From 1593367456c3f3479f5faf9b028a89705098cca4 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 3 Mar 2025 09:03:53 +0000 Subject: [PATCH] Auto-Update: 2025-03-03T09:00:25.905929+00:00 --- CVE-2024/CVE-2024-533xx/CVE-2024-53382.json | 60 ++++++++ CVE-2024/CVE-2024-533xx/CVE-2024-53386.json | 60 ++++++++ CVE-2025/CVE-2025-12xx/CVE-2025-1244.json | 6 +- CVE-2025/CVE-2025-16xx/CVE-2025-1618.json | 8 +- CVE-2025/CVE-2025-17xx/CVE-2025-1723.json | 56 ++++++++ CVE-2025/CVE-2025-18xx/CVE-2025-1854.json | 141 +++++++++++++++++++ CVE-2025/CVE-2025-18xx/CVE-2025-1855.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-18xx/CVE-2025-1856.json | 141 +++++++++++++++++++ CVE-2025/CVE-2025-18xx/CVE-2025-1857.json | 145 ++++++++++++++++++++ README.md | 23 ++-- _state.csv | 19 ++- 11 files changed, 784 insertions(+), 20 deletions(-) create mode 100644 CVE-2024/CVE-2024-533xx/CVE-2024-53382.json create mode 100644 CVE-2024/CVE-2024-533xx/CVE-2024-53386.json create mode 100644 CVE-2025/CVE-2025-17xx/CVE-2025-1723.json create mode 100644 CVE-2025/CVE-2025-18xx/CVE-2025-1854.json create mode 100644 CVE-2025/CVE-2025-18xx/CVE-2025-1855.json create mode 100644 CVE-2025/CVE-2025-18xx/CVE-2025-1856.json create mode 100644 CVE-2025/CVE-2025-18xx/CVE-2025-1857.json diff --git a/CVE-2024/CVE-2024-533xx/CVE-2024-53382.json b/CVE-2024/CVE-2024-533xx/CVE-2024-53382.json new file mode 100644 index 00000000000..dc4529b492b --- /dev/null +++ b/CVE-2024/CVE-2024-533xx/CVE-2024-53382.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-53382", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-03-03T07:15:33.397", + "lastModified": "2025-03-03T07:15:33.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-533xx/CVE-2024-53386.json b/CVE-2024/CVE-2024-533xx/CVE-2024-53386.json new file mode 100644 index 00000000000..2a91c1a7518 --- /dev/null +++ b/CVE-2024/CVE-2024-533xx/CVE-2024-53386.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-53386", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-03-03T07:15:34.560", + "lastModified": "2025-03-03T07:15:34.560", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://gist.github.com/jackfromeast/31d56f1ad17673aabb6ab541e65a5534", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/piqnt/stage.js/blob/919f6e94b14242f6e6994141a9e1188439d306d5/lib/core.js#L158-L159", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-12xx/CVE-2025-1244.json b/CVE-2025/CVE-2025-12xx/CVE-2025-1244.json index 1dabcdc4ea6..7911b0d8a93 100644 --- a/CVE-2025/CVE-2025-12xx/CVE-2025-1244.json +++ b/CVE-2025/CVE-2025-12xx/CVE-2025-1244.json @@ -2,7 +2,7 @@ "id": "CVE-2025-1244", "sourceIdentifier": "secalert@redhat.com", "published": "2025-02-12T15:15:18.430", - "lastModified": "2025-03-03T02:15:33.190", + "lastModified": "2025-03-03T08:15:14.700", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -64,6 +64,10 @@ "url": "https://access.redhat.com/errata/RHSA-2025:1961", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2025:1962", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/errata/RHSA-2025:1963", "source": "secalert@redhat.com" diff --git a/CVE-2025/CVE-2025-16xx/CVE-2025-1618.json b/CVE-2025/CVE-2025-16xx/CVE-2025-1618.json index bb57742aa0d..112b8763a59 100644 --- a/CVE-2025/CVE-2025-16xx/CVE-2025-1618.json +++ b/CVE-2025/CVE-2025-16xx/CVE-2025-1618.json @@ -2,13 +2,13 @@ "id": "CVE-2025-1618", "sourceIdentifier": "cna@vuldb.com", "published": "2025-02-24T05:15:10.980", - "lastModified": "2025-02-24T05:15:10.980", + "lastModified": "2025-03-03T07:15:34.730", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been found in vTiger CRM 6.4.