diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10306.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10306.json new file mode 100644 index 00000000000..39cc45aa45b --- /dev/null +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10306.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10306", + "sourceIdentifier": "secalert@redhat.com", + "published": "2025-04-23T10:15:14.330", + "lastModified": "2025-04-23T10:15:14.330", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in mod_proxy_cluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-10306", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321302", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-122xx/CVE-2024-12243.json b/CVE-2024/CVE-2024-122xx/CVE-2024-12243.json index 07e1c30149b..d8cb78deff1 100644 --- a/CVE-2024/CVE-2024-122xx/CVE-2024-12243.json +++ b/CVE-2024/CVE-2024-122xx/CVE-2024-12243.json @@ -2,7 +2,7 @@ "id": "CVE-2024-12243", "sourceIdentifier": "secalert@redhat.com", "published": "2025-02-10T16:15:37.423", - "lastModified": "2025-02-21T22:15:11.890", + "lastModified": "2025-04-23T11:15:45.773", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -52,6 +52,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2025:4051", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-12243", "source": "secalert@redhat.com" diff --git a/CVE-2025/CVE-2025-10xx/CVE-2025-1054.json b/CVE-2025/CVE-2025-10xx/CVE-2025-1054.json new file mode 100644 index 00000000000..4312ebec3bb --- /dev/null +++ b/CVE-2025/CVE-2025-10xx/CVE-2025-1054.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-1054", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-04-23T10:15:15.280", + "lastModified": "2025-04-23T10:15:15.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The UiCore Elements \u2013 Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3253371/uicore-elements", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d74e8541-9726-4bc2-9fbd-f6016490e0ea?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-35xx/CVE-2025-3530.json b/CVE-2025/CVE-2025-35xx/CVE-2025-3530.json index 3c118a706f6..19b7df1059c 100644 --- a/CVE-2025/CVE-2025-35xx/CVE-2025-3530.json +++ b/CVE-2025/CVE-2025-35xx/CVE-2025-3530.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item." + }, + { + "lang": "es", + "value": "El complemento WordPress Simple Shopping Cart para WordPress es vulnerable a la manipulaci\u00f3n de precios de productos en todas las versiones hasta la 5.1.2 incluida. Esto se debe a una falla l\u00f3gica relacionada con el uso inconsistente de par\u00e1metros durante el proceso de a\u00f1adir al carrito. El complemento utiliza el par\u00e1metro 'product_tmp_two' para calcular un hash de seguridad contra la manipulaci\u00f3n de precios mientras usa 'wspsc_product' para mostrar el producto, lo que permite a un atacante no autenticado sustituir los datos de un producto m\u00e1s econ\u00f3mico y omitir el pago por uno m\u00e1s caro." } ], "metrics": { diff --git a/CVE-2025/CVE-2025-426xx/CVE-2025-42600.json b/CVE-2025/CVE-2025-426xx/CVE-2025-42600.json new file mode 100644 index 00000000000..7c18bad3162 --- /dev/null +++ b/CVE-2025/CVE-2025-426xx/CVE-2025-42600.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-42600", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2025-04-23T11:15:46.603", + "lastModified": "2025-04-23T11:15:46.603", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to gain unauthorized access to other user accounts." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-426xx/CVE-2025-42601.json b/CVE-2025/CVE-2025-426xx/CVE-2025-42601.json new file mode 100644 index 00000000000..31b9b99ad3e --- /dev/null +++ b/CVE-2025/CVE-2025-426xx/CVE-2025-42601.