Auto-Update: 2025-06-01T16:00:18.783958+00:00

2025-06-19 17:31:42 +00:00 · 2025-06-01 16:03:56 +00:00 · 2025-06-01 16:03:56 +00:00 · 1f4014d741
commit 1f4014d741
parent ad09bf24b3
5 changed files with 205 additions and 20 deletions
--- a/CVE-2022/CVE-2022-376xx/CVE-2022-37620.json
+++ b/CVE-2022/CVE-2022-376xx/CVE-2022-37620.json
@ -2,13 +2,13 @@
  "id": "CVE-2022-37620",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-10-31T12:15:10.137",
-  "lastModified": "2025-05-06T16:15:23.350",
+  "lastModified": "2025-06-01T14:15:19.937",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
-      "value": "A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js."
+      "value": "A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression."
    },
    {
      "lang": "es",
@ -139,6 +139,10 @@
        "Third Party Advisory"
      ]
    },
+    {
+      "url": "https://security.snyk.io/vuln/SNYK-JS-HTMLMINIFIER-3091181",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://github.com/kangax/html-minifier/blob/51ce10f4daedb1de483ffbcccecc41be1c873da2/src/htmlminifier.js#L1338",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
--- a/CVE-2025/CVE-2025-409xx/CVE-2025-40908.json
+++ b/CVE-2025/CVE-2025-409xx/CVE-2025-40908.json
@ -0,0 +1,41 @@
+{
+  "id": "CVE-2025-40908",
+  "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
+  "published": "2025-06-01T14:15:21.113",
+  "lastModified": "2025-06-01T14:15:21.113",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-552"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/ingydotnet/yaml-libyaml-pm/issues/120",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://github.com/ingydotnet/yaml-libyaml-pm/pull/121",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    },
+    {
+      "url": "https://github.com/ingydotnet/yaml-libyaml-pm/pull/122",
+      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-54xx/CVE-2025-5402.json
+++ b/CVE-2025/CVE-2025-54xx/CVE-2025-5402.json
@ -0,0 +1,141 @@
+{
+  "id": "CVE-2025-5402",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-06-01T14:15:21.250",
+  "lastModified": "2025-06-01T14:15:21.250",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/includes/edit_post.php of the component GET Parameter Handler. The manipulation of the argument edit_post_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 6.9,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "LOW",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "LOW",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+          "baseScore": 7.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-74"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20posts.php%20edit_post%20p_id%20Parameter%20SQL%20Injection.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.310742",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.310742",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.582904",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-06-01T14:00:19.906588+00:00