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0 is able to address this issue. It is recommended to upgrade the affected component." }, { "lang": "es", @@ -63,7 +63,7 @@ "cvssMetricV31": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", @@ -111,7 +111,7 @@ "weaknesses": [ { "source": "cna@vuldb.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2025/CVE-2025-17xx/CVE-2025-1723.json b/CVE-2025/CVE-2025-17xx/CVE-2025-1723.json new file mode 100644 index 00000000000..2aee1513331 --- /dev/null +++ b/CVE-2025/CVE-2025-17xx/CVE-2025-1723.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-1723", + "sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02", + "published": "2025-03-03T08:15:15.717", + "lastModified": "2025-03-03T08:15:15.717", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Zohocorp ManageEngine ADSelfService Plus versions 6510 and below are vulnerable to account takeover due to the\u00a0session mishandling. Valid account holders in the setup only have the potential to exploit this bug." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "0fc0942c-577d-436f-ae8e-945763c79b02", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "0fc0942c-577d-436f-ae8e-945763c79b02", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html", + "source": "0fc0942c-577d-436f-ae8e-945763c79b02" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1854.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1854.json new file mode 100644 index 00000000000..e7adc064843 --- /dev/null +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1854.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-1854", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-03T07:15:35.030", + "lastModified": "2025-03-03T07:15:35.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/del_member.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yhj09/CVE/blob/main/CVE_1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.298122", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.298122", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.506053", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1855.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1855.json new file mode 100644 index 00000000000..0624ac92fb6 --- /dev/null +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1855.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-1855", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-03T07:15:35.277", + "lastModified": "2025-03-03T07:15:35.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The manipulation of the argument quality/price/value/name/summary/review leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/panghuanjie/Code-audits/blob/main/PHPGurukul/PHPGurukul%20Online%20Shopping%20Portal%20v2.1%20SQL%20Injection3%20.