diff --git a/CVE-2022/CVE-2022-376xx/CVE-2022-37620.json b/CVE-2022/CVE-2022-376xx/CVE-2022-37620.json index 7d36daa42bf..93d3909aa3e 100644 --- a/CVE-2022/CVE-2022-376xx/CVE-2022-37620.json +++ b/CVE-2022/CVE-2022-376xx/CVE-2022-37620.json @@ -2,13 +2,13 @@ "id": "CVE-2022-37620", "sourceIdentifier": "cve@mitre.org", "published": "2022-10-31T12:15:10.137", - "lastModified": "2025-05-06T16:15:23.350", + "lastModified": "2025-06-01T14:15:19.937", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js." + "value": "A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression." }, { "lang": "es", @@ -139,6 +139,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181", + "source": "cve@mitre.org" + }, { "url": "https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L1338", "source": "af854a3a-2127-422b-91ae-364da2661108", diff --git a/CVE-2025/CVE-2025-409xx/CVE-2025-40908.json b/CVE-2025/CVE-2025-409xx/CVE-2025-40908.json new file mode 100644 index 00000000000..14f3a37c049 --- /dev/null +++ b/CVE-2025/CVE-2025-409xx/CVE-2025-40908.json @@ -0,0 +1,41 @@ +{ + "id": "CVE-2025-40908", + "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", + "published": "2025-06-01T14:15:21.113", + "lastModified": "2025-06-01T14:15:21.113", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ingydotnet/yaml-libyaml-pm/issues/120", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + }, + { + "url": "https://github.com/ingydotnet/yaml-libyaml-pm/pull/121", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + }, + { + "url": "https://github.com/ingydotnet/yaml-libyaml-pm/pull/122", + "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-54xx/CVE-2025-5402.json b/CVE-2025/CVE-2025-54xx/CVE-2025-5402.json new file mode 100644 index 00000000000..bc39473208a --- /dev/null +++ b/CVE-2025/CVE-2025-54xx/CVE-2025-5402.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-5402", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-01T14:15:21.250", + "lastModified": "2025-06-01T14:15:21.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/includes/edit_post.php of the component GET Parameter Handler. The manipulation of the argument edit_post_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20posts.php%20edit_post%20p_id%20Parameter%20SQL%20Injection.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.310742", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.310742", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.582904", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 5eee62e456d..971814edb3e 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-01T14:00:19.906588+00:00 +2025-06-01T16:00:18.783958+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-01T13:15:19.893000+00:00 +2025-06-01T14:15:21.250000+00:00 ``` ### Last Data Feed Release @@ -33,25 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -296130 +296132 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `2` -- [CVE-2025-1499](CVE-2025/CVE-2025-14xx/CVE-2025-1499.json) (`2025-06-01T12:15:24.230`) -- [CVE-2025-25044](CVE-2025/CVE-2025-250xx/CVE-2025-25044.json) (`2025-06-01T12:15:25.317`) -- [CVE-2025-2896](CVE-2025/CVE-2025-28xx/CVE-2025-2896.json) (`2025-06-01T12:15:25.483`) -- [CVE-2025-33004](CVE-2025/CVE-2025-330xx/CVE-2025-33004.json) (`2025-06-01T12:15:25.643`) -- [CVE-2025-33005](CVE-2025/CVE-2025-330xx/CVE-2025-33005.json) (`2025-06-01T12:15:25.807`) -- [CVE-2025-5401](CVE-2025/CVE-2025-54xx/CVE-2025-5401.json) (`2025-06-01T13:15:19.893`) +- [CVE-2025-40908](CVE-2025/CVE-2025-409xx/CVE-2025-40908.json) (`2025-06-01T14:15:21.113`) +- [CVE-2025-5402](CVE-2025/CVE-2025-54xx/CVE-2025-5402.json) (`2025-06-01T14:15:21.250`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2022-37620](CVE-2022/CVE-2022-376xx/CVE-2022-37620.json) (`2025-06-01T14:15:19.937`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 8b790e8a4d5..92089df5dec 100644 --- a/_state.csv +++ b/_state.csv @@ -204889,7 +204889,7 @@ CVE-2022-37614,0,0,a85fca31222920750d1091b8b9cfe29d6feacef0ecdd9750f44511b893fe0 CVE-2022-37616,0,0,9fb82a71c6346fae8e09383e86759101e3d762f5adb7467b9234a9ac6e38c6ad,2024-11-21T07:15:03.297000 CVE-2022-37617,0,0,a9832226abcb13512b3fbd4b47827899ac2094aebb9c293ae6456ae7752abc1b,2024-11-21T07:15:03.490000 CVE-2022-3762,0,0,36ecff47d441eb5342a5789a4073d9c542411a6e19335a22295ca559e6e2d286,2025-04-30T16:15:25.697000 -CVE-2022-37620,0,0,764f9c9af83666004a2cc99ff523e58b87be586e7c347ba6e6d968349677939b,2025-05-06T16:15:23.350000 +CVE-2022-37620,0,1,cb7fd2c3ecf9b479a21148fc1bd9beb08cf23bd5ab6e149f6f003fa75e69d632,2025-06-01T14:15:19.937000 CVE-2022-37621,0,0,dfae1deb44aefb49bee1ddfbc44023fca6db16c651f59f056177fa03ba3ad0f7,2025-05-07T15:15:52.987000 CVE-2022-37623,0,0,c209249aef4a7760a1114dd31b7ba9538a67f2fb9631ebc7a86629e48815ef1e,2025-05-06T16:15:23.547000 CVE-2022-3763,0,0,d63559d4ec8308a4c26065bd6010b775b534980f7fa845f56ae956975c6dc29c,2025-04-30T16:15:25.897000 @@ -283480,7 +283480,7 @@ CVE-2025-1493,0,0,eb1f9f084df1cb6f34514ca97e8d055f851e035cbf20d85a71bed174b09583 CVE-2025-1495,0,0,eb77f981cabe4efbe3dd172718fb9875f01d80ca92253d5063810e79b3d4459f,2025-05-05T20:54:19.760000 CVE-2025-1496,0,0,00b701fe7bc2e4f39ec7ac2812437dabb31dde7416d14a43308b75ca4d34e495,2025-03-20T14:15:22.920000 CVE-2025-1497,0,0,7d02ef7499053e50d8ad89d76099a7d293753bcfe1045929e1a08d34bb3acdae,2025-03-24T18:46:13.367000 -CVE-2025-1499,1,1,a20ee40cdd662cef248bfcaab4b3c6f80c2d9752c7048f73fc89028cb797051c,2025-06-01T12:15:24.230000 +CVE-2025-1499,0,0,a20ee40cdd662cef248bfcaab4b3c6f80c2d9752c7048f73fc89028cb797051c,2025-06-01T12:15:24.230000 CVE-2025-1500,0,0,9fba8c7345ac0b652c7325920a14000ed49f87273e0c5734dc50f1fa6cac69b4,2025-04-07T14:17:50.220000 CVE-2025-1502,0,0,87e6960c6bf75cc8b1380ef7c7e3303ad768ae7a5699ebb71505f60154582a17,2025-03-01T07:15:11.183000 CVE-2025-1503,0,0,2ca03eefe6e9ae5c9c7fbf3c0a67f53490f3fa4743fc5d41f8919dbe81c8e9d3,2025-03-13T05:15:24.917000 @@ -287784,7 +287784,7 @@ CVE-2025-25039,0,0,6155e71068b69a4630ff4049b1126cd719aacb06ed44ea56a73c6de4d42c8 CVE-2025-25040,0,0,eef52afdc1e0cd691e9f8e58be6a79eb181268f995aedb195ab63cb8f64cab8c,2025-03-18T20:15:26.030000 CVE-2025-25041,0,0,38e8fa4df2cdb6a93ddc945573bdc68d8f211c9cdac3d09670f4b0b980fef07e,2025-04-03T18:15:44.960000 CVE-2025-25042,0,0,5f31505452d68a678450274075e145f35ddefef408cd0b3ed1e383cb5d57fac4,2025-03-18T20:15:26.177000 -CVE-2025-25044,1,1,34a2ab5d89a0f725e9fa5c087266cfe2d6fd82224e075409f454baec9665f0a9,2025-06-01T12:15:25.317000 +CVE-2025-25044,0,0,34a2ab5d89a0f725e9fa5c087266cfe2d6fd82224e075409f454baec9665f0a9,2025-06-01T12:15:25.317000 CVE-2025-25045,0,0,4332e3a8b71ea922a29f4a25a34e5a1ad4ca877c6226bfc3954996951ce40a0c,2025-04-29T13:52:47.470000 CVE-2025-25046,0,0,ef01fe62076c448c0a74cc0b470d93bb2ae59c519d0a10b5228ec1da6b3dedc6,2025-04-29T13:52:47.470000 CVE-2025-2505,0,0,1c5dbc559f463be147cb12740d372dacf2302c45c3ca19193c3edfdb65cecd96,2025-03-20T08:15:11.873000 @@ -289860,7 +289860,7 @@ CVE-2025-28940,0,0,04135ac8d9c1245669acb25f77e12e09d3c1430ccba901da70a0adf514651 CVE-2025-28941,0,0,d1dc35fbe2a033c04e261359b97e6eb5a7f518fa1842a2a100fc7c3dd1630b83,2025-03-11T21:15:52.030000 CVE-2025-28942,0,0,13661206a69e4d0b8a31139510417b818a8d6f6daa40fe60ee4e3d972c089172,2025-03-27T16:45:27.850000 CVE-2025-28943,0,0,f13533c6ec40779f6c4eb31c17c71b8bf7e67bb9305109da8899c164336e7b7c,2025-03-11T21:15:52.187000 -CVE-2025-2896,1,1,a8bb6f17daff9c47d5d2009e3ffe619a16cf43ba73b6afa3989255a467411a15,2025-06-01T12:15:25.483000 +CVE-2025-2896,0,0,a8bb6f17daff9c47d5d2009e3ffe619a16cf43ba73b6afa3989255a467411a15,2025-06-01T12:15:25.483000 CVE-2025-2898,0,0,47f67442cb55ba411e4669d13ef4529f1239e4e6ba72061becfb6f7e592e31cd,2025-05-16T20:02:07.950000 CVE-2025-2900,0,0,7fae831f047ecd7346a160d93b21af917548a04e8f5cc7bcbad0aaded0bb8d22,2025-05-16T14:43:56.797000 CVE-2025-2901,0,0,7945b2fda0703ed54bbe3617c5290b84173e50497fd12854a07978736660a0d3,2025-03-28T18:11:40.180000 @@ -292619,8 +292619,8 @@ CVE-2025-32996,0,0,66cdefdd4ac5ef2c3d78ef7b0a3a801233b441eea948b7804c8316fb0d163 CVE-2025-32997,0,0,585b29f934052489f32ea07f36835b226451d0492c02f05a8ece6f7bdf5daba5,2025-04-15T18:39:27.967000 