diff --git a/CVE-2025/CVE-2025-09xx/CVE-2025-0973.json b/CVE-2025/CVE-2025-09xx/CVE-2025-0973.json new file mode 100644 index 00000000000..22c27f5d1d6 --- /dev/null +++ b/CVE-2025/CVE-2025-09xx/CVE-2025-0973.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-0973", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-03T01:15:07.263", + "lastModified": "2025-02-03T01:15:07.263", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument select[] leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", + "baseScore": 5.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 4.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Sinon2003/cve/blob/main/CmsEasy/CmsEasy-V7.7.7.9%2020240105-Directory%20Traversal.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.294364", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.294364", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.487649", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-09xx/CVE-2025-0974.json b/CVE-2025/CVE-2025-09xx/CVE-2025-0974.json new file mode 100644 index 00000000000..7afc8b24af7 --- /dev/null +++ b/CVE-2025/CVE-2025-09xx/CVE-2025-0974.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-0974", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-02-03T02:15:26.433", + "lastModified": "2025-02-03T02:15:26.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.3, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", + "baseScore": 4.6, + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.9, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + }, + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://gist.github.com/mcdruid/f8153d7d535c0fcba920e83a64953d4e", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.294365", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.294365", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.489672", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 716f6dd81e8..a17801e4e7b 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-03T00:55:20.067797+00:00 +2025-02-03T03:00:30.983419+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-03T00:15:28.007000+00:00 +2025-02-03T02:15:26.433000+00:00 ``` ### Last Data Feed Release @@ -27,22 +27,21 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2025-02-02T01:00:04.370255+00:00 +2025-02-03T01:00:04.372638+00:00 ``` ### Total Number of included CVEs ```plain -279764 +279766 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2025-0970](CVE-2025/CVE-2025-09xx/CVE-2025-0970.json) (`2025-02-02T23:15:19.027`) -- [CVE-2025-0971](CVE-2025/CVE-2025-09xx/CVE-2025-0971.json) (`2025-02-03T00:15:27.797`) -- [CVE-2025-0972](CVE-2025/CVE-2025-09xx/CVE-2025-0972.json) (`2025-02-03T00:15:28.007`) +- [CVE-2025-0973](CVE-2025/CVE-2025-09xx/CVE-2025-0973.json) (`2025-02-03T01:15:07.263`) +- [CVE-2025-0974](CVE-2025/CVE-2025-09xx/CVE-2025-0974.json) (`2025-02-03T02:15:26.433`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index e6df0b10e90..86567d1f8b7 100644 --- a/_state.csv +++ b/_state.csv @@ -278263,9 +278263,11 @@ CVE-2025-0949,0,0,bbbcf0332f588cdfc0cbe42ff6f97aa1e222ce3fa7893528a5a23bbcb3b141 CVE-2025-0950,0,0,d0a581246e8da6f5efefddad90bec069aea6bc29a1173d1f9e38dd153c08b340,2025-02-01T20:15:26.167000 CVE-2025-0961,0,0,925e73a8118a7a9b74cfe92bf19a935d06f6e6e3cf88f955d57721397e83520d,2025-02-01T23:15:21.923000 CVE-2025-0967,0,0,728a9126726e0e350a5a8c892697ccdf6812a974486e289872836698a19ef853,2025-02-02T16:15:27.693000 -CVE-2025-0970,1,1,95e62525aebec3fbba9f5912053c211ecd537e958ef44f7053ff3a4aced6d2dd,2025-02-02T23:15:19.027000 -CVE-2025-0971,1,1,c8a3294328317f8d3453b7c51436c171e751d25251685937b4bd407805261ee7,2025-02-03T00:15:27.797000 -CVE-2025-0972,1,1,3993ac5cb544f96eddd4ea382f0cae390a0048486c03ea18bb36ab062e41c6ed,2025-02-03T00:15:28.007000 +CVE-2025-0970,0,0,95e62525aebec3fbba9f5912053c211ecd537e958ef44f7053ff3a4aced6d2dd,2025-02-02T23:15:19.027000 +CVE-2025-0971,0,0,c8a3294328317f8d3453b7c51436c171e751d25251685937b4bd407805261ee7,2025-02-03T00:15:27.797000 +CVE-2025-0972,0,0,3993ac5cb544f96eddd4ea382f0cae390a0048486c03ea18bb36ab062e41c6ed,2025-02-03T00:15:28.007000 +CVE-2025-0973,1,1,37f661449c5d41bc7d595495ef0c9ea92e0effb9bc1925009def0bc433286647,2025-02-03T01:15:07.263000 +CVE-2025-0974,1,1,8c546eff83dbe5240d979de322859dbce3e0f40803afa459c807306a06c0fe25,2025-02-03T02:15:26.433000 CVE-2025-20014,0,0,c7b03c8de0f1a02652afc1076707a5c9ed340500d3cc7fc3a1a2840db59d647f,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 CVE-2025-20033,0,0,6c60c85e451f1d6db70378d678ddf83dacc7c823ecfb493748ed6d94114eff49,2025-01-09T07:15:28.450000