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-42601", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2025-04-23T11:15:46.797", + "lastModified": "2025-04-23T11:15:46.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification mechanism." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-602" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-426xx/CVE-2025-42602.json b/CVE-2025/CVE-2025-426xx/CVE-2025-42602.json new file mode 100644 index 00000000000..b5b6614d58a --- /dev/null +++ b/CVE-2025/CVE-2025-426xx/CVE-2025-42602.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-42602", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2025-04-23T11:15:46.933", + "lastModified": "2025-04-23T11:15:46.933", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses through API request body leading to unauthorized access of other user accounts." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + }, + { + "lang": "en", + "value": "CWE-613" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-426xx/CVE-2025-42603.json b/CVE-2025/CVE-2025-426xx/CVE-2025-42603.json new file mode 100644 index 00000000000..6d7c59caca0 --- /dev/null +++ b/CVE-2025/CVE-2025-426xx/CVE-2025-42603.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-42603", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2025-04-23T11:15:47.063", + "lastModified": "2025-04-23T11:15:47.063", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in the Meon KYC solutions due to transmission of sensitive data in plain text within the response payloads of certain API endpoints. An authenticated remote attacker could exploit this vulnerability by intercepting API response that contains unencrypted sensitive information belonging to other users.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to impersonate the target user and gain unauthorized access to the user account." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-426xx/CVE-2025-42604.json b/CVE-2025/CVE-2025-426xx/CVE-2025-42604.json new file mode 100644 index 00000000000..45061290a91 --- /dev/null +++ b/CVE-2025/CVE-2025-426xx/CVE-2025-42604.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-42604", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2025-04-23T11:15:47.190", + "lastModified": "2025-04-23T11:15:47.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related information." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1295" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-426xx/CVE-2025-42605.json b/CVE-2025/CVE-2025-426xx/CVE-2025-42605.json new file mode 100644 index 00000000000..7a16016919d --- /dev/null +++ b/CVE-2025/CVE-2025-426xx/CVE-2025-42605.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-42605", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2025-04-23T11:15:47.327", + "lastModified": "2025-04-23T11:15:47.327", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body to gain unauthorized access to other user accounts.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to perform authorized manipulation of data associated with other user accounts." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0082", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e61246c8a29..2996baf4488 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-23T10:00:19.789892+00:00 +2025-04-23T12:00:21.480847+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-23T08:15:14.723000+00:00 +2025-04-23T11:15:47.327000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -291137 +291145 