fkie-cad
diff --git a/‎CVE-2019/CVE-2019-254xx/CVE-2019-25435.json‎
Lines changed: 36 additions & 5 deletions b/‎CVE-2019/CVE-2019-254xx/CVE-2019-25435.json‎
Lines changed: 36 additions & 5 deletions
diff --git a/‎CVE-2019/CVE-2019-254xx/CVE-2019-25436.json‎
Lines changed: 36 additions & 5 deletions b/‎CVE-2019/CVE-2019-254xx/CVE-2019-25436.json‎
Lines changed: 36 additions & 5 deletions
diff --git a/‎CVE-2019/CVE-2019-254xx/CVE-2019-25438.json‎
Lines changed: 57 additions & 6 deletions b/‎CVE-2019/CVE-2019-254xx/CVE-2019-25438.json‎
Lines changed: 57 additions & 6 deletions
diff --git a/‎CVE-2019/CVE-2019-254xx/CVE-2019-25444.json‎
Lines changed: 53 additions & 5 deletions b/‎CVE-2019/CVE-2019-254xx/CVE-2019-25444.json‎
Lines changed: 53 additions & 5 deletions
@@ -2,13 +2,17 @@
   "id": "CVE-2019-25435",
   "sourceIdentifier": "disclosure@vulncheck.com",
   "published": "2026-02-20T23:16:00.247",
-  "lastModified": "2026-02-23T18:14:13.887",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2026-02-26T02:33:51.807",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data execution prevention. Attackers can inject a malicious payload through the Username field in User Management to trigger a stack-based buffer overflow and execute commands via ROP chain gadgets."
+    },
+    {
+      "lang": "es",
+      "value": "Sricam DeviceViewer 3.12.0.1 contiene una vulnerabilidad de desbordamiento de b\u00fafer local en la funci\u00f3n de a\u00f1adir usuario de la gesti\u00f3n de usuarios que permite a atacantes autenticados ejecutar c\u00f3digo arbitrario evadiendo la prevenci\u00f3n de ejecuci\u00f3n de datos. Los atacantes pueden inyectar una carga \u00fatil maliciosa a trav\u00e9s del campo Nombre de usuario en Gesti\u00f3n de usuarios para desencadenar un desbordamiento de b\u00fafer basado en pila y ejecutar comandos a trav\u00e9s de gadgets de cadena ROP."
     }
   ],
   "metrics": {
@@ -91,18 +95,45 @@
       ]
     }
   ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:sricam:deviceviewer:3.12.0.1:*:*:*:*:-:*:*",
+              "matchCriteriaId": "F73864E9-E3A6-4B86-A1D8-E80349157F31"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://www.exploit-db.com/exploits/47477",
-      "source": "disclosure@vulncheck.com"
+      "source": "disclosure@vulncheck.com",
+      "tags": [
+        "Exploit",
+        "VDB Entry"
+      ]
     },
     {
       "url": "https://www.sricam.com/",
-      "source": "disclosure@vulncheck.com"
+      "source": "disclosure@vulncheck.com",
+      "tags": [
+        "Product"
+      ]
     },
     {
       "url": "https://www.vulncheck.com/advisories/sricam-deviceviewer-local-buffer-overflow-dep-bypass",
-      "source": "disclosure@vulncheck.com"
+      "source": "disclosure@vulncheck.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
     }
   ]
 }
@@ -2,13 +2,17 @@
   "id": "CVE-2019-25436",
   "sourceIdentifier": "disclosure@vulncheck.com",
   "published": "2026-02-20T23:16:00.453",
-  "lastModified": "2026-02-23T18:14:13.887",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2026-02-26T02:33:11.467",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers can inject a large payload into the old password parameter during the change password process to bypass validation and set an arbitrary new password."
+    },
+    {
+      "lang": "es",
+      "value": "Sricam DeviceViewer 3.12.0.1 contiene una vulnerabilidad de omisi\u00f3n de seguridad en el cambio de contrase\u00f1a que permite a usuarios autenticados cambiar contrase\u00f1as sin la validaci\u00f3n adecuada del campo de contrase\u00f1a antigua. Los atacantes pueden inyectar una carga \u00fatil grande en el par\u00e1metro de contrase\u00f1a antigua durante el proceso de cambio de contrase\u00f1a para omitir la validaci\u00f3n y establecer una nueva contrase\u00f1a arbitraria."
