Auto-Update: 2025-03-01T19:00:19.526743+00:00

CVE-2025/CVE-2025-06xx/CVE-2025-0626.json

@@ -2,13 +2,13 @@
   "id": "CVE-2025-0626",
   "sourceIdentifier": "ics-cert@hq.dhs.gov",
   "published": "2025-01-30T19:15:14.010",
-  "lastModified": "2025-01-31T17:15:16.323",
+  "lastModified": "2025-03-01T18:15:34.140",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "Contec Health CMS8000 Patient Monitor sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device."
+      "value": "The \"monitor\" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to update the device from the user menu. This could serve as a backdoor to the device, and could lead to a malicious actor being able to upload and overwrite files on the device."
     },
     {
       "lang": "es",
@@ -30,30 +30,30 @@
           "attackRequirements": "PRESENT",
           "privilegesRequired": "NONE",
           "userInteraction": "PASSIVE",
-          "vulnerableSystemConfidentiality": "HIGH",
-          "vulnerableSystemIntegrity": "HIGH",
-          "vulnerableSystemAvailability": "HIGH",
-          "subsequentSystemConfidentiality": "NONE",
-          "subsequentSystemIntegrity": "NONE",
-          "subsequentSystemAvailability": "NONE",
+          "vulnConfidentialityImpact": "HIGH",
+          "vulnIntegrityImpact": "HIGH",
+          "vulnAvailabilityImpact": "HIGH",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
           "exploitMaturity": "NOT_DEFINED",
-          "confidentialityRequirements": "NOT_DEFINED",
-          "integrityRequirements": "NOT_DEFINED",
-          "availabilityRequirements": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
           "modifiedAttackVector": "NOT_DEFINED",
           "modifiedAttackComplexity": "NOT_DEFINED",
           "modifiedAttackRequirements": "NOT_DEFINED",
           "modifiedPrivilegesRequired": "NOT_DEFINED",
           "modifiedUserInteraction": "NOT_DEFINED",
-          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
-          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
-          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
-          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
-          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
-          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
-          "safety": "NOT_DEFINED",
-          "automatable": "NOT_DEFINED",
-          "recovery": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
           "valueDensity": "NOT_DEFINED",
           "vulnerabilityResponseEffort": "NOT_DEFINED",
           "providerUrgency": "NOT_DEFINED"

CVE-2025/CVE-2025-17xx/CVE-2025-1799.json

@@ -0,0 +1,137 @@
+{
+  "id": "CVE-2025-1799",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-03-01T18:15:34.803",
+  "lastModified": "2025-03-01T18:15:34.803",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. This affects the function previewAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument data leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "LOW",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "LOW",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "baseScore": 6.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/sheratan4/cve/issues/6",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.298029",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.298029",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.502650",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

CVE-2025/CVE-2025-18xx/CVE-2025-1800.json

@@ -0,0 +1,152 @@
+{
+  "id": "CVE-2025-1800",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-03-01T18:15:34.983",
+  "lastModified": "2025-03-01T18:15:34.983",
+  "vulnStatus": "Received",
+  "cveTags": [
+    {
+      "sourceIdentifier": "cna@vuldb.com",
+      "tags": [
+        "unsupported-when-assigned"
+      ]
+    }
+  ],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "LOW",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "LOW",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "baseScore": 6.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-74"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-77"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/sjwszt/CVE/blob/main/CVE_1.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.298030",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.298030",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.502971",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://www.dlink.com/",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-03-01T17:00:19.997944+00:00
+2025-03-01T19:00:19.526743+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-03-01T15:15:11.573000+00:00
+2025-03-01T18:15:34.983000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,21 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-283594
+283596
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `2`
 
-- [CVE-2024-41778](CVE-2024/CVE-2024-417xx/CVE-2024-41778.json) (`2025-03-01T15:15:10.450`)
-- [CVE-2025-1797](CVE-2025/CVE-2025-17xx/CVE-2025-1797.json) (`2025-03-01T15:15:11.573`)
+- [CVE-2025-1799](CVE-2025/CVE-2025-17xx/CVE-2025-1799.json) (`2025-03-01T18:15:34.803`)
+- [CVE-2025-1800](CVE-2025/CVE-2025-18xx/CVE-2025-1800.json) (`2025-03-01T18:15:34.983`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+- [CVE-2025-0626](CVE-2025/CVE-2025-06xx/CVE-2025-0626.json) (`2025-03-01T18:15:34.140`)
 