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.298123", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.298123", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.506066", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1856.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1856.json new file mode 100644 index 00000000000..99f0936f0f0 --- /dev/null +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1856.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-1856", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-03T08:15:16.303", + "lastModified": "2025-03-03T08:15:16.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Codezips Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/gen_invoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/smartttt1/CVE/blob/main/CVE_1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.298124", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.298124", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.506107", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-18xx/CVE-2025-1857.json b/CVE-2025/CVE-2025-18xx/CVE-2025-1857.json new file mode 100644 index 00000000000..88f53c54424 --- /dev/null +++ b/CVE-2025/CVE-2025-18xx/CVE-2025-1857.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-1857", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-03-03T08:15:16.823", + "lastModified": "2025-03-03T08:15:16.823", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file /check_availability.php. The manipulation of the argument employeeid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/panghuanjie/Code-audits/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.298125", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.298125", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.506120", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c50076776ec..8f47e1f258e 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-03T07:00:26.560142+00:00 +2025-03-03T09:00:25.905929+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-03T06:15:21.697000+00:00 +2025-03-03T08:15:16.823000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -283663 +283670 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `7` -- [CVE-2025-1850](CVE-2025/CVE-2025-18xx/CVE-2025-1850.json) (`2025-03-03T05:15:10.587`) -- [CVE-2025-1851](CVE-2025/CVE-2025-18xx/CVE-2025-1851.json) (`2025-03-03T05:15:10.867`) -- [CVE-2025-1852](CVE-2025/CVE-2025-18xx/CVE-2025-1852.json) (`2025-03-03T06:15:21.343`) -- [CVE-2025-1853](CVE-2025/CVE-2025-18xx/CVE-2025-1853.json) (`2025-03-03T06:15:21.697`) +- [CVE-2024-53382](CVE-2024/CVE-2024-533xx/CVE-2024-53382.json) (`2025-03-03T07:15:33.397`) +- [CVE-2024-53386](CVE-2024/CVE-2024-533xx/CVE-2024-53386.json) (`2025-03-03T07:15:34.560`) +- [CVE-2025-1723](CVE-2025/CVE-2025-17xx/CVE-2025-1723.json) (`2025-03-03T08:15:15.717`) +- [CVE-2025-1854](CVE-2025/CVE-2025-18xx/CVE-2025-1854.json) (`2025-03-03T07:15:35.030`) +- [CVE-2025-1855](CVE-2025/CVE-2025-18xx/CVE-2025-1855.json) (`2025-03-03T07:15:35.277`) +- [CVE-2025-1856](CVE-2025/CVE-2025-18xx/CVE-2025-1856.json) (`2025-03-03T08:15:16.303`) +- [CVE-2025-1857](CVE-2025/CVE-2025-18xx/CVE-2025-1857.json) (`2025-03-03T08:15:16.823`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `2` +- [CVE-2025-1244](CVE-2025/CVE-2025-12xx/CVE-2025-1244.json) (`2025-03-03T08:15:14.700`) +- [CVE-2025-1618](CVE-2025/CVE-2025-16xx/CVE-2025-1618.json) (`2025-03-03T07:15:34.730`) ## Download