE0029A-44EA-4774-879D-5FA2D35F09BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*","matchCriteriaId":"685D9652-2934-4C13-8B36-40582C79BFC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*","matchCriteriaId":"5E4DF01A-1AA9-47E8-82FD-65A02ECA1376"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*","matchCriteriaId":"BDE59185-B917-4A81-8DE4-C65A079F52FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*","matchCriteriaId":"BA3ED95F-95F2-4676-8EAF-B4B9EB64B260"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*","matchCriteriaId":"4BB93336-CC3C-4B7F-B194-7DED036ABBAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*","matchCriteriaId":"876F1675-F65C-4E86-ADBD-36EB8D8A997D"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*","matchCriteriaId":"2306F526-9C56-4A57-AA9B-02F2D6058C97"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*","matchCriteriaId":"F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*","matchCriteriaId":"C77A35B7-96F6-43A7-A747-C6AEEDE961E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*","matchCriteriaId":"DC35882B-E709-42D8-8800-F1B734CEAFC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*","matchCriteriaId":"B7A47276-F241-4A68-9458-E1481EBDC5E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*","matchCriteriaId":"12D0D469-6C9B-4B66-9581-DC319773238A"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*","matchCriteriaId":"40629BEB-DF4B-4FB8-8D3D-7BAC43C90766"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*","matchCriteriaId":"9503131F-CC23-4545-AE9C-9714B287CC25"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*","matchCriteriaId":"B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*","matchCriteriaId":"8113A4E3-AA96-4382-815D-6FD88BA42EC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*","matchCriteriaId":"DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*","matchCriteriaId":"BC19F11D-23D9-429D-A957-D67F23A40A01"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*","matchCriteriaId":"AAFA2EE7-C965-4F27-8CAE-E607A9F202AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*","matchCriteriaId":"1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*","matchCriteriaId":"C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p30:*:*:*:*:*:*","matchCriteriaId":"FD1DCE2B-D944-43AE-AD0E-9282DE6D618F"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p31:*:*:*:*:*:*","matchCriteriaId":"2079B9F8-128B-487D-A965-E8B37FDF6304"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p32:*:*:*:*:*:*","matchCriteriaId":"9679FD62-815E-47A8-8552-D28CE48B82B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*","matchCriteriaId":"D659AE6A-591E-4D5B-9781-9648250F5576"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*","matchCriteriaId":"E4054E3E-561C-4B1C-A615-3CCE5CB69D77"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*","matchCriteriaId":"4FA0E9C4-25E4-4CD6-B88A-02B413385866"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:*","matchCriteriaId":"5D6F7CA3-C36A-466C-8FAD-D0B3CEF01F0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p37:*:*:*:*:*:*","matchCriteriaId":"9684AC81-B557-4292-8402-AE55CB2E613C"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p38:*:*:*:*:*:*","matchCriteriaId":"32A352C4-0E9C-436F-ADA7-D93492A18037"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*","matchCriteriaId":"33F50D8C-7027-4A8D-8E95-98C224283772"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*","matchCriteriaId":"82000BA4-1781-4312-A7BD-92EC94D137AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*","matchCriteriaId":"4B52D301-2559-457A-8FFB-F0915299355A"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*","matchCriteriaId":"7215AE2C-8A33-4AB9-88D5-7C8CD11E806C"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*","matchCriteriaId":"8D859F77-8E39-4D46-BC90-C5C1D805A666"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*","matchCriteriaId":"CDC810C7-45DA-4BDF-9138-2D3B2750243E"},{"vulnerable":true,"criteria":"cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*","matchCriteriaId":"E09D95A4-764D-4E0B-8605-1D94FD548AB2"}]}]}],"references":[{"url":"https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/10.0.7#Security_Fixes","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https:\/\/wiki.zimbra.com\/wiki\/Zimbra_Releases\/9.0.0\/P39#Security_Fixes","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https:\/\/www.welivesecurity.com\/en\/eset-research\/operation-roundpress\/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2024-11182","sourceIdentifier":"security@eset.com","published":"2024-11-15T11:15:10.410","lastModified":"2025-05-20T01:00:02.310","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An XSS issue was discovered in \n\nMDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message \nwith \nJavaScript in an img tag. This could\n allow a remote attacker\n\nto load arbitrary JavaScript code in the context of a webmail user's browser window."