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `8` -- [CVE-2025-2595](CVE-2025/CVE-2025-25xx/CVE-2025-2595.json) (`2025-04-23T08:15:14.023`) -- [CVE-2025-3529](CVE-2025/CVE-2025-35xx/CVE-2025-3529.json) (`2025-04-23T08:15:14.527`) -- [CVE-2025-3530](CVE-2025/CVE-2025-35xx/CVE-2025-3530.json) (`2025-04-23T08:15:14.723`) +- [CVE-2024-10306](CVE-2024/CVE-2024-103xx/CVE-2024-10306.json) (`2025-04-23T10:15:14.330`) +- [CVE-2025-1054](CVE-2025/CVE-2025-10xx/CVE-2025-1054.json) (`2025-04-23T10:15:15.280`) +- [CVE-2025-42600](CVE-2025/CVE-2025-426xx/CVE-2025-42600.json) (`2025-04-23T11:15:46.603`) +- [CVE-2025-42601](CVE-2025/CVE-2025-426xx/CVE-2025-42601.json) (`2025-04-23T11:15:46.797`) +- [CVE-2025-42602](CVE-2025/CVE-2025-426xx/CVE-2025-42602.json) (`2025-04-23T11:15:46.933`) +- [CVE-2025-42603](CVE-2025/CVE-2025-426xx/CVE-2025-42603.json) (`2025-04-23T11:15:47.063`) +- [CVE-2025-42604](CVE-2025/CVE-2025-426xx/CVE-2025-42604.json) (`2025-04-23T11:15:47.190`) +- [CVE-2025-42605](CVE-2025/CVE-2025-426xx/CVE-2025-42605.json) (`2025-04-23T11:15:47.327`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `2` +- [CVE-2024-12243](CVE-2024/CVE-2024-122xx/CVE-2024-12243.json) (`2025-04-23T11:15:45.773`) +- [CVE-2025-3530](CVE-2025/CVE-2025-35xx/CVE-2025-3530.json) (`2025-04-23T08:15:14.723`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 4030214d5cd..5687968ff1a 100644 --- a/_state.csv +++ b/_state.csv @@ -244807,6 +244807,7 @@ CVE-2024-1030,0,0,6d2d82ef3072f02e7c34d7489d5c3e0649bc9fdc5d37c6ed18885f5f961ee1 CVE-2024-10300,0,0,71f89392a82bac9e3a1118d602fedad5aa8e35f49fa5cc5e5782fb8c6482f21b,2024-10-25T18:49:01.953000 CVE-2024-10301,0,0,3d2ee5c748542f3efcde40d90c311550627d3156c0575f82911af7d8dec82c11,2024-10-25T18:47:54.033000 CVE-2024-10305,0,0,c796e0a9a1f8c346431dc8391644400d6ff87d94b0f13883aeae274109208b98,2025-02-11T02:15:33.200000 +CVE-2024-10306,1,1,792b0dd34ad4909dbace4af8af5ba2c73aece39fed2b4ea5974067d8c70c4570,2025-04-23T10:15:14.330000 CVE-2024-10307,0,0,b3c6596e9363272e01afbca3eda91cdf366d6168437cf679755595a795028a90,2025-03-28T18:11:40.180000 CVE-2024-10308,0,0,7d25344eaafedd87dec065a0c2fdf72a371424d31caf12f177490522cd87b5ec,2025-01-09T20:30:43.060000 CVE-2024-10309,0,0,c3b06cfa7dc37203816d2b3718e47926115a5ae85aab2018d71ee2aed22785cb,2025-01-30T17:15:17.370000 @@ -246771,7 +246772,7 @@ CVE-2024-12239,0,0,2dd2f60a878bde8fc4082e44b55290b6330ca8ddb5c2322a79fe1567e7103 CVE-2024-1224,0,0,cbfbaa5b4f0e1c410530412d727d5bf58dfe126bd3d740f330bf5c6e93a0658e,2024-11-21T08:50:05.487000 CVE-2024-12240,0,0,6672995b52813f98387098ac3b3013676e82d4cc5e92b1023b4a144f1eea1a77,2025-01-14T11:15:15.137000 CVE-2024-12242,0,0,2f55c665eef830ff2620035cbcfe4292d890dc745ab209f9df7f0382ca44ae3c,2025-02-11T02:15:33.653000 -CVE-2024-12243,0,0,53e901d0075c3b7adca79b57dacb02191eae54a920e4cd6ebc29cca90cff820d,2025-02-21T22:15:11.890000 +CVE-2024-12243,0,1,21abb63f551c04214ac9f57da8e02697b40abe367a9fc617ebe76745884217b6,2025-04-23T11:15:45.773000 CVE-2024-12245,0,0,31276812dc8de5bfdb7bab3cdab8b1c866149ec90ff0dd7db23266bd4fc80d08,2025-03-14T18:15:27.530000 CVE-2024-12246,0,0,25e368b7b625668da07b20dc2399fc14978a413e8f5dc9b92a1c223e61cf9256,2025-02-11T02:15:33.710000 CVE-2024-12247,0,0,ad117a7da5529073984608210b9ebf0c8357341e47d0f7a47c01f4275cf4ac25,2024-12-05T16:15:25.243000 @@ -282055,6 +282056,7 @@ CVE-2025-1043,0,0,85285f0459384c003ce1a5c887368f71f800dede66c51b6ace529750f1366c CVE-2025-1044,0,0,9f8be6c10874ff2755d0454f22f2307f6446f5aad49de046e6d1d7bccf9d96f4,2025-02-18T21:34:01.863000 CVE-2025-1052,0,0,dd0f54ac7a99856d7d318fe87955632258ed518980dc0996f06ddf7223075097,2025-02-18T21:32:45.863000 CVE-2025-1053,0,0,745fc40219bc37fd7ab7252db87e5d766a3ee14d78f27aa4c9a1b496940a21f8,2025-02-14T04:15:08.903000 +CVE-2025-1054,1,1,4f648087404d5f94f81892b6abae138d8dde37a4c7d2cb9d5fe9cac212e50831,2025-04-23T10:15:15.280000 CVE-2025-1056,0,0,761de48b4451bb267d3ace586bde14815dc352bb894b4fb2f8bba30da7179e6d,2025-04-23T06:15:46.573000 CVE-2025-1057,0,0,95ef9f4d7e8c757916d4aa45045901e0df35d84bc26a83d251d1d38248a44580,2025-03-15T09:15:10.770000 