diff --git a/CVE-2025/CVE-2025-449xx/CVE-2025-44904.json b/CVE-2025/CVE-2025-449xx/CVE-2025-44904.json new file mode 100644 index 00000000000..0b6b2e3d3e2 --- /dev/null +++ b/CVE-2025/CVE-2025-449xx/CVE-2025-44904.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-44904", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-30T04:15:32.307", + "lastModified": "2025-05-30T04:15:32.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-449xx/CVE-2025-44905.json b/CVE-2025/CVE-2025-449xx/CVE-2025-44905.json new file mode 100644 index 00000000000..cfdfcd98a69 --- /dev/null +++ b/CVE-2025/CVE-2025-449xx/CVE-2025-44905.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-44905", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-30T04:15:46.287", + "lastModified": "2025-05-30T04:15:46.287", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc5.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-449xx/CVE-2025-44906.json b/CVE-2025/CVE-2025-449xx/CVE-2025-44906.json new file mode 100644 index 00000000000..dc1e9167163 --- /dev/null +++ b/CVE-2025/CVE-2025-449xx/CVE-2025-44906.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2025-44906", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-05-30T04:15:46.583", + "lastModified": "2025-05-30T04:15:46.583", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/madao123123/crash_report/blob/main/jhead/jhead.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-479xx/CVE-2025-47952.json b/CVE-2025/CVE-2025-479xx/CVE-2025-47952.json new file mode 100644 index 00000000000..484ec273079 --- /dev/null +++ b/CVE-2025/CVE-2025-479xx/CVE-2025-47952.json @@ -0,0 +1,90 @@ +{ + "id": "CVE-2025-47952", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T04:15:46.900", + "lastModified": "2025-05-30T04:15:46.900", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it\u2019s possible to target a backend, exposed using another router, by-passing the middlewares chain. This issue has been patched in versions 2.11.25 and 3.4.1." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.9, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/traefik/traefik/commit/08d5dfee0164aa54dd44a467870042e18e8d3f00", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/traefik/traefik/releases/tag/v2.11.25", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/traefik/traefik/releases/tag/v3.4.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/traefik/traefik/security/advisories/GHSA-vrch-868g-9jx5", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-480xx/CVE-2025-48068.json b/CVE-2025/CVE-2025-480xx/CVE-2025-48068.json new file mode 100644 index 00000000000..b441aa25a45 --- /dev/null +++ b/CVE-2025/CVE-2025-480xx/CVE-2025-48068.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-48068", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T04:15:48.510", + "lastModified": "2025-05-30T04:15:48.510", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active. This issue has been patched in version 15.2.2." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.3, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1385" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vercel/next.js/security/advisories/GHSA-3h52-269p-cp9r", + "source": "security-advisories@github.com" + }, + { + "url": "https://vercel.com/changelog/cve-2025-48068", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-483xx/CVE-2025-48381.json b/CVE-2025/CVE-2025-483xx/CVE-2025-48381.json new file mode 100644 index 00000000000..f47fb84a56e --- /dev/null +++ b/CVE-2025/CVE-2025-483xx/CVE-2025-48381.