and Usage diff --git a/_state.csv b/_state.csv index f9461c853d2..852e54b7ba1 100644 --- a/_state.csv +++ b/_state.csv @@ -273581,6 +273581,8 @@ CVE-2024-53375,0,0,03acfc3ce1465046824ce662fbf44dee8291f967ecd696fbbf82e7a2b1461 CVE-2024-53376,0,0,8911dbfc8997baa2a57cf32f34b4dcc9a56903a67bd0c4ffc9a41950a9065ad0,2024-12-17T20:15:22.380000 CVE-2024-53379,0,0,2b6df428322956cd20e5c553031d5487355c33ab4cabbe810e5c3a60725bbc7b,2025-02-27T19:15:48.927000 CVE-2024-5338,0,0,2afe684191c73468eff383b7ca370b5770f74a1aec9a85ac89128ddd56eac957,2024-11-21T09:47:26.997000 +CVE-2024-53382,1,1,bc22c0f67f340c82703587339ab10b2cf8a3692c3e7d029c8d913b364828432f,2025-03-03T07:15:33.397000 +CVE-2024-53386,1,1,8bb56eeec23e0a18d63c27f203ebccf2a4947e5af96ad0f07d167c04fae16fdb,2025-03-03T07:15:34.560000 CVE-2024-5339,0,0,0d824fdd75ea0024ca1d8121d180fa88d48321696b6a589d7b7ff1cb4a42c3e7,2024-11-21T09:47:27.133000 CVE-2024-5340,0,0,ee38ec7c3eb1b237a6f1222e4c2d09975ad3132aecab39c527a9d8e3693c02d9,2024-11-21T09:47:27.263000 CVE-2024-53407,0,0,028a3e4d14bfc90eea9cc0c6159117f08c823fe19cf4dd25d6c1d6ae5f9691c6,2025-01-31T21:15:10.213000 @@ -280603,7 +280605,7 @@ CVE-2025-1231,0,0,53b09d0e70e608d42ef2315cf58b2a0031ad64c29b00c44d026df29aef3338 CVE-2025-1239,0,0,6187788ffe5fd6000cc24d081f477dcae5b0ef59871d160b3ff23ee25b818501,2025-02-14T14:15:32.687000 CVE-2025-1240,0,0,363ac0ec488e57d295d78c481b595c1c1507ba076f5813d8f4f20530988afa84,2025-02-11T22:15:29.800000 CVE-2025-1243,0,0,b36908327b1b41fa664c4a39c71934592fd1d75bcc40ba67f7d64ed64955da7e,2025-02-12T01:15:09.073000 -CVE-2025-1244,0,0,24b712abc5473f98be5b45c650fef26d8d6a16ebd1fa65ca9c83aff0724f41bc,2025-03-03T02:15:33.190000 +CVE-2025-1244,0,1,e0503510349a51824b054cbe96fa226fb83099fc0db271f8548e5f6083316dbe,2025-03-03T08:15:14.700000 CVE-2025-1247,0,0,076ebdee060c0d22b647df1a0cc091510262713de157cf89796199eeb4b4a429,2025-02-27T16:15:38.390000 CVE-2025-1249,0,0,f9cf8228939f75e3961b7ce63e2e103ee292f920596572fc4d2ff4b8583fc869,2025-02-26T15:15:24.470000 CVE-2025-1258,0,0,e60d49e74992453b0cd2d8b93f0bc7a60901e2447adb1d6d0cde7627e3bb44f5,2025-02-20T18:15:26.217000 @@ -280753,7 +280755,7 @@ CVE-2025-1614,0,0,7d6a9d5dca1d2dee06439db5fa1b87d1c8819ad5479aa7c9bf2b4e7d88bc5c CVE-2025-1615,0,0,6a395c4b348e38e53409f949776359dae903a343a3adc0dd732cc46cc3b0709e,2025-02-28T18:33:35.540000 CVE-2025-1616,0,0,c02dd69ffb51117ec12e296fa8fa2644f3a5e76db5fac6a5c199e8d272746a43,2025-02-28T16:07:41.847000 CVE-2025-1617,0,0,5699c11babf41c6523a7b468d5f93f623e40fad3886f2c2564d3fbf01bfd5a5a,2025-02-24T04:15:09.277000 -CVE-2025-1618,0,0,c38d123af1d2ac8066a3b83ff9de2a6ebdb065de987e96507742c45f56bfb04c,2025-02-24T05:15:10.980000 +CVE-2025-1618,0,1,26805ff186a34eff816cd1df89880ebc77e7548d77ce085b3162d114680f02ff,2025-03-03T07:15:34.730000 