fkie-cad
diff --git a/‎CVE-2025/CVE-2025-143xx/CVE-2025-14343.json‎
Lines changed: 56 additions & 0 deletions b/‎CVE-2025/CVE-2025-143xx/CVE-2025-14343.json‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎CVE-2025/CVE-2025-365xx/CVE-2025-36588.json‎
Lines changed: 5 additions & 8 deletions b/‎CVE-2025/CVE-2025-365xx/CVE-2025-36588.json‎
Lines changed: 5 additions & 8 deletions
diff --git a/‎CVE-2026/CVE-2026-26xx/CVE-2026-2677.json‎
Lines changed: 78 additions & 0 deletions b/‎CVE-2026/CVE-2026-26xx/CVE-2026-2677.json‎
Lines changed: 78 additions & 0 deletions
diff --git a/‎CVE-2026/CVE-2026-26xx/CVE-2026-2678.json‎
Lines changed: 78 additions & 0 deletions b/‎CVE-2026/CVE-2026-26xx/CVE-2026-2678.json‎
Lines changed: 78 additions & 0 deletions
diff --git a/‎CVE-2026/CVE-2026-26xx/CVE-2026-2679.json‎
Lines changed: 78 additions & 0 deletions b/‎CVE-2026/CVE-2026-26xx/CVE-2026-2679.json‎
Lines changed: 78 additions & 0 deletions
@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2025-14343",
+  "sourceIdentifier": "iletisim@usom.gov.tr",
+  "published": "2026-02-26T13:16:16.377",
+  "lastModified": "2026-02-26T13:16:16.377",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "iletisim@usom.gov.tr",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
+          "baseScore": 7.6,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "iletisim@usom.gov.tr",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.usom.gov.tr/bildirim/tr-26-0083",
+      "source": "iletisim@usom.gov.tr"
+    }
+  ]
+}
@@ -2,8 +2,8 @@
   "id": "CVE-2025-36588",
   "sourceIdentifier": "security_alert@emc.com",
   "published": "2026-01-22T16:16:07.050",
-  "lastModified": "2026-02-03T14:00:31.770",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2026-02-26T13:16:16.577",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
@@ -38,7 +38,7 @@
   "weaknesses": [
     {
       "source": "security_alert@emc.com",
-      "type": "Primary",
+      "type": "Secondary",
       "description": [
         {
           "lang": "en",
@@ -73,11 +73,8 @@
   ],
   "references": [
     {
-      "url": "https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities",
-      "source": "security_alert@emc.com",
-      "tags": [
-        "Vendor Advisory"
-      ]
+      "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities",
+      "source": "security_alert@emc.com"
     }
   ]
 }
@@ -0,0 +1,78 @@
+{
+  "id": "CVE-2026-2677",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2026-02-26T13:16:16.740",
+  "lastModified": "2026-02-26T13:16:16.740",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in\u00a0parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/representatives-management' endpoint,\u00a0which could allow an attacker to execute arbitrary code in the victim's browser."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "ACTIVE",
+          "vulnConfidentialityImpact": "NONE",
+          "vulnIntegrityImpact": "NONE",
+          "vulnAvailabilityImpact": "NONE",
+          "subConfidentialityImpact": "LOW",
+          "subIntegrityImpact": "LOW",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-a3factura-software",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
@@ -0,0 +1,78 @@
+{
+  "id": "CVE-2026-2678",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2026-02-26T13:16:16.917",
+  "lastModified": "2026-02-26T13:16:16.917",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in\u00a0parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/customers' endpoint,\u00a0which could allow an attacker to execute arbitrary code in the victim's browser."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "ACTIVE",
+          "vulnConfidentialityImpact": "NONE",
+          "vulnIntegrityImpact": "NONE",
+          "vulnAvailabilityImpact": "NONE",
+          "subConfidentialityImpact": "LOW",
+          "subIntegrityImpact": "LOW",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-a3factura-software",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
@@ -0,0 +1,78 @@
+{
+  "id": "CVE-2026-2679",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2026-02-26T13:16:17.080",
+  "lastModified": "2026-02-26T13:16:17.080",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es/#/incomes/salesInvoices' endpoint,\u00a0which could allow an attacker to execute arbitrary code in the victim's browser."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 4.8,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "ACTIVE",
+          "vulnConfidentialityImpact": "NONE",
+          "vulnIntegrityImpact": "NONE",
+          "vulnAvailabilityImpact": "NONE",
+          "subConfidentialityImpact": "LOW",
+          "subIntegrityImpact": "LOW",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-a3factura-software",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
Original file line number	Diff line number	Diff line change
`@@ -2,8 +2,8 @@`
`2`	`2`	`"id": "CVE-2025-36588",`
`3`	`3`	`"sourceIdentifier": "security_alert@emc.com",`
`4`	`4`	`"published": "2026-01-22T16:16:07.050",`
`5`		`- "lastModified": "2026-02-03T14:00:31.770",`
`6`		`- "vulnStatus": "Analyzed",`
	`5`	`+ "lastModified": "2026-02-26T13:16:16.577",`
	`6`	`+ "vulnStatus": "Modified",`
`7`	`7`	`"cveTags": [],`
`8`	`8`	`"descriptions": [`
`9`	`9`	`{`
`@@ -38,7 +38,7 @@`
`38`	`38`	`"weaknesses": [`
`39`	`39`	`{`
`40`	`40`	`"source": "security_alert@emc.com",`
`41`		`- "type": "Primary",`
	`41`	`+ "type": "Secondary",`
`42`	`42`	`"description": [`
`43`	`43`	`{`
`44`	`44`	`"lang": "en",`
`@@ -73,11 +73,8 @@`
`73`	`73`	`],`
`74`	`74`	`"references": [`
`75`	`75`	`{`
`76`		`- "url": "https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities",`
`77`		`- "source": "security_alert@emc.com",`
`78`		`- "tags": [`
`79`		`- "Vendor Advisory"`
`80`		`- ]`
	`76`	`+ "url": "https://www.dell.com/support/kbdoc/en-us/000429268/dsa-2026-102-dell-unisphere-for-powermax-and-powermax-eem-security-update-for-multiple-vulnerabilities",`
	`77`	`+ "source": "security_alert@emc.com"`
`81`	`78`	`}`
`82`	`79`	`]`
`83`	`80`	`}`