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-48381", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T04:15:51.537", + "lastModified": "2025-05-30T04:15:51.537", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user may be able to retrieve the IDs and names of all tasks, projects, labels, and the IDs of all jobs and quality reports on the CVAT instance. In addition, if the instance contains many resources of a particular type, retrieving this information may tie up system resources, denying access to legitimate users. This issue has been patched in version 2.38.0." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-201" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cvat-ai/cvat/commit/7136c99fb2c3a5cb2d8c3ca54b4201b9fa6aab5a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-7484-2gfm-852p", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48476.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48476.json new file mode 100644 index 00000000000..393fb0b2505 --- /dev/null +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48476.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-48476", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T05:15:21.437", + "lastModified": "2025-05-30T05:15:21.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result, a user with the right to edit other users of the system can change their password, and then log in to the system using the set password. This issue has been patched in version 1.8.180." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-841" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-7h5m-q39p-h849", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48477.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48477.json new file mode 100644 index 00000000000..ae81826434b --- /dev/null +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48477.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-48477", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T05:15:22.283", + "lastModified": "2025-05-30T05:15:22.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application's logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly completing one or more actions in the sequence. The leaves the attributes of Mailbox object able to be changed by the fill method. This issue has been patched in version 1.8.180." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-841" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-2c82-qx7x-35h8", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48478.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48478.json new file mode 100644 index 00000000000..1b0ce2e4210 --- /dev/null +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48478.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-48478", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T05:15:22.460", + "lastModified": "2025-05-30T05:15:22.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array (the User object), when creating a new user. This issue has been patched in version 1.8.180." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-841" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/freescout-help-desk/freescout/commit/d2048f59a899dbcfc9a71bb98549ead81cdb62a5", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-fqjj-79j2-8qx6", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48479.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48479.json new file mode 100644 index 00000000000..df4b6c129a7 --- /dev/null +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48479.