},{"lang":"es","value":"Se descubrió un problema de XSS en MDaemon Email Server anterior a la versión 24.5.1c. Un atacante puede enviar un mensaje de correo electrónico HTML con JavaScript en una etiqueta img. Esto podría permitir que un atacante remoto cargue código JavaScript arbitrario en el contexto de la ventana del navegador de un usuario de correo web."}],"metrics":{"cvssMetricV40":[{"source":"security@eset.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:P\/VC:L\/VI:L\/VA:N\/SC:L\/SI:L\/SA:N\/E:X\/CR:X\/IR:X\/AR:X\/MAV:X\/MAC:X\/MAT:X\/MPR:X\/MUI:X\/MVC:X\/MVI:X\/MVA:X\/MSC:X\/MSI:X\/MSA:X\/S:X\/AU:X\/R:X\/V:X\/RE:X\/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"cisaExploitAdd":"2025-05-19","cisaActionDue":"2025-06-09","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability","weaknesses":[{"source":"security@eset.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mdaemon:mdaemon:*:*:*:*:*:*:*:*","versionEndExcluding":"24.5.1","matchCriteriaId":"F4A0C049-0053-4A66-A690-905C4D1E6B79"}]}]}],"references":[{"url":"https:\/\/files.mdaemon.com\/mdaemon\/beta\/RelNotes_en.html","source":"security@eset.com","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2025-27920","sourceIdentifier":"cve@mitre.org","published":"2025-05-05T16:15:50.857","lastModified":"2025-05-20T01:00:02.310","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ..\/ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access."},{"lang":"es","value":"Output Messenger, antes de la versión 2.0.63, era vulnerable a un ataque de salto de directorio debido a la gestión incorrecta de las rutas de archivo. Al usar secuencias ..\/ en los parámetros, los atacantes podían acceder a archivos confidenciales fuera del directorio previsto, lo que podía provocar fugas de configuración o acceso arbitrario a archivos."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:L\/I:L\/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"cisaExploitAdd":"2025-05-19","cisaActionDue":"2025-06-09","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Srimax Output Messenger Directory Traversal Vulnerability","weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-24"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https:\/\/www.outputmessenger.com\/cve-2025-27920\/","source":"cve@mitre.org"},{"url":"https:\/\/www.srimax.com\/products-2\/output-messenger\/","source":"cve@mitre.org"},{"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/05\/12\/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage\/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2025-4427","sourceIdentifier":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","published":"2025-05-13T16:15:32.330","lastModified":"2025-05-20T01:00:02.310","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API."},{"lang":"es","value":"Una omisión de autenticación en el componente API de Ivanti Endpoint Manager Mobile 12.5.0.0 y anteriores permite a los atacantes acceder a recursos protegidos sin las credenciales adecuadas a través de la API."}],"metrics":{"cvssMetricV31":[{"source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"cisaExploitAdd":"2025-05-19","cisaActionDue":"2025-06-09","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability","weaknesses":[{"source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","type":"Primary","description":[{"lang":"en","value":"CWE-288"}]}],"references":[{"url":"https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM","source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75"}]}},{"cve":{"id":"CVE-2025-4428","sourceIdentifier":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","published":"2025-05-13T16:15:32.463","lastModified":"2025-05-20T01:00:02.310","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests."},{"lang":"es","value":"La ejecución remota de código en el componente API de Ivanti Endpoint Manager Mobile 12.5.0.0 y anteriores en plataformas no especificadas permite a atacantes autenticados ejecutar código arbitrario a través de solicitudes API manipuladas."}],"metrics":{"cvssMetricV31":[{"source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"cisaExploitAdd":"2025-05-19","cisaActionDue":"2025-06-09","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability","weaknesses":[{"source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM","source":"3c1d8aa1-5a33-4ea4-8992-aadd6440af75"}]}},{"cve":{"id":"CVE-2025-3078","sourceIdentifier":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","published":"2025-05-20T00:15:24.520","lastModified":"2025-05-20T00:15:24.520","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A passback vulnerability which relates to production printers and office multifunction printers."