CVE-2025-1629,0,0,98e40b68e5632eb91f4db527ca6594bcd0a0e66070641abd7d2f14eb9bdef0c3,2025-02-24T05:15:11.280000 CVE-2025-1632,0,0,28fe99b7a4053d94bf92a115fabddf2bf6f2fcf0d6264d4d013a0dc1f70735ec,2025-02-24T15:15:13.217000 CVE-2025-1634,0,0,29f3957e0a85b3b8849afab5bb93f47350a7407e4de4941bc376da929d054d05,2025-02-27T16:15:38.500000 @@ -280783,6 +280785,7 @@ CVE-2025-1692,0,0,ada4fe9963e6bfb9428a6effda149b259cc8c8d330fa71a5cddb43ce0441e4 CVE-2025-1693,0,0,78bee8ea11b0f84269d8265b773d2949284a15da89c9262684dc7b4564686390,2025-02-27T13:15:11.563000 CVE-2025-1716,0,0,a648869b4360af8ed23a26cfd3c368eed054419e70a81f1fff814aa8bcbf023c,2025-02-26T15:15:24.653000 CVE-2025-1717,0,0,531ae6ccf2948d3fb4bab20d73b08fd6766b8bf8893677c6840dec6217d1f072,2025-02-27T08:15:31.130000 +CVE-2025-1723,1,1,bd3dc44ce79d918f1eca963344abea138edda86e5a9253ac44f547b43e3ab229,2025-03-03T08:15:15.717000 CVE-2025-1726,0,0,1eac96fa1d7a7ec9ea278c42b19f49f33808e18559f649ea58334e24fccb274f,2025-02-26T20:15:13.510000 CVE-2025-1728,0,0,126b29abd5a8b7142eab21be075a4425d5b9e0d4bb1eedd2c9477807954e2152,2025-02-26T22:15:14.333000 CVE-2025-1730,0,0,3552c2abcc0f807391a69e1527a01ae3b1d54867e5f720c6c378cf1c5b09cb05,2025-03-01T07:15:11.380000 @@ -280846,10 +280849,14 @@ CVE-2025-1846,0,0,5c7f3bcd4f600ed21100c2323eba63af680e8a42c3178debbd9d070582d1b8 CVE-2025-1847,0,0,746236a7f5daba7186147d066b7aaaa80fd843c4adbf688ee60e53e05f7bb637,2025-03-03T03:15:08.983000 CVE-2025-1848,0,0,b4b3792b2f071cb7baebc550aa244188045e4139769a51b876e21cea9dd8bd3b,2025-03-03T04:15:08.657000 CVE-2025-1849,0,0,354df1d3115e7ed477918e35dd2218a14edf9641d1ba7b4fa97da52f2d0d22aa,2025-03-03T04:15:08.837000 -CVE-2025-1850,1,1,ea68a3dd00a560e71fe95deae84b875b31ca9504072c80640a2691c9ac6d0c08,2025-03-03T05:15:10.587000 -CVE-2025-1851,1,1,faa5ac08ac0fee46f1b16a0465106e5a4a341af911fe8c171e43fb5f1b00229c,2025-03-03T05:15:10.867000 -CVE-2025-1852,1,1,a886287ebd221b754a408205bc3961099fffa063d675a6087bdc41ff2f34bc44,2025-03-03T06:15:21.343000 -CVE-2025-1853,1,1,1ca7b3f52c25c3fc5fa57ff0b3fdcd1cc5bcf593f896e1516be8778f7214bfba,2025-03-03T06:15:21.697000 +CVE-2025-1850,0,0,ea68a3dd00a560e71fe95deae84b875b31ca9504072c80640a2691c9ac6d0c08,2025-03-03T05:15:10.587000 +CVE-2025-1851,0,0,faa5ac08ac0fee46f1b16a0465106e5a4a341af911fe8c171e43fb5f1b00229c,2025-03-03T05:15:10.867000 +CVE-2025-1852,0,0,a886287ebd221b754a408205bc3961099fffa063d675a6087bdc41ff2f34bc44,2025-03-03T06:15:21.343000 +CVE-2025-1853,0,0,1ca7b3f52c25c3fc5fa57ff0b3fdcd1cc5bcf593f896e1516be8778f7214bfba,2025-03-03T06:15:21.697000 +CVE-2025-1854,1,1,807272fc1faf394020bd02f44d1204a0d3e08b77045a8805f11576c69ec3afca,2025-03-03T07:15:35.030000 +CVE-2025-1855,1,1,3e9f8b558ac6552e8526a9c2fbaf0089e976661b34f06258bdcdb5078af97e9f,2025-03-03T07:15:35.277000 +CVE-2025-1856,1,1,58e10d6310d6a4f926500637cd981991f15a8c8166565755e79475990347bf0a,2025-03-03T08:15:16.303000 +CVE-2025-1857,1,1,b91c7d6358a703ad5510a09be0b8927b11845424ecd31d685ddde03f87d3600c,2025-03-03T08:15:16.823000 CVE-2025-20014,0,0,f4fd1db051e4652a5d7e7863a21c37faec75062d4b5ce0e4f2c6bffc2f3ee854,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20029,0,0,d9e3ca63dc18f9436b5043ebae0bcb543cc6452f75921963fed59e1df065c2d7,2025-02-05T18:15:29.573000