+2025-06-01T16:00:18.783958+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-06-01T13:15:19.893000+00:00
+2025-06-01T14:15:21.250000+00:00
 ```

 ### Last Data Feed Release
@ -33,25 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-296130
+296132
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `6`
+Recently added CVEs: `2`

- [CVE-2025-1499](CVE-2025/CVE-2025-14xx/CVE-2025-1499.json) (`2025-06-01T12:15:24.230`)
- [CVE-2025-25044](CVE-2025/CVE-2025-250xx/CVE-2025-25044.json) (`2025-06-01T12:15:25.317`)
- [CVE-2025-2896](CVE-2025/CVE-2025-28xx/CVE-2025-2896.json) (`2025-06-01T12:15:25.483`)
- [CVE-2025-33004](CVE-2025/CVE-2025-330xx/CVE-2025-33004.json) (`2025-06-01T12:15:25.643`)
- [CVE-2025-33005](CVE-2025/CVE-2025-330xx/CVE-2025-33005.json) (`2025-06-01T12:15:25.807`)
- [CVE-2025-5401](CVE-2025/CVE-2025-54xx/CVE-2025-5401.json) (`2025-06-01T13:15:19.893`)
+- [CVE-2025-40908](CVE-2025/CVE-2025-409xx/CVE-2025-40908.json) (`2025-06-01T14:15:21.113`)
+- [CVE-2025-5402](CVE-2025/CVE-2025-54xx/CVE-2025-5402.json) (`2025-06-01T14:15:21.250`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+- [CVE-2022-37620](CVE-2022/CVE-2022-376xx/CVE-2022-37620.json) (`2025-06-01T14:15:19.937`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -204889,7 +204889,7 @@ CVE-2022-37614,0,0,a85fca31222920750d1091b8b9cfe29d6feacef0ecdd9750f44511b893fe0
 CVE-2022-37616,0,0,9fb82a71c6346fae8e09383e86759101e3d762f5adb7467b9234a9ac6e38c6ad,2024-11-21T07:15:03.297000
 CVE-2022-37617,0,0,a9832226abcb13512b3fbd4b47827899ac2094aebb9c293ae6456ae7752abc1b,2024-11-21T07:15:03.490000
 CVE-2022-3762,0,0,36ecff47d441eb5342a5789a4073d9c542411a6e19335a22295ca559e6e2d286,2025-04-30T16:15:25.697000
-CVE-2022-37620,0,0,764f9c9af83666004a2cc99ff523e58b87be586e7c347ba6e6d968349677939b,2025-05-06T16:15:23.350000
+CVE-2022-37620,0,1,cb7fd2c3ecf9b479a21148fc1bd9beb08cf23bd5ab6e149f6f003fa75e69d632,2025-06-01T14:15:19.937000
 CVE-2022-37621,0,0,dfae1deb44aefb49bee1ddfbc44023fca6db16c651f59f056177fa03ba3ad0f7,2025-05-07T15:15:52.987000
 CVE-2022-37623,0,0,c209249aef4a7760a1114dd31b7ba9538a67f2fb9631ebc7a86629e48815ef1e,2025-05-06T16:15:23.547000
 CVE-2022-3763,0,0,d63559d4ec8308a4c26065bd6010b775b534980f7fa845f56ae956975c6dc29c,2025-04-30T16:15:25.897000
@ -283480,7 +283480,7 @@ CVE-2025-1493,0,0,eb1f9f084df1cb6f34514ca97e8d055f851e035cbf20d85a71bed174b09583
 CVE-2025-1495,0,0,eb77f981cabe4efbe3dd172718fb9875f01d80ca92253d5063810e79b3d4459f,2025-05-05T20:54:19.760000
 CVE-2025-1496,0,0,00b701fe7bc2e4f39ec7ac2812437dabb31dde7416d14a43308b75ca4d34e495,2025-03-20T14:15:22.920000