CVE-2025-32999,0,0,021f92785fb481c58ddc71d38612ee5432057a074c3e9802f4824b4ea1fbbc84,2025-05-19T13:35:20.460000 CVE-2025-3300,0,0,71838a45e38cfd4f9033706465f5d20314584bcf58aabb1bb7ca5cab40d52129,2025-04-29T13:52:47.470000 -CVE-2025-33004,1,1,464aa56c62110a9b2452f1e451860490871bf591e90b2c9fe69567076f3c38b1,2025-06-01T12:15:25.643000 -CVE-2025-33005,1,1,a737f463276ac7d8e5e9c32b18ccdeeb8b93b76b6d4ffb99b8e377641ee7e38d,2025-06-01T12:15:25.807000 +CVE-2025-33004,0,0,464aa56c62110a9b2452f1e451860490871bf591e90b2c9fe69567076f3c38b1,2025-06-01T12:15:25.643000 +CVE-2025-33005,0,0,a737f463276ac7d8e5e9c32b18ccdeeb8b93b76b6d4ffb99b8e377641ee7e38d,2025-06-01T12:15:25.807000 CVE-2025-3301,0,0,b2cbbbf942710dc17dd30bf45e19011afe7becbc724cdeebd3bb45dd2691a5aa,2025-05-02T13:53:49.480000 CVE-2025-33024,0,0,a929691d5533595a80202115459e86f84fc81996ba9c41d2a68880f3e6fcf59f,2025-05-13T19:35:18.080000 CVE-2025-33025,0,0,4b295e88dd02f429bce7f4aed7e0b1b7ea585aae960bbc6de9d4364036c40d6c,2025-05-13T19:35:18.080000 @@ -293863,6 +293863,7 @@ CVE-2025-4089,0,0,505a4df56497bc3e08f2e58439684c838786761a96bd4da3f2b0e37b4fa97e CVE-2025-4090,0,0,7f9eabb4ad6772523e0c5f0a270166b4617494fcbb3075e75cc2736a0fa15b02,2025-05-09T19:32:34.333000 CVE-2025-40906,0,0,3bcd0a99f567a8c8c8c888444bf8652ce672ff26763dd9562ab4be9a1279c017,2025-05-19T13:35:50.497000 CVE-2025-40907,0,0,02479ee238b9c2c4380d00bd9d3c9ee05adf00f8c7961fd6f9263c931d94c687,2025-05-16T16:15:41.590000 +CVE-2025-40908,1,1,c44cfeeef6d66b76589d2ba6197e0366b615837a8f47723010484949715bf8dd,2025-06-01T14:15:21.113000 CVE-2025-40909,0,0,18728e90d02bd071d5442765be38f7f39285eeeb0496c2d4d452027e8589c68c,2025-05-31T01:15:20.217000 CVE-2025-4091,0,0,798a4cccfe2006913bea941ae05240fec836c7335fe01bd824f887f2a82ba4a5,2025-05-09T19:32:09.470000 CVE-2025-40911,0,0,fcf4deedf6cc79e67d521479df45c4b1f5ac81bf8605fcf0e3b318f0c121b089,2025-05-28T15:01:30.720000 @@ -296128,4 +296129,5 @@ CVE-2025-5388,0,0,acfc4ce5b0bc5f8a875fd3b94595a46dbf4c269f67a9ffe9cef1a4ec24a635 CVE-2025-5389,0,0,68044e5d3eafac14b5d7e70a6caaf6aae1f9189ac1ca75a8a2d835118d2e2300,2025-05-31T19:15:20.730000 CVE-2025-5390,0,0,0f629e4c27390d24dda33cd6f2a84059798e0729af2f4b3390ee9b19adbf5b3c,2025-05-31T19:15:20.920000 CVE-2025-5400,0,0,fe01393dd37daa6c23ecaf9e51bb54a4c056222d37464215e4f315a31a579145,2025-06-01T09:15:20.557000 -CVE-2025-5401,1,1,8433685660b004747f431385bfa82a6189c723295da55ac29b74b0b3bf48dbf9,2025-06-01T13:15:19.893000 +CVE-2025-5401,0,0,8433685660b004747f431385bfa82a6189c723295da55ac29b74b0b3bf48dbf9,2025-06-01T13:15:19.893000 +CVE-2025-5402,1,1,9694b334c23a68c74cc55de6d7283e4de098e350c54b310eb741600c94155b07,2025-06-01T14:15:21.250000