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-48479", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T05:15:22.630", + "lastModified": "2025-05-30T05:15:22.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the laravel-translation-manager package does not correctly validate user input, enabling the deletion of any directory, given sufficient access rights. This issue has been patched in version 1.8.180." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-841" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-627h-pc3c-w68h", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48480.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48480.json new file mode 100644 index 00000000000..644f1e81f56 --- /dev/null +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48480.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-48480", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T05:15:22.800", + "lastModified": "2025-05-30T05:15:22.800", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERM_EDIT_USERS can create a user, specifying the path to the user's avatar ../.htaccess during creation, and then delete the user's avatar, resulting in the deletion of the file .htaccess in the folder /storage/app/public. This issue has been patched in version 1.8.180." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 7.0, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-841" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-pfjf-43mp-3gp2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48481.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48481.json new file mode 100644 index 00000000000..e613ec871f7 --- /dev/null +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48481.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-48481", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T05:15:22.973", + "lastModified": "2025-05-30T05:15:22.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invite_hash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link from the email to gain initial access to the account. This issue has been patched in version 1.8.180." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-841" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-jgj2-x749-5wc7", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48482.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48482.json new file mode 100644 index 00000000000..c93da10e8aa --- /dev/null +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48482.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-48482", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T05:15:23.160", + "lastModified": "2025-05-30T05:15:23.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill() method, which processes fields such as channel and channel_id. However, the fill() method is called with all client-provided data, including unexpected values for channel and channel_id, leading to a mass assignment vulnerability. This issue has been patched in version 1.8.180." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-841" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-7fjp-538q-9vrf", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48483.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48483.json new file mode 100644 index 00000000000..5a3d67a3577 --- /dev/null +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48483.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-48483", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T05:15:23.330", + "lastModified": "2025-05-30T05:15:23.330", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitization. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Additionally, if an administrator accesses one of these emails with a modified signature, it could result in a subsequent Cross-Site Request Forgery (CSRF) vulnerability. This issue has been patched in version 1.8.180." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-g2vq-qwx2-pc2m", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48484.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48484.json new file mode 100644 index 00000000000..4d7f25739ef --- /dev/null +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48484.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-48484", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T05:15:23.513", + "lastModified": "2025-05-30T05:15:23.513", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data in the conversation POST data body. This issue has been patched in version 1.8.178." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-w3j9-7fhq-m8x7", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-484xx/CVE-2025-48491.json b/CVE-2025/CVE-2025-484xx/CVE-2025-48491.json new file mode 100644 index 00000000000..bad757491d1 --- /dev/null +++ b/CVE-2025/CVE-2025-484xx/CVE-2025-48491.json @@ -0,0 +1,110 @@ +{ + "id": "CVE-2025-48491", + "sourceIdentifier": "security-advisories@github.com", + "published": "2025-05-30T04:15:54.470", + "lastModified": "2025-05-30T04:15:54.470", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "UNREPORTED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/aryan6673/project-ai/commit/142252c43f1dacb3fed99e3336f5cd863b028bc2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/aryan6673/project-ai/commit/1de910f353eb2a68c980149b906e7495459296ad", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/aryan6673/project-ai/commit/54a69c3ccd301d35f3d54f4844d9910e609beb73", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/aryan6673/project-ai/commit/7f3b93f9aa9085d5413b4019172b0e56676346d7", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/aryan6673/project-ai/commit/8db90e3d9777850741804533ebde5824b4a5795c", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/aryan6673/project-ai/commit/99e0e0718edb0e59c5d3c5a69903b87c69fcfe7a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/aryan6673/project-ai/commit/ab67979a46b0e343dc20a95a2b65d3c4994c31e7", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/aryan6673/project-ai/commit/c1fb156418d98a1e6c60bb680db57e9558785093", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/aryan6673/project-ai/security/advisories/GHSA-8486-vrcp-69rv", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index fbbb2635e27..7ed3d8d3aa8 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-05-30T04:00:19.766581+00:00 +2025-05-30T06:00:19.897764+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-05-30T03:15:20.893000+00:00 +2025-05-30T05:15:23.513000+00:00 ``` ### Last Data Feed Release @@ -33,18 +33,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -295976 +295992 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `16` -- [CVE-2024-12224](CVE-2024/CVE-2024-122xx/CVE-2024-12224.json) (`2025-05-30T02:15:19.670`) -- [CVE-2025-44612](CVE-2025/CVE-2025-446xx/CVE-2025-44612.json) (`2025-05-30T03:15:20.110`) -- [CVE-2025-44614](CVE-2025/CVE-2025-446xx/CVE-2025-44614.json) (`2025-05-30T03:15:20.573`) -- [CVE-2025-44619](CVE-2025/CVE-2025-446xx/CVE-2025-44619.json) (`2025-05-30T03:15:20.737`) -- [CVE-2025-48757](CVE-2025/CVE-2025-487xx/CVE-2025-48757.json) (`2025-05-30T03:15:20.893`) +- [CVE-2025-44904](CVE-2025/CVE-2025-449xx/CVE-2025-44904.json) (`2025-05-30T04:15:32.307`) +- [CVE-2025-44905](CVE-2025/CVE-