 CVE-2025-1497,0,0,7d02ef7499053e50d8ad89d76099a7d293753bcfe1045929e1a08d34bb3acdae,2025-03-24T18:46:13.367000
-CVE-2025-1499,1,1,a20ee40cdd662cef248bfcaab4b3c6f80c2d9752c7048f73fc89028cb797051c,2025-06-01T12:15:24.230000
+CVE-2025-1499,0,0,a20ee40cdd662cef248bfcaab4b3c6f80c2d9752c7048f73fc89028cb797051c,2025-06-01T12:15:24.230000
 CVE-2025-1500,0,0,9fba8c7345ac0b652c7325920a14000ed49f87273e0c5734dc50f1fa6cac69b4,2025-04-07T14:17:50.220000
 CVE-2025-1502,0,0,87e6960c6bf75cc8b1380ef7c7e3303ad768ae7a5699ebb71505f60154582a17,2025-03-01T07:15:11.183000
 CVE-2025-1503,0,0,2ca03eefe6e9ae5c9c7fbf3c0a67f53490f3fa4743fc5d41f8919dbe81c8e9d3,2025-03-13T05:15:24.917000
@ -287784,7 +287784,7 @@ CVE-2025-25039,0,0,6155e71068b69a4630ff4049b1126cd719aacb06ed44ea56a73c6de4d42c8
 CVE-2025-25040,0,0,eef52afdc1e0cd691e9f8e58be6a79eb181268f995aedb195ab63cb8f64cab8c,2025-03-18T20:15:26.030000
 CVE-2025-25041,0,0,38e8fa4df2cdb6a93ddc945573bdc68d8f211c9cdac3d09670f4b0b980fef07e,2025-04-03T18:15:44.960000
 CVE-2025-25042,0,0,5f31505452d68a678450274075e145f35ddefef408cd0b3ed1e383cb5d57fac4,2025-03-18T20:15:26.177000
-CVE-2025-25044,1,1,34a2ab5d89a0f725e9fa5c087266cfe2d6fd82224e075409f454baec9665f0a9,2025-06-01T12:15:25.317000
+CVE-2025-25044,0,0,34a2ab5d89a0f725e9fa5c087266cfe2d6fd82224e075409f454baec9665f0a9,2025-06-01T12:15:25.317000
 CVE-2025-25045,0,0,4332e3a8b71ea922a29f4a25a34e5a1ad4ca877c6226bfc3954996951ce40a0c,2025-04-29T13:52:47.470000
 CVE-2025-25046,0,0,ef01fe62076c448c0a74cc0b470d93bb2ae59c519d0a10b5228ec1da6b3dedc6,2025-04-29T13:52:47.470000
 CVE-2025-2505,0,0,1c5dbc559f463be147cb12740d372dacf2302c45c3ca19193c3edfdb65cecd96,2025-03-20T08:15:11.873000
@ -289860,7 +289860,7 @@ CVE-2025-28940,0,0,04135ac8d9c1245669acb25f77e12e09d3c1430ccba901da70a0adf514651
 CVE-2025-28941,0,0,d1dc35fbe2a033c04e261359b97e6eb5a7f518fa1842a2a100fc7c3dd1630b83,2025-03-11T21:15:52.030000
 CVE-2025-28942,0,0,13661206a69e4d0b8a31139510417b818a8d6f6daa40fe60ee4e3d972c089172,2025-03-27T16:45:27.850000
 CVE-2025-28943,0,0,f13533c6ec40779f6c4eb31c17c71b8bf7e67bb9305109da8899c164336e7b7c,2025-03-11T21:15:52.187000
-CVE-2025-2896,1,1,a8bb6f17daff9c47d5d2009e3ffe619a16cf43ba73b6afa3989255a467411a15,2025-06-01T12:15:25.483000
+CVE-2025-2896,0,0,a8bb6f17daff9c47d5d2009e3ffe619a16cf43ba73b6afa3989255a467411a15,2025-06-01T12:15:25.483000
 CVE-2025-2898,0,0,47f67442cb55ba411e4669d13ef4529f1239e4e6ba72061becfb6f7e592e31cd,2025-05-16T20:02:07.950000
 CVE-2025-2900,0,0,7fae831f047ecd7346a160d93b21af917548a04e8f5cc7bcbad0aaded0bb8d22,2025-05-16T14:43:56.797000
 CVE-2025-2901,0,0,7945b2fda0703ed54bbe3617c5290b84173e50497fd12854a07978736660a0d3,2025-03-28T18:11:40.180000
@ -292619,8 +292619,8 @@ CVE-2025-32996,0,0,66cdefdd4ac5ef2c3d78ef7b0a3a801233b441eea948b7804c8316fb0d163
