Auto-Update: 2025-04-30T10:00:20.773000+00:00

CVE-2025/CVE-2025-228xx/CVE-2025-22882.json

@@ -0,0 +1,44 @@
+{
+  "id": "CVE-2025-22882",
+  "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+  "published": "2025-04-30T08:15:31.360",
+  "lastModified": "2025-04-30T08:15:31.360",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v1.pdf",
+      "source": "759f5e80-c8e1-4224-bead-956d7b33c98b"
+    }
+  ]
+}

CVE-2025/CVE-2025-228xx/CVE-2025-22883.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2025-22883",
+  "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+  "published": "2025-04-30T08:15:31.600",
+  "lastModified": "2025-04-30T08:15:31.600",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v1.pdf",
+      "source": "759f5e80-c8e1-4224-bead-956d7b33c98b"
+    }
+  ]
+}

CVE-2025/CVE-2025-228xx/CVE-2025-22884.json

@@ -0,0 +1,44 @@
+{
+  "id": "CVE-2025-22884",
+  "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+  "published": "2025-04-30T08:15:31.760",
+  "lastModified": "2025-04-30T08:15:31.760",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Delta Electronics ISPSoft version 3.20 is vulnerable to a Stack-Based buffer overflow vulnerability that could allow an attacker to execute arbitrary code when parsing DVP file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v1.pdf",
+      "source": "759f5e80-c8e1-4224-bead-956d7b33c98b"
+    }
+  ]
+}

CVE-2025/CVE-2025-28xx/CVE-2025-2890.json

@@ -0,0 +1,68 @@
+{
+  "id": "CVE-2025-2890",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-04-30T09:15:14.503",
+  "lastModified": "2025-04-30T09:15:14.503",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018subscriptionCouponId\u2019 parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://tagdiv.com/newspaper-changelog/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://tagdiv.com/tagdiv-opt-in-builder/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://themeforest.net/item/newspaper/5489609",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fff1cff1-6745-4124-ba93-8b0749eae61a?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-39xx/CVE-2025-3953.json

@@ -9,6 +9,10 @@
     {
       "lang": "en",
       "value": "The WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin settings."
+    },
+    {
+      "lang": "es",
+      "value": "El complemento WP Statistics \u2013 The Most Popular Privacy-Friendly Analytics Plugin para WordPress, es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de comprobaci\u00f3n de la funci\u00f3n \"optionUpdater\" en todas las versiones hasta la 14.13.3 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, actualicen la configuraci\u00f3n arbitraria del complemento."
     }
   ],
   "metrics": {

CVE-2025/CVE-2025-41xx/CVE-2025-4124.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2025-4124",
+  "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+  "published": "2025-04-30T09:15:17.300",
+  "lastModified": "2025-04-30T09:15:17.300",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf",
+      "source": "759f5e80-c8e1-4224-bead-956d7b33c98b"
+    }
+  ]
+}

CVE-2025/CVE-2025-41xx/CVE-2025-4125.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2025-4125",
+  "sourceIdentifier": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+  "published": "2025-04-30T09:15:17.523",
+  "lastModified": "2025-04-30T09:15:17.523",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Delta Electronics ISPSoft version 3.20 is vulnerable to an\u00a0Out-Of-Bounds Write vulnerability that could allow an attacker to execute arbitrary code when parsing ISP file."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "759f5e80-c8e1-4224-bead-956d7b33c98b",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://filecenter.deltaww.com/news/download/doc/Delta-PCSA-2025-00004_ISPSoft%20-%20Multiple%20Vulnerabilities_v2.pdf",
+      "source": "759f5e80-c8e1-4224-bead-956d7b33c98b"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-04-30T08:00:20.319195+00:00
+2025-04-30T10:00:20.773000+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-04-30T06:15:53.300000+00:00
+2025-04-30T09:15:17.523000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,21 +33,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-291751
+291757
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `6`
 