     }
   ],
   "metrics": {
@@ -91,18 +95,45 @@
       ]
     }
   ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:sricam:deviceviewer:3.12.0.1:*:*:*:*:-:*:*",
+              "matchCriteriaId": "F73864E9-E3A6-4B86-A1D8-E80349157F31"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "http://www.sricam.com/",
-      "source": "disclosure@vulncheck.com"
+      "source": "disclosure@vulncheck.com",
+      "tags": [
+        "Product"
+      ]
     },
     {
       "url": "https://www.exploit-db.com/exploits/47476",
-      "source": "disclosure@vulncheck.com"
+      "source": "disclosure@vulncheck.com",
+      "tags": [
+        "Exploit",
+        "VDB Entry"
+      ]
     },
     {
       "url": "https://www.vulncheck.com/advisories/sricam-deviceviewer-password-change-security-bypass",
-      "source": "disclosure@vulncheck.com"
+      "source": "disclosure@vulncheck.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
     }
   ]
 }
@@ -2,13 +2,17 @@
   "id": "CVE-2019-25438",
   "sourceIdentifier": "disclosure@vulncheck.com",
   "published": "2026-02-20T23:16:00.820",
-  "lastModified": "2026-02-23T18:14:13.887",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2026-02-26T02:32:08.153",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication."
+    },
+    {
+      "lang": "es",
+      "value": "LabCollector 5.423 contiene m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL que permiten a atacantes no autenticados ejecutar comandos SQL arbitrarios inyectando c\u00f3digo malicioso a trav\u00e9s de par\u00e1metros POST. Los atacantes pueden enviar cargas \u00fatiles SQL manipuladas en el par\u00e1metro login de login.php o el par\u00e1metro user_name de retrieve_password.php para extraer informaci\u00f3n sensible de la base de datos sin autenticaci\u00f3n."
     }
   ],
   "metrics": {
@@ -59,7 +63,7 @@
     "cvssMetricV31": [
       {
         "source": "disclosure@vulncheck.com",
-        "type": "Primary",
+        "type": "Secondary",
         "cvssData": {
           "version": "3.1",
           "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
@@ -76,6 +80,26 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 4.2
+      },
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
       }
     ]
   },
@@ -91,18 +115,45 @@
       ]
     }
   ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:agilebio:labcollector:5.423:*:*:*:*:*:*:*",
+              "matchCriteriaId": "F800D0C9-28EB-4288-B4D6-ADC597021BB2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://labcollector.com/",
-      "source": "disclosure@vulncheck.com"
+      "source": "disclosure@vulncheck.com",
+      "tags": [
+        "Product"
+      ]
     },
     {
       "url": "https://www.exploit-db.com/exploits/47460",
-      "source": "disclosure@vulncheck.com"
+      "source": "disclosure@vulncheck.com",
+      "tags": [
+        "Exploit",
+        "VDB Entry"
+      ]
     },
     {
       "url": "https://www.vulncheck.com/advisories/labcollector-sql-injection-via-loginphp",
-      "source": "disclosure@vulncheck.com"
+      "source": "disclosure@vulncheck.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
     }
   ]
 }
@@ -2,13 +2,17 @@
   "id": "CVE-2019-25444",
   "sourceIdentifier": "disclosure@vulncheck.com",
   "published": "2026-02-20T19:23:13.763",
-  "lastModified": "2026-02-23T18:14:13.887",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2026-02-26T02:37:40.180",
+  "vulnStatus": "Analyzed",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
       "value": "Fiverr Clone Script 1.2.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can supply malicious SQL syntax in the page parameter to extract sensitive database information or modify database contents."
+    },
+    {
+      "lang": "es",
+      "value": "Fiverr Clone Script 1.2.2 contiene una vulnerabilidad de inyecci\u00f3n SQL que permite a atacantes no autenticados manipular consultas a la base de datos inyectando c\u00f3digo SQL a trav\u00e9s del par\u00e1metro page. Los atacantes pueden suministrar sintaxis SQL maliciosa en el par\u00e1metro page para extraer informaci\u00f3n sensible de la base de datos o modificar el contenido de la base de datos."
     }
   ],
   "metrics": {
@@ -59,7 +63,7 @@
     "cvssMetricV31": [
       {
         "source": "disclosure@vulncheck.com",
-        "type": "Primary",
+        "type": "Secondary",
         "cvssData": {
           "version": "3.1",
           "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
@@ -76,6 +80,26 @@
         },
         "exploitabilityScore": 3.9,
         "impactScore": 4.2
+      },
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+          "baseScore": 9.1,
+          "baseSeverity": "CRITICAL",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.2
       }
     ]
   },
@@ -91,14 +115,38 @@
       ]
     }
   ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:phpscriptsmall:fiverr_clone_script:1.2.2:*:*:*:*:*:*:*",
+              "matchCriteriaId": "C2626151-F755-4F13-BB43-5FC82E818DC7"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://www.exploit-db.com/exploits/46637",
-      "source": "disclosure@vulncheck.com"
+      "source": "disclosure@vulncheck.com",
+      "tags": [
+        "Exploit",
+        "VDB Entry"
+      ]
     },
     {
       "url": "https://www.vulncheck.com/advisories/fiverr-clone-script-sql-injection-via-page-parameter",
-      "source": "disclosure@vulncheck.com"
+      "source": "disclosure@vulncheck.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
     }
   ]
 }