2025-449xx/CVE-2025-44905.json) (`2025-05-30T04:15:46.287`) +- [CVE-2025-44906](CVE-2025/CVE-2025-449xx/CVE-2025-44906.json) (`2025-05-30T04:15:46.583`) +- [CVE-2025-47952](CVE-2025/CVE-2025-479xx/CVE-2025-47952.json) (`2025-05-30T04:15:46.900`) +- [CVE-2025-48068](CVE-2025/CVE-2025-480xx/CVE-2025-48068.json) (`2025-05-30T04:15:48.510`) +- [CVE-2025-48381](CVE-2025/CVE-2025-483xx/CVE-2025-48381.json) (`2025-05-30T04:15:51.537`) +- [CVE-2025-48476](CVE-2025/CVE-2025-484xx/CVE-2025-48476.json) (`2025-05-30T05:15:21.437`) +- [CVE-2025-48477](CVE-2025/CVE-2025-484xx/CVE-2025-48477.json) (`2025-05-30T05:15:22.283`) +- [CVE-2025-48478](CVE-2025/CVE-2025-484xx/CVE-2025-48478.json) (`2025-05-30T05:15:22.460`) +- [CVE-2025-48479](CVE-2025/CVE-2025-484xx/CVE-2025-48479.json) (`2025-05-30T05:15:22.630`) +- [CVE-2025-48480](CVE-2025/CVE-2025-484xx/CVE-2025-48480.json) (`2025-05-30T05:15:22.800`) +- [CVE-2025-48481](CVE-2025/CVE-2025-484xx/CVE-2025-48481.json) (`2025-05-30T05:15:22.973`) +- [CVE-2025-48482](CVE-2025/CVE-2025-484xx/CVE-2025-48482.json) (`2025-05-30T05:15:23.160`) +- [CVE-2025-48483](CVE-2025/CVE-2025-484xx/CVE-2025-48483.json) (`2025-05-30T05:15:23.330`) +- [CVE-2025-48484](CVE-2025/CVE-2025-484xx/CVE-2025-48484.json) (`2025-05-30T05:15:23.513`) +- [CVE-2025-48491](CVE-2025/CVE-2025-484xx/CVE-2025-48491.json) (`2025-05-30T04:15:54.470`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 61586937560..e227916281c 100644 --- a/_state.csv +++ b/_state.csv @@ -247338,7 +247338,7 @@ CVE-2024-1222,0,0,9f12836c0f02ca1d924e4fb3ebe7d868c8c39d989928ab7ecc2c4c71ac16f7 CVE-2024-12220,0,0,5a9af5863bd9968393d1012c1c5f5fb4875db98205155149f405e76579a2b19e,2024-12-17T08:15:05.393000 CVE-2024-12221,0,0,a87846a9ea687f0610603fb61d7ca73e4beeed151fc32a3afc0c338aec17e851,2025-01-04T10:15:06.410000 CVE-2024-12222,0,0,cf65a2967224f753870ef46b5e08d14581e6de5063f9b31016c226df28360d7d,2025-01-09T11:15:12.490000 -CVE-2024-12224,1,1,d85deac0d1750d8f8621b6fe40c3c7da762bdf7bdc73e4fa0e9ae35e1e30ba49,2025-05-30T02:15:19.670000 +CVE-2024-12224,0,0,d85deac0d1750d8f8621b6fe40c3c7da762bdf7bdc73e4fa0e9ae35e1e30ba49,2025-05-30T02:15:19.670000 CVE-2024-12225,0,0,8287d8ab23f982048d9c4e71ccf9a1482d0d499fcefb0f1bf17eedc2ef7d0fe3,2025-05-07T14:13:20.483000 CVE-2024-12226,0,0,21bb283eb49b4f7bfaba4358070671ebb37dd2e9917de9da1738797e9c2071f5,2025-01-16T07:15:26.333000 CVE-2024-12227,0,0,db615a59b09c6a85883a77293d863c5519e310b0cb63e5c28ea07e1cfd25fc08,2024-12-05T14:15:19.400000 @@ -294305,9 +294305,9 @@ CVE-2025-4458,0,0,eea9d140dad4a90fff730d46462b27320b6a68017f06012fa50cfa447315cc CVE-2025-4459,0,0,5d83ffa5e1366542181e5e41a54bfeb484e13bea3e368fac332c6a4e14d2429f,2025-05-16T15:36:12.370000 CVE-2025-4460,0,0,1523c53b4c3872072d748d30b69d698f488cc9e2a4c6bd053b5055199ec1d6eb,2025-05-23T12:28:39.320000 CVE-2025-4461,0,0,3bcbf8140bfe36150100ec64813a63556401d9c6c9569195ed4770cdd149bae8,2025-05-23T12:33:21.447000 -CVE-2025-44612,1,1,04eb5d9ae5fb63f276319ac1d8db6de46550d7c50380c81516bb86c2d6e1145f,2025-05-30T03:15:20.110000 -CVE-2025-44614,1,1,d42f9e9862c82ed633f09b8831b105b0d522c4b50a6745340cd1df80dd1c8f6e,2025-05-30T03:15:20.573000 -CVE-2025-44619,1,1,314625bdc16003fb81d24cb6b12a6e4b2750900b5b000c0bfd83e69507eeef3e,2025-05-30T03:15:20.737000 +CVE-2025-44612,0,0,04eb5d9ae5fb63f276319ac1d8db6de46550d7c50380c81516bb86c2d6e1145f,2025-05-30T03:15:20.110000 +CVE-2025-44614,0,0,d42f9e9862c82ed633f09b8831b105b0d522c4b50a6745340cd1df80dd1c8f6e,2025-05-30T03:15:20.573000 +CVE-2025-44619,0,0,314625bdc16003fb81d24cb6b12a6e4b2750900b5b000c0bfd83e69507eeef3e,2025-05-30T03:15:20.737000 