}],"metrics":{"cvssMetricV40":[{"source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:H\/UI:N\/VC:N\/VI:N\/VA:N\/SC:H\/SI:H\/SA:N\/E:X\/CR:X\/IR:X\/AR:X\/MAV:X\/MAC:X\/MAT:X\/MPR:X\/MUI:X\/MVC:X\/MVI:X\/MVA:X\/MSC:X\/MSI:X\/MSA:X\/S:X\/AU:X\/R:X\/V:X\/RE:X\/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"weaknesses":[{"source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https:\/\/canon.jp\/support\/support-info\/250519vulnerability-response","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https:\/\/corporate.jp.canon\/caution\/160106","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https:\/\/psirt.canon\/advisory-information\/cp2025-004\/","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https:\/\/psirt.canon\/hardening\/","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https:\/\/www.canon-europe.com\/support\/product-security","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https:\/\/www.usa.canon.com\/about-us\/to-our-customers\/cp2025-004-vulnerability-mitigation-remediation-for-production-printers-office-small-office-multifunction-printers-laser-printers","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"}]}},{"cve":{"id":"CVE-2025-3079","sourceIdentifier":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","published":"2025-05-20T00:15:25.120","lastModified":"2025-05-20T00:15:25.120","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A passback vulnerability which relates to office\/small office multifunction printers and laser printers."}],"metrics":{"cvssMetricV40":[{"source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:H\/UI:N\/VC:N\/VI:N\/VA:N\/SC:H\/SI:H\/SA:N\/E:X\/CR:X\/IR:X\/AR:X\/MAV:X\/MAC:X\/MAT:X\/MPR:X\/MUI:X\/MVC:X\/MVI:X\/MVA:X\/MSC:X\/MSI:X\/MSA:X\/S:X\/AU:X\/R:X\/V:X\/RE:X\/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"weaknesses":[{"source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https:\/\/canon.jp\/support\/support-info\/250519vulnerability-response","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https:\/\/corporate.jp.canon\/caution\/160106","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https:\/\/psirt.canon\/advisory-information\/cp2025-004\/","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https:\/\/psirt.canon\/hardening\/","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https:\/\/www.canon-europe.com\/support\/product-security\/","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"},{"url":"https:\/\/www.usa.canon.com\/about-us\/to-our-customers\/cp2025-004-vulnerability-mitigation-remediation-for-production-printers-office-small-office-multifunction-printers-laser-printers","source":"f98c90f0-e9bd-4fa7-911b-51993f3571fd"}]}},{"cve":{"id":"CVE-2025-4971","sourceIdentifier":"vuln@ca.com","published":"2025-05-20T00:15:25.253","lastModified":"2025-05-20T00:15:25.253","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"Broadcom Automic\nAutomation Agent Unix versions <\n24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution\nrights on the agent executable to escalate their privileges."}],"metrics":{"cvssMetricV40":[{"source":"vuln@ca.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0\/AV:L\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:L\/SI:L\/SA:L\/E:X\/CR:X\/IR:X\/AR:X\/MAV:X\/MAC:X\/MAT:X\/MPR:X\/MUI:X\/MVC:X\/MVI:X\/MVA:X\/MSC:X\/MSI:X\/MSA:X\/S:X\/AU:X\/R:X\/V:X\/RE:X\/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"vuln@ca.com","type":"Secondary","description":[{"lang":"en","value":"CWE-426"}]}],"references":[{"url":"https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/25732","source":"vuln@ca.com"},{"url":"https:\/\/www.secuvera.de\/advisories\/secuvera-SA-2025-01.txt","source":"vuln@ca.com"}]}}]}Decryption du contenu.<br/>Téléchargement des vulnerabilites sur : https://cveawg.mitre.org/api/cve/CVE-2023-38950<br/>Decryption du contenu.<br/>Téléchargement des vulnerabilites sur : https://cveawg.mitre.org/api/cve/CVE-2024-27443<br/>Decryption du contenu.<br/>Téléchargement des vulnerabilites sur : https://cveawg.mitre.org/api/cve/CVE-2024-11182<br/>Decryption du contenu.<br/>Téléchargement des vulnerabilites sur : https://cveawg.mitre.org/api/cve/CVE-2025-27920<br/>Decryption du contenu.<br/>Téléchargement des vulnerabilites sur : https://cveawg.mitre.org/api/cve/CVE-2025-4427<br/>Decryption du contenu.<br/>Téléchargement des vulnerabilites sur : https://cveawg.mitre.org/api/cve/CVE-2025-4428<br/>Decryption du contenu.<br/>Téléchargement des vulnerabilites sur : https://cveawg.mitre.org/api/cve/CVE-2025-3078<br/>Decryption du contenu.<br/>Téléchargement des vulnerabilites sur : https://cveawg.mitre.org/api/cve/CVE-2025-3079<br/>Decryption du contenu.<br/>Téléchargement des vulnerabilites sur : https://cveawg.mitre.org/api/cve/CVE-2025-4971<br/>Decryption du contenu.<br/>Nombre d'iterations : 9<br/>Encodage du contenu ...<br/>Contenu encode avec succes.<br/>Extraction du contenu dans : ./backend/json/2025-05-20_vuln.json<br/>