-- [CVE-2025-3471](CVE-2025/CVE-2025-34xx/CVE-2025-3471.json) (`2025-04-30T06:15:53.153`)
-- [CVE-2025-3953](CVE-2025/CVE-2025-39xx/CVE-2025-3953.json) (`2025-04-30T06:15:53.300`)
+- [CVE-2025-22882](CVE-2025/CVE-2025-228xx/CVE-2025-22882.json) (`2025-04-30T08:15:31.360`)
+- [CVE-2025-22883](CVE-2025/CVE-2025-228xx/CVE-2025-22883.json) (`2025-04-30T08:15:31.600`)
+- [CVE-2025-22884](CVE-2025/CVE-2025-228xx/CVE-2025-22884.json) (`2025-04-30T08:15:31.760`)
+- [CVE-2025-2890](CVE-2025/CVE-2025-28xx/CVE-2025-2890.json) (`2025-04-30T09:15:14.503`)
+- [CVE-2025-4124](CVE-2025/CVE-2025-41xx/CVE-2025-4124.json) (`2025-04-30T09:15:17.300`)
+- [CVE-2025-4125](CVE-2025/CVE-2025-41xx/CVE-2025-4125.json) (`2025-04-30T09:15:17.523`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+- [CVE-2025-3953](CVE-2025/CVE-2025-39xx/CVE-2025-3953.json) (`2025-04-30T06:15:53.300`)
 