CVE-2025-4462,0,0,a45c74043d407d51bd153a59310148483accce910ccf874e95fb20ccf665af48,2025-05-23T12:37:15.720000 CVE-2025-4463,0,0,9e877456add3b215f52a45038f40c9086cab0011383eb94f398b692bd4cf9448,2025-05-16T15:36:03.983000 CVE-2025-4464,0,0,43a4f1f30e275a5908987f511806e5bef7544ddf882b5a452ef3e2c803ed00cc,2025-05-16T15:35:56.983000 @@ -294385,6 +294385,9 @@ CVE-2025-44898,0,0,00f56bc57a320f91df3fa7fc95ffaa1ee96996a1e9fa9168f201ce677148e CVE-2025-44899,0,0,a6524ee52e41b298cace5f5f5a30feec0d2d27a0571f52dadd73c5dead4c36cf,2025-05-07T14:15:44.197000 CVE-2025-4490,0,0,241f08f705ae3e66d0cf435e9f641db9abaac260a233ab4f24995312c1bd3320,2025-05-13T18:57:34.007000 CVE-2025-44900,0,0,d7f585488bf63991947e2720256c2c1afe3c83676d3f367516c6384bf0f4d822,2025-05-07T14:13:20.483000 +CVE-2025-44904,1,1,c027fda686c5cd5e4ec1c58405d9d9e82cb701beef8655fc3dde956c1a93f53a,2025-05-30T04:15:32.307000 +CVE-2025-44905,1,1,1e2b3f6fdf693d6afba43902f6599b3fe88967c57d341056fec6d2313ae1d8cc,2025-05-30T04:15:46.287000 +CVE-2025-44906,1,1,6d3bb35734e5463b9dd581430ad07669d72cc0d8640eaa0f604339454d681513,2025-05-30T04:15:46.583000 CVE-2025-4491,0,0,ba256d8517f70212e591537769bd709f798dda4e9421bc8dc0e19810c50211c2,2025-05-13T18:57:25.977000 CVE-2025-4492,0,0,4eec4ffb9ff09b31eb69062234f9086984737bbfc848cc0a9df2b8747073742a,2025-05-13T18:57:16.670000 CVE-2025-4493,0,0,c8c5818c64a497c39a85128716f224c637c4a79e9fa20187eaae8d89d53ce0ee,2025-05-28T15:01:30.720000 @@ -295418,6 +295421,7 @@ CVE-2025-47947,0,0,937e21e816ace6c7b2eea9b27977c70a0355dffa802eeb709a1580aec3fe9 CVE-2025-47948,0,0,ba2e8c1cb0258308d0310ef150246d3504511a8f7fe9ed640ab9013bfefadd52,2025-05-19T15:15:25.400000 CVE-2025-47949,0,0,dc86078901df64be63bcaee4a73ca319eec3de89fa5549a71818463921d49b3a,2025-05-21T20:25:16.407000 CVE-2025-4795,0,0,3fd0e28eaafb548c1d9f9e6a41da631ae960e10221f6f4901b1a5e253e1ad775,2025-05-19T13:35:20.460000 +CVE-2025-47952,1,1,52bf78fa8b3686b2021dbeb8bae7b1d561cb80a0b57e375d70fdfb93a148ab23,2025-05-30T04:15:46.900000 CVE-2025-4800,0,0,9318c6df70d36b773d7fc889153c4ccced0bd2fc6ace455b4d54f9e1c185a4a9,2025-05-28T15:01:30.720000 CVE-2025-48009,0,0,f2f593603a23342f1ed10e6e06b800747a948e9a47401b873fcb7b9febb49dba,2025-05-21T20:24:58.133000 CVE-2025-48010,0,0,29ecfb7056487f862ce3f3d52a72af1a1c7498499e974227523a3feeadf25999,2025-05-21T20:24:58.133000 @@ -295448,6 +295452,7 @@ CVE-2025-48061,0,0,9623adaa4a2a12419dc1960402eeb7cda483dd4973982b2b4588eefcc7c2d CVE-2025-48063,0,0,b51c84591461349d9cf6414a93a17bf05aa314500b0f0e486a94556b20ce49d8,2025-05-21T20:24:58.133000 CVE-2025-48064,0,0,f30f6abfc706c8ec009b8e1646b8ce7a94ad294f1fc91f47ca51b619773ad0e0,2025-05-21T20:24:58.133000 CVE-2025-48066,0,0,faea31f6567e989a0ef973c3f26a498ca723f84a2b80d40e0205222fbd185beb,2025-05-30T01:18:41.410000 +CVE-2025-48068,1,1,2c80608bf0eea8a68b4a726eee97dbc8e608fc9fd2a3bc83a04aea6e2bf3ca8b,2025-05-30T04:15:48.510000 CVE-2025-48069,0,0,d201b903e106fd4e8e9a5c16c5ee97dd49fc9c17d0474c4fa89382c7bdd7010c,2025-05-21T20:24:58.133000 CVE-2025-4807,0,0,38e0deb05d9d726281158918611fe40bc8b500e3135a018beac99acf23d735d4,2025-05-28T13:38:25.170000 CVE-2025-48070,0,0,bed1805e46e1e55370ff9bc19da5a6d7e3c95e34134426c68a907b0b4c694440,2025-05-23T15:55:02.040000 @@ -295586,6 +295591,7 @@ CVE-2025-48376,0,0,b2222f0eb287c8db7e58c9fb98619c60ee424f59867dd64930ca71cc59592 CVE-2025-48377,0,0,ee8c1299e113fea14e201e5015d0a51290adcea1df3a0a63edcdea68897f1b70,2025-05-28T14:58:52.920000 CVE-2025-48378,0,0,cbf73c94993c9abe98d8488782020719977ef4cf3a106b5eb9d8b345c14208c7,2025-05-28T14:58:52.920000 CVE-2025-4838,0,0,cca1a773a7995c2ad406db6e7e45380cc26c88e64223942ad0ce97b436093f69,2025-05-19T15:15:34.170000 +CVE-2025-48381,1,1,b40d47c260d76c8ac004cc1de3ffb72151287c1af97a64ca34916ac8a13ad16a,2025-05-30T04:15:51.537000 CVE-2025-48382,0,0,fda2abd3eb2ff59b8a0db4b2d2d0e0568f8fbaa2c9c79701d2a0f694e0b39ac6,2025-05-28T15:01:30.720000 CVE-2025-48383,0,0,cf4c4d78cccb4a8e745a90ad08bf26e619c1d79a5e63aba01e3bbb75890bb48a,2025-05-28T15:01:30.720000 CVE-2025-48388,0,0,0db1ab5db70cc729cdf2040dba38806327051ae85775b9cb80d9dfbf93295e26,2025-05-29T14:29:50.247000 @@ -295619,8 +295625,18 @@ CVE-2025-48472,0,0,3711ef33a3da96901177df72779376646364f3c38b2eb22871071c2c74302 CVE-2025-48473,0,0,4d91f02add15cac4e8ce59fe420ffa99c08decb0990dc601664cd2c65899044a,2025-05-29T16:15:41.077000 CVE-2025-48474,0,0,396d8851607e76ba6e69ec9ecc96dee751de3e94bcdb9df1eb595df1615cdab6,2025-05-29T16:15:41.273000 CVE-2025-48475,0,0,180870c579dc5b5c04d15576430ea0494411681f0d335544c50a6f7589b6f2e6,2025-05-29T17:15:21.720000 +CVE-2025-48476,1,1,63beb3128b643d3dcbb9c4811ffd1339d203df2e738d42a2110303fae681a0ea,2025-05-30T05:15:21.437000 +CVE-2025-48477,1,1,64e1306d392617ba326a8809450255e4469661b7296491bd007951defc19a894,2025-05-30T05:15:22.283000 +CVE-2025-48478,1,1,baca51fa2deb037615d58c739c4185be25f05c8a2c5dc6b4d9c84ecae8ca6e6e,2025-05-30T05:15:22.460000 +CVE-2025-48479,1,1,062c332eeac974c409baed3b77dccdcabb95ea281b8475955d1c7199bc5d6d34,2025-05-30T05:15:22.630000 CVE-2025-4848,0,0,20503eb98509f13bb54ac642ba30f4216a8a40e637bf035c4e6248a1dfa9a5eb,2025-05-19T15:15:34.400000 +CVE-2025-48480,1,1,15bfe7403e05e32d2a419dc2456071efded0d0b3e26aa995a277de02f8fe97fe,2025-05-30T05:15:22.800000 +CVE-2025-48481,1,1,936526f415b5066d13a0344ccc061e6b10a4542215c8825c23bb4747a5d66a29,2025-05-30T05:15:22.973000 +CVE-2025-48482,1,1,4e66f0d18898adb2ac7040a91be03bc4d5ee464981346b601da0ff57bf2e1ec3,2025-05-30T05:15:23.160000 +CVE-2025-48483,1,1,556e17444d700db0158437972af2d95dd2525072ec3c19d86738b751cf0474c3,2025-05-30T05:15:23.330000 +CVE-2025-48484,1,1,79deffedd576be5fb90e8f42a31c4b745d7b417fbf2a2dcd3c07706caccc0dde,2025-05-30T05:15:23.513000 CVE-2025-4849,0,0,79bafc8d78c1efc632ed95ad4a130766ed5d90c45e45605773df0d46773756c4,2025-05-24T00:55:22.313000 +CVE-2025-48491,1,1,e0e8e9c6da074fdcdb76898941d53f131ab7b6706008d2093580e3aa6472cea3,2025-05-30T04:15:54.470000 CVE-2025-4850,0,0,f4734de71688bb34b47f04cb41c5af0cc568cf46c9e6cb90745360a2b3c7693b,2025-05-24T00:57:35.620000 CVE-2025-4851,0,0,e5a9ac67f494616a05e2f84fff689d174d4a8c96dcdf95534865dd01a2cf2a1b,2025-05-24T01:03:29.400000 CVE-2025-4852,0,0,8056c97adb54f901af1b48f1e44b7ca1809889745baa2872bb19324ac5d93e7f,2025-05-19T15:15:34.693000 @@ -295664,7 +295680,7 @@ CVE-2025-48753,0,0,a0f2e930a11ffb4e77af8218ffe7d48a76bbe306634fd58f3e1297c5e1223 CVE-2025-48754,0,0,628b24ff518c4305a5de44ea5b97dc8b0303067fea5ea8dd90dd5e8c259ce319,2025-05-28T14:58:52.920000 CVE-2025-48755,0,0,7769f37011682f4c89dc4356c2d44d95c8d89ec7b37eba501b3a9e8e25949f0f,2025-05-28T14:58:52.920000 CVE-2025-48756,0,0,8eca08b3d2079d7afac6f850a10c670b61b3423165a167a2b7d1c79142e0bfbb,2025-05-28T14:58:52.920000 -CVE-2025-48757,1,1,91eec216900006369c6659194cde8ce9615637b1c40ac713fe9db2a9eb386a30,2025-05-30T03:15:20.893000 +CVE-2025-48757,0,0,91eec216900006369c6659194cde8ce9615637b1c40ac713fe9db2a9eb386a30,2025-05-30T03:15:20.893000 CVE-2025-4876,0,0,6aaebf17560dce08fc2f828c20443ea92d297ed83d332203d6b8ac706e7bb067,2025-05-21T20:25:16.407000 CVE-2025-48786,0,0,f50aaac9f92c144768e9e142fb469bf7a9185ea8612853ffcab58fc99faca270,2025-05-27T04:15:37.280000 CVE-2025-48787,0,0,4b7bd6f1d69bc3cf7a319e9ab5da04edbd1d30e2a286b1215a7dfbc7e5141741,2025-05-27T04:15:37.790000