Skip to content

Commit b9e898d

Browse files
author
cvelistV5 Github Action
committed
14 changes (12 new | 2 updated):
 - 12 new CVEs: CVE-2019-25714, CVE-2026-24176, CVE-2026-24177, CVE-2026-24189, CVE-2026-25542, CVE-2026-26067, CVE-2026-26274, CVE-2026-27937, CVE-2026-29179, CVE-2026-40566, CVE-2026-40567, CVE-2026-40568 - 2 updated CVEs: CVE-2026-2436, CVE-2026-3505
1 parent 37df045 commit b9e898d

16 files changed

Lines changed: 1466 additions & 75 deletions

cves/2019/25xxx/CVE-2019-25714.json

Lines changed: 184 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,184 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.2",
4+
"cveMetadata": {
5+
"cveId": "CVE-2019-25714",
6+
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "VulnCheck",
9+
"dateReserved": "2026-04-21T15:54:59.039Z",
10+
"datePublished": "2026-04-21T16:11:54.961Z",
11+
"dateUpdated": "2026-04-21T16:12:08.494Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"providerMetadata": {
16+
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
17+
"shortName": "VulnCheck",
18+
"dateUpdated": "2026-04-21T16:12:08.494Z"
19+
},
20+
"title": "Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet",
21+
"problemTypes": [
22+
{
23+
"descriptions": [
24+
{
25+
"lang": "en",
26+
"cweId": "CWE-434",
27+
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
28+
"type": "CWE"
29+
}
30+
]
31+
}
32+
],
33+
"affected": [
34+
{
35+
"vendor": "Seeyon Internet Software",
36+
"product": "A8-V5 Collaborative Management Software",
37+
"versions": [
38+
{
39+
"status": "affected",
40+
"version": "6.1sp1"
41+
}
42+
],
43+
"defaultStatus": "unknown"
44+
},
45+
{
46+
"vendor": "Seeyon Internet Software",
47+
"product": "A8+ Collaborative Management Software",
48+
"versions": [
49+
{
50+
"status": "affected",
51+
"version": "7.0"
52+
},
53+
{
54+
"status": "affected",
55+
"version": "7.0sp1"
56+
},
57+
{
58+
"status": "affected",
59+
"version": "7.0sp2"
60+
},
61+
{
62+
"status": "affected",
63+
"version": "7.0sp3"
64+
},
65+
{
66+
"status": "affected",
67+
"version": "7.1"
68+
}
69+
],
70+
"defaultStatus": "unknown"
71+
}
72+
],
73+
"descriptions": [
74+
{
75+
"lang": "en",
76+
"value": "Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).",
77+
"supportingMedia": [
78+
{
79+
"type": "text/html",
80+
"base64": false,
81+
"value": "Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges.&nbsp;Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).<br>"
82+
}
83+
]
84+
}
85+
],
86+
"tags": [
87+
"x_known-exploited-vulnerability"
88+
],
89+
"references": [
90+
{
91+
"url": "https://sourceforge.net/software/product/A8/",
92+
"tags": [
93+
"product"
94+
]
95+
},
96+
{
97+
"url": "https://web.archive.org/web/20190821034711/http://wyb0.com/posts/2019/seeyon-htmlofficeservlet-getshell/",
98+
"tags": [
99+
"exploit"
100+
]
101+
},
102+
{
103+
"url": "https://wiki.96.mk/Web%E5%AE%89%E5%85%A8/%E8%87%B4%E8%BF%9Coa/%E8%87%B4%E8%BF%9C%20OA%20A8%20htmlofficeservlet%20getshell%20%E6%BC%8F%E6%B4%9E/",
104+
"tags": [
105+
"exploit"
106+
]
107+
},
108+
{
109+
"url": "https://static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/download/pdf/90916/Security_Notification_reseller_en-US.pdf",
110+
"tags": [
111+
"third-party-advisory",
112+
"mitigation"
113+
]
114+
},
115+
{
116+
"url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31713",
117+
"tags": [
118+
"third-party-advisory"
119+
]
120+
},
121+
{
122+
"url": "https://www.fortiguard.com/encyclopedia/ips/48874/seeyon-office-anywhere-htmlofficeservlet-arbitrary-file-upload",
123+
"tags": [
124+
"third-party-advisory"
125+
]
126+
},
127+
{
128+
"url": "https://www.vulncheck.com/advisories/seeyon-office-anywhere-oa-a8-unauthenticated-arbitrary-file-write-via-htmlofficeservlet",
129+
"tags": [
130+
"third-party-advisory"
131+
]
132+
}
133+
],
134+
"metrics": [
135+
{
136+
"format": "CVSS",
137+
"scenarios": [
138+
{
139+
"lang": "en",
140+
"value": "GENERAL"
141+
}
142+
],
143+
"cvssV4_0": {
144+
"attackVector": "NETWORK",
145+
"attackComplexity": "LOW",
146+
"attackRequirements": "NONE",
147+
"privilegesRequired": "NONE",
148+
"userInteraction": "NONE",
149+
"vulnConfidentialityImpact": "HIGH",
150+
"subConfidentialityImpact": "NONE",
151+
"vulnIntegrityImpact": "HIGH",
152+
"subIntegrityImpact": "NONE",
153+
"vulnAvailabilityImpact": "HIGH",
154+
"subAvailabilityImpact": "NONE",
155+
"exploitMaturity": "NOT_DEFINED",
156+
"Safety": "NOT_DEFINED",
157+
"Automatable": "NOT_DEFINED",
158+
"Recovery": "NOT_DEFINED",
159+
"valueDensity": "NOT_DEFINED",
160+
"vulnerabilityResponseEffort": "NOT_DEFINED",
161+
"providerUrgency": "NOT_DEFINED",
162+
"version": "4.0",
163+
"baseSeverity": "CRITICAL",
164+
"baseScore": 9.3,
165+
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
166+
}
167+
}
168+
],
169+
"credits": [
170+
{
171+
"lang": "en",
172+
"value": "The Shadowserver Foundation",
173+
"type": "reporter"
174+
}
175+
],
176+
"source": {
177+
"discovery": "UNKNOWN"
178+
},
179+
"x_generator": {
180+
"engine": "Vulnogram 1.0.1"
181+
}
182+
}
183+
}
184+
}