 
 ## Download and Usage

_state.csv

@@ -284728,6 +284728,9 @@ CVE-2025-22872,0,0,fa27a6fa31bcce451e23efd11332fdb5763aa6868809f671a46220dab8775
 CVE-2025-2288,0,0,ea5cf9eb4e5e7d5beb8e92f7104073ba5d1adc8fc07f8a97145fc23482c0367a,2025-04-08T18:13:53.347000
 CVE-2025-22880,0,0,755860b5cb6bfe06dab2e3046cf933164388a1927143f657d932a4500aa42249,2025-02-07T08:15:28.737000
 CVE-2025-22881,0,0,bac764bb844fd45fc50560c993c0edd1d8ed2c5159276215579d0cda943f98d6,2025-02-26T08:14:25.137000
+CVE-2025-22882,1,1,df4e35b33a245855d8002ed33b704483737eb25dd3aaf994dd914dd7bed46370,2025-04-30T08:15:31.360000
+CVE-2025-22883,1,1,eabaa8834694154d2a8c6e4eb7d03f27ed00d4883c398bbd94fca0ff89dd7d47,2025-04-30T08:15:31.600000
+CVE-2025-22884,1,1,dba3f2a28d43c092853364c75280be9666ef4a2c45f26ee5a94215f7c1fee1ab,2025-04-30T08:15:31.760000
 CVE-2025-22888,0,0,8715446d28ee196d4b5c9f7b0ea6743f100a7fae140bfca4a55cb2369c02c83f,2025-02-19T06:15:21.687000
 CVE-2025-2289,0,0,46f397d6716276fb1c9c11c65e09dcb422ca6f1cf70d54651264c5bcb9bbbcb4,2025-03-21T15:03:12.617000
 CVE-2025-22890,0,0,8dd6ffe45f0151dcb8b41a48dac74b1e668a5294c2f1614982860358b9b03cd6,2025-02-06T07:15:17.113000
@@ -288325,6 +288328,7 @@ CVE-2025-28896,0,0,6e6a2fa3cde195ce87392bd7667516c083ecc1dc25f056878eda15e50fea7
 CVE-2025-28897,0,0,b9be4fc485f3486e720bfb05c055043e37c0d9f5d96c1d8a54257acf1fac99df,2025-03-11T21:15:47.163000
 CVE-2025-28898,0,0,1fa2da02c3d09462dce154b0e448bf579b956438cdcaba50392a81533eeb8b5b,2025-03-27T16:45:27.850000
 CVE-2025-28899,0,0,4bf0dd6493ddb418b803121ef81c721db73f7fb1f81b8bf520a2fef08133e144,2025-03-27T16:45:27.850000
+CVE-2025-2890,1,1,4546ae37c74aa8b236e59ab7216bbbe7ee2e0bbe83ba78ab92b311ef8aedbac6,2025-04-30T09:15:14.503000
 CVE-2025-28900,0,0,fed3bb83935a97bb6bcbaae18b7594a3620ff5c19cbcf2c9eb481741eb05f045,2025-03-11T21:15:47.313000
 CVE-2025-28901,0,0,51ce41c5f42dd489e9c4b813887e6ff8e81a44c31a938903e1d90133cd1b5c03,2025-03-11T21:15:47.470000
 CVE-2025-28902,0,0,fc2faabc0e3a80f192c6819497732bc38ae75103642686e8bdb9fd66a48e4b48,2025-03-11T21:15:47.627000
@@ -290912,7 +290916,7 @@ CVE-2025-3457,0,0,a523da33f81c9e1e077033bed7863910db875409f58d4964d00736d5604ca8
 CVE-2025-3458,0,0,0415e5078f11ddf0e286ef1d5cad3fb50ad1607a82f18290577a209ff15dc95c,2025-04-23T14:08:13.383000
 CVE-2025-3469,0,0,4bca5426f9919f93dad9a4b1c330f34d47eacab0082cc9b29903729bbc139092,2025-04-11T15:39:52.920000
 CVE-2025-3470,0,0,19aa6171d68cb7df7c1f3be18d7bfe917a85b5b7f1d5f3673d31726045a39093,2025-04-15T18:39:27.967000
-CVE-2025-3471,1,1,658552204815767a3678db10fa35cf3cae525d71b01764ee1e8887665ab6a26e,2025-04-30T06:15:53.153000
+CVE-2025-3471,0,0,658552204815767a3678db10fa35cf3cae525d71b01764ee1e8887665ab6a26e,2025-04-30T06:15:53.153000
 CVE-2025-3472,0,0,11e3c105779f6d6a496aeced00de3a3c3646952e6f66369a67b33d817aacd1a0,2025-04-23T14:08:13.383000
 CVE-2025-3474,0,0,b6de92ac438f32870a4d6c552a2123f6f68213b92be966aee0e7401ddd248d53,2025-04-09T20:02:41.860000
 CVE-2025-3475,0,0,ff2d6c8584b1bcdb40146c2b5f353ed3942d3a2ca7a36d451238afc4497ce8f1,2025-04-09T20:02:41.860000
@@ -291256,7 +291260,7 @@ CVE-2025-39526,0,0,e48eefb58efeec413382bf0a150c6063a3820bdf98f98c55351275c777655
 CVE-2025-39527,0,0,3284145183922bc0e58f1a51fb33927acbe4c2798946bac3fed9855491e320fa,2025-04-17T20:21:05.203000
 CVE-2025-39528,0,0,b664d763e51683b756b32fed17f8ce933e99d37fef048895d1a00e8da105b797,2025-04-16T13:25:37.340000
 CVE-2025-39529,0,0,bcf34c2d62331729e70811811e71dcf889d640ae1b171cefed763836fbc33e68,2025-04-16T13:25:37.340000
-CVE-2025-3953,1,1,435e0a3d1654432d9cdef4d532a6e92e2c2221d4dbe1ad432aee200dbbf41966,2025-04-30T06:15:53.300000
+CVE-2025-3953,0,1,e520f2d8cc53e58d31fbdc99cf7409be960dec4377d02716bb6979f3b1aa6819,2025-04-30T06:15:53.300000
 CVE-2025-39530,0,0,04cd4efd0982bc2e3b3a3fdf151be77700254449378583fee75d72392e767a80,2025-04-16T13:25:37.340000
 CVE-2025-39531,0,0,ff1b3efe015a3987f44dddec7757fb08524f162b253adf68dd482dc34a954500,2025-04-16T13:25:37.340000
 CVE-2025-39532,0,0,c6a1aa250e41f609065af7ae7d78ed7ce37833beb178fb16dc9d01c8b07d0228,2025-04-17T20:21:05.203000
@@ -291458,6 +291462,8 @@ CVE-2025-4091,0,0,be76f80720d6507adedb56244fc15d9bfa10d0652d1ed50301d66beeacf973
 CVE-2025-4092,0,0,200d711ebe2e15156ad0230ced68f0f5a246d532b5d02cde90c654c8fdd064ec,2025-04-29T16:15:39.707000
 CVE-2025-4093,0,0,d891b279ce00073f17d8f58a8ebf719e451cb06357235d1b137c7bf6521fbbb1,2025-04-29T16:15:39.850000
 CVE-2025-4095,0,0,f2539477bf5eaf9485d044b6cf6e79bb8583734ab1b2d0e4b42ac3598cab5848,2025-04-29T18:15:46.180000
+CVE-2025-4124,1,1,5de9fad0aff01bcc9b08950740facb2df74f7717b7ae5c11db77f58373920085,2025-04-30T09:15:17.300000
+CVE-2025-4125,1,1,16c5f2432c5bb3ea366fa409fa144ceffae152b47513b47039009d6c13254fc7,2025-04-30T09:15:17.523000
 CVE-2025-41395,0,0,65b9e3526569f587eb1cd97410ac7325e217f46717fe2bbf0abfe0a9511ead3c,2025-04-29T13:52:47.470000
 CVE-2025-41423,0,0,3ae1e637900a2dfc5b6bacaa494e26a0b5d8e1e48accef6073153be61f7a9347,2025-04-29T13:52:47.470000
 CVE-2025-42598,0,0,4c400d87dc34a2b74819c41bbdd48bd1c3da0af3c35841d82c2177d30b1cb5f5,2025-04-29T13:52:10.697000