From 1ac13061fccce4da2a2ff50f32f843cc5955f474 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 6 Apr 2025 08:03:53 +0000 Subject: [PATCH] Auto-Update: 2025-04-06T08:00:19.840115+00:00 --- CVE-2025/CVE-2025-323xx/CVE-2025-32369.json | 56 ++++++++ CVE-2025/CVE-2025-323xx/CVE-2025-32370.json | 60 ++++++++ CVE-2025/CVE-2025-33xx/CVE-2025-3309.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-33xx/CVE-2025-3310.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-33xx/CVE-2025-3311.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-33xx/CVE-2025-3312.json | 145 ++++++++++++++++++++ README.md | 16 ++- _state.csv | 10 +- 8 files changed, 714 insertions(+), 8 deletions(-) create mode 100644 CVE-2025/CVE-2025-323xx/CVE-2025-32369.json create mode 100644 CVE-2025/CVE-2025-323xx/CVE-2025-32370.json create mode 100644 CVE-2025/CVE-2025-33xx/CVE-2025-3309.json create mode 100644 CVE-2025/CVE-2025-33xx/CVE-2025-3310.json create mode 100644 CVE-2025/CVE-2025-33xx/CVE-2025-3311.json create mode 100644 CVE-2025/CVE-2025-33xx/CVE-2025-3312.json diff --git a/CVE-2025/CVE-2025-323xx/CVE-2025-32369.json b/CVE-2025/CVE-2025-323xx/CVE-2025-32369.json new file mode 100644 index 00000000000..bd2d3a91174 --- /dev/null +++ b/CVE-2025/CVE-2025-323xx/CVE-2025-32369.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-32369", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-06T06:15:15.470", + "lastModified": "2025-04-06T07:15:37.720", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Kentico Xperience before 13.0.181 allows authenticated users to distribute malicious content (for stored XSS) via certain interactions with the media library file upload feature." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://devnet.kentico.com/download/hotfixes", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-323xx/CVE-2025-32370.json b/CVE-2025/CVE-2025-323xx/CVE-2025-32370.json new file mode 100644 index 00000000000..f7ad455946e --- /dev/null +++ b/CVE-2025/CVE-2025-323xx/CVE-2025-32370.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2025-32370", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-04-06T07:15:40.970", + "lastModified": "2025-04-06T07:15:40.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-912" + } + ] + } + ], + "references": [ + { + "url": "https://devnet.kentico.com/download/hotfixes", + "source": "cve@mitre.org" + }, + { + "url": "https://labs.watchtowr.com/xss-to-rce-by-abusing-custom-file-handlers-kentico-xperience-cms-cve-2025-2748/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3309.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3309.json new file mode 100644 index 00000000000..c694331bf54 --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3309.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3309", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-06T06:15:17.530", + "lastModified": "2025-04-06T06:15:17.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/p1026/CVE/issues/26", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303506", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303506", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.550194", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3310.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3310.json new file mode 100644 index 00000000000..06bb3ce37ab --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3310.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3310", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-06T06:15:17.980", + "lastModified": "2025-04-06T06:15:17.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the file /admin/delete.php. The manipulation of the argument Search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/p1026/CVE/issues/27", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303507", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303507", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.550195", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3311.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3311.json new file mode 100644 index 00000000000..e63f9feb470 --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3311.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3311", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-06T07:15:41.690", + "lastModified": "2025-04-06T07:15:41.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in PHPGurukul Men Salon Management System 1.0. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/FIGHTINGTMQ/CVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303508", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303508", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.550196", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3312.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3312.json new file mode 100644 index 00000000000..9b8c8010a6f --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3312.