cves/2026/24xxx/CVE-2026-24176.json

Lines changed: 115 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,115 @@
1+
{
2+
"dataType": "CVE_RECORD",
3+
"dataVersion": "5.2",
4+
"cveMetadata": {
5+
"cveId": "CVE-2026-24176",
6+
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
7+
"state": "PUBLISHED",
8+
"assignerShortName": "nvidia",
9+
"dateReserved": "2026-01-21T19:09:31.778Z",
10+
"datePublished": "2026-04-21T16:17:00.601Z",
11+
"dateUpdated": "2026-04-21T16:17:00.601Z"
12+
},
13+
"containers": {
14+
"cna": {
15+
"providerMetadata": {
16+
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
17+
"shortName": "nvidia",
18+
"dateUpdated": "2026-04-21T16:17:00.601Z"
19+
},
20+
"problemTypes": [
21+
{
22+
"descriptions": [
23+
{
24+
"lang": "en",
25+
"cweId": "CWE-863",
26+
"description": "CWE-863 Incorrect Authorization",
27+
"type": "CWE"
28+
}
29+
]
30+
}
31+
],
32+
"impacts": [
33+
{
34+
"descriptions": [
35+
{
36+
"lang": "en",
37+
"value": "Data Tampering"
38+
}
39+
]
40+
}
41+
],
42+
"affected": [
43+
{
44+
"vendor": "NVIDIA",
45+
"product": "KAI Scheduler",
46+
"platforms": [
47+
"Linux"
48+
],
49+
"versions": [
50+
{
51+
"status": "affected",
52+
"version": "All versions prior to 0.13.0"
53+
}
54+
],
55+
"defaultStatus": "unaffected"
56+
}
57+
],
58+
"descriptions": [
59+
{
60+
"lang": "en",
61+
"value": "NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references. A successful exploit of this vulnerability might lead to data tampering.",
62+
"supportingMedia": [
63+
{
64+
"type": "text/html",
65+
"base64": true,
66+
"value": "NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references. A successful exploit of this vulnerability might lead to data tampering."
67+
}
68+
]
69+
}
70+
],
71+
"references": [
72+
{
73+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24176"
74+
},
75+
{
76+
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24176"
77+
},
78+
{
79+
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5818"
80+
}
81+
],
82+
"metrics": [
83+
{
84+
"format": "CVSS",
85+
"scenarios": [
86+
{
87+
"lang": "en",
88+
"value": "GENERAL"
89+
}
90+
],
91+
"cvssV3_1": {
92+
"version": "3.1",
93+
"attackVector": "NETWORK",
94+
"attackComplexity": "LOW",
95+
"privilegesRequired": "LOW",
96+
"userInteraction": "NONE",
97+
"scope": "UNCHANGED",
98+
"confidentialityImpact": "NONE",
99+
"integrityImpact": "LOW",
100+
"availabilityImpact": "NONE",
101+
"baseSeverity": "MEDIUM",
102+
"baseScore": 4.3,
103+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"
104+
}
105+
}
106+
],
107+
"source": {
108+
"discovery": "UNKNOWN"
109+
},
110+
"x_generator": {
111+
"engine": "NVIDIA PSIRT"
112+
}
113+
}
114+
}
115+
}

0 commit comments

Comments
 (0)