diff --git a/CVE-2025/CVE-2025-26xx/CVE-2025-2647.json b/CVE-2025/CVE-2025-26xx/CVE-2025-2647.json new file mode 100644 index 00000000000..05ca4009ac8 --- /dev/null +++ b/CVE-2025/CVE-2025-26xx/CVE-2025-2647.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-2647", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-23T11:15:34.133", + "lastModified": "2025-03-23T11:15:34.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search.php. The manipulation of the argument Search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/liuhao2638/cve/issues/10", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.300662", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.300662", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.519777", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-26xx/CVE-2025-2648.json b/CVE-2025/CVE-2025-26xx/CVE-2025-2648.json new file mode 100644 index 00000000000..9882ff32cd7 --- /dev/null +++ b/CVE-2025/CVE-2025-26xx/CVE-2025-2648.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-2648", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-23T12:15:12.110", + "lastModified": "2025-03-23T12:15:12.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in PHPGurukul Art Gallery Management System 1.0. This affects an unknown part of the file /admin/view-enquiry-detail.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/liuhao2638/cve/issues/11", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.300663", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.300663", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.519779", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-26xx/CVE-2025-2649.json b/CVE-2025/CVE-2025-26xx/CVE-2025-2649.json new file mode 100644 index 00000000000..a0ce2bec7cc --- /dev/null +++ b/CVE-2025/CVE-2025-26xx/CVE-2025-2649.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-2649", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-23T12:15:13.083", + "lastModified": "2025-03-23T12:15:13.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in PHPGurukul Doctor Appointment Management System 1.0. This vulnerability affects unknown code of the file /check-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/liuhao2638/cve/issues/12", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.300664", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.300664", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.519780", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 127743785dc..eb29606eb7b 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-23T11:00:19.177455+00:00 +2025-03-23T13:00:19.941666+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-23T10:15:12.810000+00:00 +2025-03-23T12:15:13.083000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -286239 +286242 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `3` -- [CVE-2025-2645](CVE-2025/CVE-2025-26xx/CVE-2025-2645.json) (`2025-03-23T09:15:16.060`) -- [CVE-2025-2646](CVE-2025/CVE-2025-26xx/CVE-2025-2646.json) (`2025-03-23T10:15:12.810`) +- [CVE-2025-2647](CVE-2025/CVE-2025-26xx/CVE-2025-2647.json) (`2025-03-23T11:15:34.133`) +- [CVE-2025-2648](CVE-2025/CVE-2025-26xx/CVE-2025-2648.json) (`2025-03-23T12:15:12.110`) +- [CVE-2025-2649](CVE-2025/CVE-2025-26xx/CVE-2025-2649.json) (`2025-03-23T12:15:13.083`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 40458402a2d..96fb64e66c4 100644 --- a/_state.csv +++ b/_state.csv @@ -285439,14 +285439,17 @@ CVE-2025-26411,0,0,3c8f066d5451ad6ef36a27d64d17719d6f654697fa56337f49dfc83e42e73 CVE-2025-2642,0,0,e1f81c838fa9f0928a247f201d475bd86d7a1f7b0c1164be84c4537af5335a0c,2025-03-23T07:15:12.103000 CVE-2025-2643,0,0,be83629595a0002533e8fe6f3a5c423b1e82cbe18965e3253b8bd0bb16a44145,2025-03-23T08:15:11.860000 CVE-2025-2644,0,0,f76973c0303e544b82568f33bac265bf55804389a0131d568d7f1757ed2f91af,2025-03-23T08:15:12.743000 -CVE-2025-2645,1,1,8d73de360e25baafe444d070f4d907abbc17e9dd640dd760dce92ff0a1ddbee0,2025-03-23T09:15:16.060000 -CVE-2025-2646,1,1,49e88a4168caa534ea466ca215f11cabee5282d4f780cdcf983eac3333d6df4c,2025-03-23T10:15:12.810000 +CVE-2025-2645,0,0,8d73de360e25baafe444d070f4d907abbc17e9dd640dd760dce92ff0a1ddbee0,2025-03-23T09:15:16.060000 +CVE-2025-2646,0,0,49e88a4168caa534ea466ca215f11cabee5282d4f780cdcf983eac3333d6df4c,2025-03-23T10:15:12.810000 CVE-2025-26465,0,0,10ca81b0503bc2056f51aff42b836da7e13cef94fb05326f3b97cc95851c9520,2025-03-06T17:20:00.520000 CVE-2025-26466,0,0,7e41d5cb0f04df9b23d47e085939285815b80db61162a3634dbd18c39c71ef9f,2025-03-21T16:15:18.677000 +CVE-2025-2647,1,1,067ff974516c511a5a2b618cbf128ddacd24f79b5ebcd065d2dad19db4eac3fc,2025-03-23T11:15:34.133000 CVE-2025-26473,0,0,41b0bd46f32c6729eefb29a2666cce546dde395dd2362800539aebed7d4bc19a,2025-03-19T10:34:55.550000 CVE-2025-26475,0,0,4c11595a9f53aaa25545570dfec450fa96951cf66b685488bd2989725dd8947f,2025-03-19T16:15:31.030000 +CVE-2025-2648,1,1,7f35903a6068358b784043beebe9ed5e303e8680947abc085ade3b107899cce1,2025-03-23T12:15:12.110000 CVE-2025-26485,0,0,1606c27211335fac5bd91d62ee9c69aaf84877e83ad554d60c27495ea9c75e60,2025-03-19T16:15:31.257000 CVE-2025-26486,0,0,840914b82b00c0f3670423b9968b421b887ef974d79fc9288bc628a5718ff5ce,2025-03-19T16:15:31.457000 +CVE-2025-2649,1,1,9bb64dd175a1115ef157186fe3b95b0be9349706d7d0219fc647ff0d37bd3057,2025-03-23T12:15:13.083000 CVE-2025-26490,0,0,b8bc76b2be7d18c514587d66cef4d0bee94c01d7b29c32dae10138139a41dc50,2025-02-14T20:15:37.847000 CVE-2025-26491,0,0,7c0d222179eba4a77c32c46173122e282947b63a6de5118491e2b730e6dd9271,2025-02-14T20:15:37.930000 CVE-2025-26492,0,0,10f610a7afe531efeeb1575e93a64c84a3a6f9453498a7cd0479c1add3e10654,2025-02-11T14:15:31.260000