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-3312", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-06T07:15:42.910", + "lastModified": "2025-04-06T07:15:42.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Men Salon Management System 1.0. This issue affects some unknown processing of the file /admin/add-customer-services.php. The manipulation of the argument sids[] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/FIGHTINGTMQ/CVE/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303509", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303509", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.550199", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a9229313dab..537b7958c9f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-06T06:00:33.181335+00:00 +2025-04-06T08:00:19.840115+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-06T05:15:15.400000+00:00 +2025-04-06T07:15:42.910000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -288711 +288717 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `6` -- [CVE-2025-1264](CVE-2025/CVE-2025-12xx/CVE-2025-1264.json) (`2025-04-06T05:15:15.400`) -- [CVE-2025-3308](CVE-2025/CVE-2025-33xx/CVE-2025-3308.json) (`2025-04-06T04:15:15.887`) +- [CVE-2025-32369](CVE-2025/CVE-2025-323xx/CVE-2025-32369.json) (`2025-04-06T06:15:15.470`) +- [CVE-2025-32370](CVE-2025/CVE-2025-323xx/CVE-2025-32370.json) (`2025-04-06T07:15:40.970`) +- [CVE-2025-3309](CVE-2025/CVE-2025-33xx/CVE-2025-3309.json) (`2025-04-06T06:15:17.530`) +- [CVE-2025-3310](CVE-2025/CVE-2025-33xx/CVE-2025-3310.json) (`2025-04-06T06:15:17.980`) +- [CVE-2025-3311](CVE-2025/CVE-2025-33xx/CVE-2025-3311.json) (`2025-04-06T07:15:41.690`) +- [CVE-2025-3312](CVE-2025/CVE-2025-33xx/CVE-2025-3312.json) (`2025-04-06T07:15:42.910`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index e551d9adab4..0320d8b255a 100644 --- a/_state.csv +++ b/_state.csv @@ -281972,7 +281972,7 @@ CVE-2025-1259,0,0,96573da653e81cf9f41f5a6e0a68d414d64a0b47be9c10926141f4af2c7ce7 CVE-2025-1260,0,0,e4f71207e6a087a9bf1a24013d876e80c5a3b7480309c271bfd0b4d9f3dedf0a,2025-03-04T20:15:37.133000 CVE-2025-1261,0,0,a33e974f0393407171b95a9c03d699424900964b702e13684f908e09f1dca3bf,2025-03-24T18:32:02.397000 CVE-2025-1262,0,0,17163c0048b85420a06d4f3fbe8ad6b4a348138bf38df6751414d0a9ed886fc3,2025-02-28T01:32:30.023000 -CVE-2025-1264,1,1,ba2e353e82fe2151a36f7c6a1e968c8fba639e46387ad39335868e27b9bd20b6,2025-04-06T05:15:15.400000 +CVE-2025-1264,0,0,ba2e353e82fe2151a36f7c6a1e968c8fba639e46387ad39335868e27b9bd20b6,2025-04-06T05:15:15.400000 CVE-2025-1265,0,0,bc018ef071fadf7e153cbb8aa96a03eb4bac560d27730ea77e8eae7baedae9e8,2025-02-20T20:15:46.537000 CVE-2025-1266,0,0,4994c9c1e87b7dedc2dce4e0a436027ae116cf2eed8bcb3d9cc4ca13f9be4407,2025-03-13T22:15:14.907000 CVE-2025-1267,0,0,ba86c608607f26bac981689d79d06ae5aee8441c0c5fa7f7159ff7a10a088f7f,2025-04-01T20:26:11.547000 @@ -288676,7 +288676,9 @@ CVE-2025-32360,0,0,0e74289220e4b285c0e8748f3e1650706d339f80b6d12512f31f5c70a948d CVE-2025-32364,0,0,cfb2ebfabb62fc4b801fb2bf95fe1940970bfddc2ea9963730d3ab7bd79a8124,2025-04-05T22:15:18.337000 CVE-2025-32365,0,0,26d24ab60b153da5a84d5f59bd2fd2acbadd4a9a5ca08171ad2b1fd85144179a,2025-04-05T22:15:19.010000 CVE-2025-32366,0,0,55ed558c8590729fba4d42dd8e9fca74dbbfd7a7c513816303bb4016f69cddc5,2025-04-06T00:15:18.980000 +CVE-2025-32369,1,1,7166c30bae6aecfaf4e6276c6d6dd4b89cb7e06f8d7f1423eab92990138b964f,2025-04-06T07:15:37.720000 CVE-2025-3237,0,0,2b0634913d301c0209a0690fb90ddcaa8b200550805a1d4ec2db149b30fd4af2,2025-04-04T10:15:17.383000 +CVE-2025-32370,1,1,8ca861a6f4d90e94ecd698e835c1e65cd7d4065e2b6806ff31f07c1a9d13b48b,2025-04-06T07:15:40.970000 CVE-2025-3238,0,0,49b7638c423114327b5e6867f71919ab552663d9bb2b5517ae05eef59b2968e0,2025-04-04T10:15:17.577000 CVE-2025-3239,0,0,a890b57275ecd0351eb57a0ff486b7b7ddc21d7a21c77a8b45094fdc21902b92,2025-04-04T11:15:40.393000 CVE-2025-3240,0,0,5b17439a0d44f5ff15b1b29eb52afc1b18c24e4ea281876bb94711a18baa0212,2025-04-04T11:15:40.603000 @@ -288709,4 +288711,8 @@ CVE-2025-3304,0,0,29a38ac7df74814842edc977ed145111a95ed8ef942f514c967d6026c5a64b CVE-2025-3305,0,0,b2c90129fe183fd0375eb40e77713311a1f1af30e665ffd707316b1c76fdc5b4,2025-04-05T23:15:41.780000 CVE-2025-3306,0,0,8af2b5a7c28d3e6ac3e8cb07eb340dc6f7805a9ee07cb14217b9df657d2f2410,2025-04-06T01:15:40.663000 CVE-2025-3307,0,0,63f106264214ff92c87fdac82ad9be3ac393f211140d772f87db85e9aba4f279,2025-04-06T03:15:15.603000 -CVE-2025-3308,1,1,cac85b460db0f65e3487ebe09bd764b0c082576c55bd0dabb64d159639057cb6,2025-04-06T04:15:15.887000 +CVE-2025-3308,0,0,cac85b460db0f65e3487ebe09bd764b0c082576c55bd0dabb64d159639057cb6,2025-04-06T04:15:15.887000 +CVE-2025-3309,1,1,5fc11999f8aba272f0edaedeb6cdabe2d8bfda4276e44f0cd260dd16c1e65ec8,2025-04-06T06:15:17.530000 +CVE-2025-3310,1,1,931ee9c73a853cb92092f6c5f84e92162a960b0f8348949c42329542357b33dd,2025-04-06T06:15:17.980000 +CVE-2025-3311,1,1,c322d35c902b44a05fdb8b301bf9a783a77d78938a2f292e7c223fd13247f1c9,2025-04-06T07:15:41.690000 +CVE-2025-3312,1,1,5053b68a67fd5dbb5b0aa1e72f90953f7e5103b354e746415b6c4f1bb43bc64d,2025-04-06T07:15:42.910000