 
 ## Download and Usage

_state.csv

@@ -265075,7 +265075,7 @@ CVE-2024-41774,0,0,db82f7998f610ab2c3c2ae4d9e33bcab8463b004f8921670f73f55120becf
 CVE-2024-41775,0,0,e5a5c3f0c9c2d797037bc42d58511f5d720ca3c68c1710b74d20237b76b1bbd9,2024-12-11T03:25:45.430000
 CVE-2024-41776,0,0,645561281eaec0c17a46e435f182a12ad35f1dabfbd0f0ddaced797c0e2c28f4,2024-12-11T03:24:19.023000
 CVE-2024-41777,0,0,cb9df48d95cae8457cf91a5abe10e277d5ade6df23da7cf8a2746d2d5ff22e8b,2024-12-11T03:22:46.490000
-CVE-2024-41778,1,1,91eaf397004280a46bcc2e3ba347d43c06f62a2ea8703ef0659d90586a31f246,2025-03-01T15:15:10.450000
+CVE-2024-41778,0,0,91eaf397004280a46bcc2e3ba347d43c06f62a2ea8703ef0659d90586a31f246,2025-03-01T15:15:10.450000
 CVE-2024-41779,0,0,0cc2a488dd76e38c9c90720b0b2edfd5c9f34c5d2e2c40d451ec0bb49b764fc0,2024-11-22T12:15:18.987000
 CVE-2024-41780,0,0,f0bdb2eca8ebee85877f13f35a81fb91d5ea99c267cf6b461805356adb0fe55e,2025-01-03T15:15:10.367000
 CVE-2024-41781,0,0,be645911c6dec68941643ffd681ea405f77903ad7fd076fcfc9ba888bf410899,2024-11-22T12:15:19.193000
@@ -280229,7 +280229,7 @@ CVE-2025-0622,0,0,a6a193274731f6c7dfaba57b90f3e73d71577adcaea95e1ee069d69beb79d1
 CVE-2025-0623,0,0,341d910d0f0f4575e107592c92f38288f68e01fe716af21df488a6d82193e481,2025-01-21T17:15:16.817000
 CVE-2025-0624,0,0,e574dbadcedb62d6ec5fc83ee445f795570d6b514ffea1920d6ad509cbc9be05,2025-02-19T19:15:15.120000
 CVE-2025-0625,0,0,7f36541620787f4bb57811d2ab5017a08dd72bab5c190081458ac3e7009d06f3,2025-01-22T19:15:10.397000
-CVE-2025-0626,0,0,0077dccae97439405bab713571a124bd093984b1ee0c361ef3ff1afd6c248462,2025-01-31T17:15:16.323000
+CVE-2025-0626,0,1,16ee263c85f3aad6f9b7c5ed60390a064032d53adec3f9f8437b4c73151fb8c7,2025-03-01T18:15:34.140000
 CVE-2025-0630,0,0,a203846e431374935835f3b6e314fad6940377ee142abf426ce77275aa7cba26,2025-02-04T20:15:49.940000
 CVE-2025-0631,0,0,a91b2711b77974f80919f9c5b372be80fd124e74c35c8b96965898a857e3e98a,2025-01-28T19:15:14.270000
 CVE-2025-0633,0,0,99b5597a4d6745e0fdc49c871283cdb64a4adc9d1a5288ea05a1df36fe7875e0,2025-02-19T07:15:33.537000
@@ -280803,7 +280803,9 @@ CVE-2025-1786,0,0,70145b3ad4c1d238a1d8855a15a77d52293373869862966474d8235c014b88
 CVE-2025-1788,0,0,dc9426cea6e825feaf5cae707f07c928b26b8e2baca0aa20ccec4c0a8b2fce50,2025-03-01T13:15:11.797000
 CVE-2025-1791,0,0,34ee8cd2f104eaa7419273fe9af644f5f1d57bbad701730a9dfc317b74b5d810,2025-03-01T14:15:34.520000
 CVE-2025-1795,0,0,70fd77cb540d3bda179678e58a7ef81c271cc3e16d5d4d855b724aa1245ec66f,2025-02-28T21:15:27.570000
-CVE-2025-1797,1,1,300dd40b9ba65144edab2a795cb46e891c141669ea3cc5dd5e27c94a6c5ec09e,2025-03-01T15:15:11.573000
+CVE-2025-1797,0,0,300dd40b9ba65144edab2a795cb46e891c141669ea3cc5dd5e27c94a6c5ec09e,2025-03-01T15:15:11.573000
+CVE-2025-1799,1,1,43816068956cdf14dad20a4e5e4d1fc47001df714eea26349dd91115ab4dac95,2025-03-01T18:15:34.803000
+CVE-2025-1800,1,1,322e2f3c3e826d546073227fc29a2546415ead7a627628aa90cb68e7eca6995b,2025-03-01T18:15:34.983000
 CVE-2025-1803,0,0,61b8ea959516cf458cfa0ea204219ee983e8adc2cba473f893652a1e07a05d40,2025-03-01T01:15:28.077000
 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000
 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000