From 0d5730b2ccd7346c99ab891c69940679cd04d46c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 9 Mar 2025 23:03:48 +0000 Subject: [PATCH] Auto-Update: 2025-03-09T23:00:20.452870+00:00 --- CVE-2025/CVE-2025-21xx/CVE-2025-2130.json | 141 ++++++++++++++++++++ CVE-2025/CVE-2025-262xx/CVE-2025-26204.json | 16 +++ CVE-2025/CVE-2025-262xx/CVE-2025-26205.json | 16 +++ README.md | 15 ++- _state.csv | 7 +- 5 files changed, 186 insertions(+), 9 deletions(-) create mode 100644 CVE-2025/CVE-2025-21xx/CVE-2025-2130.json create mode 100644 CVE-2025/CVE-2025-262xx/CVE-2025-26204.json create mode 100644 CVE-2025/CVE-2025-262xx/CVE-2025-26205.json diff --git a/CVE-2025/CVE-2025-21xx/CVE-2025-2130.json b/CVE-2025/CVE-2025-21xx/CVE-2025-2130.json new file mode 100644 index 00000000000..6ccc3e2c193 --- /dev/null +++ b/CVE-2025/CVE-2025-21xx/CVE-2025-2130.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-2130", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-09T22:15:12.253", + "lastModified": "2025-03-09T22:15:12.253", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in OpenXE up to 1.12. It has been declared as problematic. This vulnerability affects unknown code of the component Ticket Bearbeiten Page. The manipulation of the argument Notizen leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.299050", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.299050", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.511529", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.singto.io/pocsforexploits/openxe/openxe-xss-ticket.html", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-262xx/CVE-2025-26204.json b/CVE-2025/CVE-2025-262xx/CVE-2025-26204.json new file mode 100644 index 00000000000..24b0be86d0a --- /dev/null +++ b/CVE-2025/CVE-2025-262xx/CVE-2025-26204.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-26204", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-03-09T21:15:35.310", + "lastModified": "2025-03-09T22:15:12.120", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-262xx/CVE-2025-26205.json b/CVE-2025/CVE-2025-262xx/CVE-2025-26205.json new file mode 100644 index 00000000000..abd261e507d --- /dev/null +++ b/CVE-2025/CVE-2025-262xx/CVE-2025-26205.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2025-26205", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-03-09T21:15:35.457", + "lastModified": "2025-03-09T22:15:12.200", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/README.md b/README.md index d6d581f436c..6b9ffc3e106 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-09T21:00:19.421143+00:00 +2025-03-09T23:00:20.452870+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-09T20:15:27.157000+00:00 +2025-03-09T22:15:12.253000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -284578 +284581 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -- [CVE-2025-2129](CVE-2025/CVE-2025-21xx/CVE-2025-2129.json) (`2025-03-09T20:15:27.157`) +- [CVE-2025-2130](CVE-2025/CVE-2025-21xx/CVE-2025-2130.json) (`2025-03-09T22:15:12.253`) +- [CVE-2025-26204](CVE-2025/CVE-2025-262xx/CVE-2025-26204.json) (`2025-03-09T21:15:35.310`) +- [CVE-2025-26205](CVE-2025/CVE-2025-262xx/CVE-2025-26205.json) (`2025-03-09T21:15:35.457`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2025-27636](CVE-2025/CVE-2025-276xx/CVE-2025-27636.json) (`2025-03-09T20:15:26.270`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 906ff7d1338..888747a3f73 100644 --- a/_state.csv +++ b/_state.csv @@ -281644,7 +281644,7 @@ CVE-2025-21286,0,0,723a473a192879fc206cfa84c7de3f90eedd168a272ed8d91571db1d22504 CVE-2025-21287,0,0,3fb720d80bfa95a57729c3d52355290ff4ed9d6a729c50a14578c0330694308a,2025-01-24T21:55:31.367000 