CVE-2025-1058,0,0,931565082cf6be7adcbf5c17fdfd20136c63742e85ad7be32de9be500e9b2826,2025-02-13T06:15:21.480000 @@ -286785,7 +286787,7 @@ CVE-2025-25946,0,0,dd68555679ad8b07f36b669fbde20639acf7f7115a512ba533c880a157808 CVE-2025-25947,0,0,c7879e4f126007a6472b19a25e66309955a18ccc3104a8ec27cf1080eaf6c736,2025-02-20T15:15:15.530000 CVE-2025-25948,0,0,ca5ca8099c123ac40ced025637b0c72774b2e5cd1ecdf3abb66470a227375ec8,2025-04-18T14:15:21.417000 CVE-2025-25949,0,0,37ed88dfaf3dea8d3aac537831aa5ed4f56df128e0b320c9512e04a3c222a74b,2025-04-18T14:15:21.573000 -CVE-2025-2595,1,1,cf29020f5caace450eef647ef6afb5f98e0c2b22877cd75c49da6a8362916aac,2025-04-23T08:15:14.023000 +CVE-2025-2595,0,0,cf29020f5caace450eef647ef6afb5f98e0c2b22877cd75c49da6a8362916aac,2025-04-23T08:15:14.023000 CVE-2025-25950,0,0,627c1adb760a61f2a2b9bbc6a6d509a87ff3bb95240fb9b362077447b6b83cd7,2025-04-18T14:15:21.737000 CVE-2025-25951,0,0,36590502128c2f462b2193bb1de5b4041627daeba96b84368d0be8f1fe9d0f66,2025-04-18T14:15:21.937000 CVE-2025-25952,0,0,cbe43ab15287a101ee4ca95bd9e2f758ef9364a9bb5d1471af4f5540683b58da,2025-04-18T14:15:22.117000 @@ -290721,8 +290723,8 @@ CVE-2025-3519,0,0,3abcc56fc9fa4dddff51fd4465ee9d76bbf6c624c51fbb4ad08710b5ff9d87 CVE-2025-3520,0,0,be35fd038c4a5e22088fd0e9352f3a187df9abda8d0ecfa9c4571aec785dc913,2025-04-21T14:23:45.950000 CVE-2025-3522,0,0,d7b10d589112af206a2a97a80b31b8312cbafe8f15fc0b775a5c292039712cf3,2025-04-15T19:16:08.057000 CVE-2025-3523,0,0,9e0b214a1ab217ceac11021882f71acf6e83d545f10dd5d4b8cac5015db5f14f,2025-04-15T18:39:27.967000 -CVE-2025-3529,1,1,fee7e8dbf8e22172fe5da05e8272df7b08d63fbfaaff9a5a16be1d712957b828,2025-04-23T08:15:14.527000 -CVE-2025-3530,1,1,bc567eb793c5dabeb5f8df508ce5e64f5ed3083d376c23228e50e10b0ca914a3,2025-04-23T08:15:14.723000 +CVE-2025-3529,0,0,fee7e8dbf8e22172fe5da05e8272df7b08d63fbfaaff9a5a16be1d712957b828,2025-04-23T08:15:14.527000 +CVE-2025-3530,0,1,6f915dc2253ddcf623021079c111481772b3ee6e70dbaa37ca252f542a41b506,2025-04-23T08:15:14.723000 CVE-2025-3531,0,0,a1decdd234168eb76bc68bc5b83f3982cca53fa01cc6afb6bd923d1aa0236709,2025-04-15T18:39:27.967000 CVE-2025-3532,0,0,a2f5d1e1aeeff6c317e31a6e6d9145846fef7ec6ec6973517901d1a73b613717,2025-04-15T18:39:27.967000 CVE-2025-3533,0,0,0517ee64c7ed259e758d3f181da415a253b558981950122d1448e5774aae3999,2025-04-15T18:39:27.967000 @@ -291052,6 +291054,12 @@ CVE-2025-40114,0,0,e4d744f28120ab6554e4d13f2f9f1eeaeee8726fca02a9f9f521440a390d4 CVE-2025-40325,0,0,a6e3862a6512d1062886fb893478a1faf062d9cb4443f34babdc0e4290aabe28,2025-04-21T14:23:45.950000 CVE-2025-40364,0,0,7079032d03c94977f22edeb418796e7b8ec133f463d81beda02e4d226b1c4205,2025-04-21T14:23:45.950000 CVE-2025-42599,0,0,9659da8e8aac322bbaf38e5450526281170e18645caf922988ff7e1c8a3c28d4,2025-04-21T14:23:45.950000 +CVE-2025-42600,1,1,1ee142eb2ccdf84d82305ae0488f79995fe777c9f50c5673c7ad425bf2a0ac3b,2025-04-23T11:15:46.603000 +CVE-2025-42601,1,1,ad34a158f5a71060131e6193290958eadeecac1a2f75c0605f2d65e61706340f,2025-04-23T11:15:46.797000 +CVE-2025-42602,1,1,68f2fa5ea678d0797a07d33b52336313d4690a153ef3db27f8cbccbd62e68dc6,2025-04-23T11:15:46.933000 +CVE-2025-42603,1,1,8c7df7376afdd67d289241b099529f589c9b5464cd7ae6e65238f634816e3b49,2025-04-23T11:15:47.063000 +CVE-2025-42604,1,1,1d6c455f719188a7b6908c79d097cad2a1bb2ed6aafe0bf34f961ec1cfc6d257,2025-04-23T11:15:47.190000 +CVE-2025-42605,1,1,a9b469d67d2bd8b3340309a4b239c2796f192b83a615984bee8e6a39ab35992b,2025-04-23T11:15:47.327000 CVE-2025-42921,0,0,834c8fedea992fbe5ca87b916877d62b73585ee9a6a8a5b0642eefbb25f9e2c0,2025-04-17T20:21:05.203000 CVE-2025-43012,0,0,18e1af789e53f96a6c881eae07096e79716556b48ee757b9a80a5d7ad315fdf0,2025-04-17T20:21:05.203000 CVE-2025-43013,0,0,c510cb2dfb445e66117a5cd3ded26fb5498744f67e1da9853ed0361b21206154,2025-04-17T20:21:05.203000