 CVE-2025-32997,0,0,585b29f934052489f32ea07f36835b226451d0492c02f05a8ece6f7bdf5daba5,2025-04-15T18:39:27.967000
 CVE-2025-32999,0,0,021f92785fb481c58ddc71d38612ee5432057a074c3e9802f4824b4ea1fbbc84,2025-05-19T13:35:20.460000
 CVE-2025-3300,0,0,71838a45e38cfd4f9033706465f5d20314584bcf58aabb1bb7ca5cab40d52129,2025-04-29T13:52:47.470000
-CVE-2025-33004,1,1,464aa56c62110a9b2452f1e451860490871bf591e90b2c9fe69567076f3c38b1,2025-06-01T12:15:25.643000
-CVE-2025-33005,1,1,a737f463276ac7d8e5e9c32b18ccdeeb8b93b76b6d4ffb99b8e377641ee7e38d,2025-06-01T12:15:25.807000
+CVE-2025-33004,0,0,464aa56c62110a9b2452f1e451860490871bf591e90b2c9fe69567076f3c38b1,2025-06-01T12:15:25.643000
+CVE-2025-33005,0,0,a737f463276ac7d8e5e9c32b18ccdeeb8b93b76b6d4ffb99b8e377641ee7e38d,2025-06-01T12:15:25.807000
 CVE-2025-3301,0,0,b2cbbbf942710dc17dd30bf45e19011afe7becbc724cdeebd3bb45dd2691a5aa,2025-05-02T13:53:49.480000
 CVE-2025-33024,0,0,a929691d5533595a80202115459e86f84fc81996ba9c41d2a68880f3e6fcf59f,2025-05-13T19:35:18.080000
 CVE-2025-33025,0,0,4b295e88dd02f429bce7f4aed7e0b1b7ea585aae960bbc6de9d4364036c40d6c,2025-05-13T19:35:18.080000
@ -293863,6 +293863,7 @@ CVE-2025-4089,0,0,505a4df56497bc3e08f2e58439684c838786761a96bd4da3f2b0e37b4fa97e
 CVE-2025-4090,0,0,7f9eabb4ad6772523e0c5f0a270166b4617494fcbb3075e75cc2736a0fa15b02,2025-05-09T19:32:34.333000
 CVE-2025-40906,0,0,3bcd0a99f567a8c8c8c888444bf8652ce672ff26763dd9562ab4be9a1279c017,2025-05-19T13:35:50.497000
 CVE-2025-40907,0,0,02479ee238b9c2c4380d00bd9d3c9ee05adf00f8c7961fd6f9263c931d94c687,2025-05-16T16:15:41.590000
+CVE-2025-40908,1,1,c44cfeeef6d66b76589d2ba6197e0366b615837a8f47723010484949715bf8dd,2025-06-01T14:15:21.113000
 CVE-2025-40909,0,0,18728e90d02bd071d5442765be38f7f39285eeeb0496c2d4d452027e8589c68c,2025-05-31T01:15:20.217000
 CVE-2025-4091,0,0,798a4cccfe2006913bea941ae05240fec836c7335fe01bd824f887f2a82ba4a5,2025-05-09T19:32:09.470000
 CVE-2025-40911,0,0,fcf4deedf6cc79e67d521479df45c4b1f5ac81bf8605fcf0e3b318f0c121b089,2025-05-28T15:01:30.720000
@ -296128,4 +296129,5 @@ CVE-2025-5388,0,0,acfc4ce5b0bc5f8a875fd3b94595a46dbf4c269f67a9ffe9cef1a4ec24a635
 CVE-2025-5389,0,0,68044e5d3eafac14b5d7e70a6caaf6aae1f9189ac1ca75a8a2d835118d2e2300,2025-05-31T19:15:20.730000
 CVE-2025-5390,0,0,0f629e4c27390d24dda33cd6f2a84059798e0729af2f4b3390ee9b19adbf5b3c,2025-05-31T19:15:20.920000
 CVE-2025-5400,0,0,fe01393dd37daa6c23ecaf9e51bb54a4c056222d37464215e4f315a31a579145,2025-06-01T09:15:20.557000
-CVE-2025-5401,1,1,8433685660b004747f431385bfa82a6189c723295da55ac29b74b0b3bf48dbf9,2025-06-01T13:15:19.893000
+CVE-2025-5401,0,0,8433685660b004747f431385bfa82a6189c723295da55ac29b74b0b3bf48dbf9,2025-06-01T13:15:19.893000
+CVE-2025-5402,1,1,9694b334c23a68c74cc55de6d7283e4de098e350c54b310eb741600c94155b07,2025-06-01T14:15:21.250000