CVE-2025-21288,0,0,79f0d8a9fcb348695f51a1219583e8ea25481776e9e3e38910c2eefefdc3362b,2025-01-24T21:47:07.423000 CVE-2025-21289,0,0,fee4d36c12a7e786371dc542562c3ca5c601aa9f9d1773942d4c4b95c5ba8a82,2025-01-24T21:47:24.627000 -CVE-2025-2129,1,1,73bcf9f2db79dbf127d42bb6a6b4dc5653d308326a9105457d2299f2925acaa0,2025-03-09T20:15:27.157000 +CVE-2025-2129,0,0,73bcf9f2db79dbf127d42bb6a6b4dc5653d308326a9105457d2299f2925acaa0,2025-03-09T20:15:27.157000 CVE-2025-21290,0,0,9908895cd72179235f8944b12651eab7a26a3fa06071ad9ead9f86c6d3b61d5a,2025-01-24T21:47:33.967000 CVE-2025-21291,0,0,5dc12a9d03eff6a3cee8125e8ef0399a500aa8ddc3f43c7e43adb090509d0ede,2025-01-24T21:47:41.350000 CVE-2025-21292,0,0,4501ae8c31c8e5be444f48bfe6c68f0a83c5b59e6e03feb325a2ed2e954943e5,2025-01-24T21:47:48.737000 @@ -281655,6 +281655,7 @@ CVE-2025-21296,0,0,e6a1c9957561caf3c08496803c0d30c1ebf34930666c8fe32257ce9086419 CVE-2025-21297,0,0,3ab7b3c14f4caef771a6720deb6e250b1f436927d02f1b51343e4279e8f230d4,2025-01-24T21:48:42.703000 CVE-2025-21298,0,0,8777cfa0600445139c487075d5ab0c735aed30e39ea02043ecdccc9440939232,2025-01-24T21:48:49.880000 CVE-2025-21299,0,0,f36898ed7a072fb1bf3a66d319990cf8422e046997a77b84517942b1fed08dc7,2025-01-24T21:48:59.153000 +CVE-2025-2130,1,1,3924df49d8f788efd74ea7d2dd5652aace72fb0984c40d82492698ccc7d556ed,2025-03-09T22:15:12.253000 CVE-2025-21300,0,0,37096ee2a4f954708906e2afd28314e98d8e4ab0c7ac8239b74c189373571d90,2025-01-24T21:49:29.857000 CVE-2025-21301,0,0,8953ad23567d52390e15e46d491856022afaf971fd601bd1a6ce8eed1c3fb533,2025-01-24T21:49:37.347000 CVE-2025-21302,0,0,884c6727a46036a58204ac04a3b80c31d9ebeb9d1b7ece8a19fc57a9180b92a6,2025-01-24T21:49:44.423000 @@ -284091,6 +284092,8 @@ CVE-2025-26182,0,0,0ffb3bea03992b9174a29a5d31a319557b17fde19454fc28292cbf9e09cbc CVE-2025-26200,0,0,07971a3db98f9cfae341b32901f42b0af32b82b7b85e8efc840488c86eda257e,2025-02-24T17:15:14.273000 CVE-2025-26201,0,0,19cc0d8c975fa49352fb9ad1f8db6737d71edae986faba1d37ba48d4a441cec4,2025-02-24T18:15:21.047000 CVE-2025-26202,0,0,faf1da73f05d445d952dd532cee33fae2a2ae5a854a8d484ad2405b4354fa0d8,2025-03-05T16:15:40.130000 +CVE-2025-26204,1,1,a8f05c49578ea0cbde7e961f0f9aa7f0415694b1127756defe681b9982099ed9,2025-03-09T22:15:12.120000 +CVE-2025-26205,1,1,63ed32d242f54d965851d14b37db546b9e668c5b81ac02938c74583c42eba152,2025-03-09T22:15:12.200000 CVE-2025-26206,0,0,65fb1b35688e4155ab7cd5d9dba72d14a0558f77be50007bc2f864f59797ec8c,2025-03-04T17:15:18.487000 CVE-2025-26263,0,0,fc3120fea42838e95a7a6b2851141f093ed91446459738db389d5fc39c0f2990,2025-03-06T22:15:35.437000 CVE-2025-26264,0,0,d652b5dab25ae333f8ea0835b25b75d718ba956bf0f33ef0027b1933da0a46e3,2025-02-28T22:15:39.780000 @@ -284517,7 +284520,7 @@ CVE-2025-27622,0,0,aab424c81f70efb6c2294313600d100f64e720f683885d3b6918b7e0d0c95 CVE-2025-27623,0,0,a7729605ea601dac947d3c9e9dda3f4cf0fc759f67e3d847999a08d4d426400f,2025-03-06T17:15:23.647000 CVE-2025-27624,0,0,386e769fd54c9c9e387001be90fa20a8140740d08fb61eb8c2dc8cbb750364f8,2025-03-06T17:15:23.797000 CVE-2025-27625,0,0,85889be78be476b146c5fda687cdd2b7a01a613eea674a60ada7a9651223e2d5,2025-03-06T17:15:23.960000 -CVE-2025-27636,0,1,7a13ac4e996aba1cd32295c73e4eaae38f1702ebcc075663414ee3db8e6075ae,2025-03-09T20:15:26.270000 +CVE-2025-27636,0,0,7a13ac4e996aba1cd32295c73e4eaae38f1702ebcc075663414ee3db8e6075ae,2025-03-09T20:15:26.270000 CVE-2025-27637,0,0,9c062615c8ec6a3ced4ee678ddb923b6d263f273f4e63f5f7bf9a46985accf21,2025-03-05T16:15:40.713000 CVE-2025-27638,0,0,799c839b25e9819e4ec80c30ab7682e659f557f1c902bc7211099cb508098b42,2025-03-05T17:15:16.853000 CVE-2025-27639,0,0,a0477d98f560583497b6432bc3e9038f2aa7b8df2110514ba2e616c075cb3f66,2025-03-05T17:15:17.027000