diff --git a/CVE-2020/CVE-2020-277xx/CVE-2020-27792.json b/CVE-2020/CVE-2020-277xx/CVE-2020-27792.json index 901b5df76e5..e8b9be2a1ea 100644 --- a/CVE-2020/CVE-2020-277xx/CVE-2020-27792.json +++ b/CVE-2020/CVE-2020-277xx/CVE-2020-27792.json @@ -2,7 +2,7 @@ "id": "CVE-2020-27792", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-19T23:15:08.303", - "lastModified": "2024-11-21T05:21:50.460", + "lastModified": "2025-04-30T10:15:15.363", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -115,6 +115,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2025:4362", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2020-27792", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27567.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27567.json index dbff684ce68..12b32c78568 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27567.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27567.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27567", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-01T14:15:54.143", - "lastModified": "2024-11-21T09:04:45.313", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-30T11:24:35.913", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,49 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:libtor:lbt-t300-t390_firmware:2.2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "7DDF9A6F-EDBF-4792-A405-6B25535A956E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:libtor:lbt-t300-t390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C1C1053-CBC9-4FD8-BBB5-47E9D63CFACD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/config_vpn_pptp.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/config_vpn_pptp.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27568.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27568.json index 58bf0795892..68e9ebe8d70 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27568.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27568.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27568", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-01T14:15:54.180", - "lastModified": "2024-11-21T09:04:45.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-30T11:25:24.113", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,49 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:libtor:lbt-t300-t390_firmware:2.2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "7DDF9A6F-EDBF-4792-A405-6B25535A956E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:libtor:lbt-t300-t390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C1C1053-CBC9-4FD8-BBB5-47E9D63CFACD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/setupEC20Apn.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/setupEC20Apn.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27569.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27569.json index d0d84764a53..ac35416b540 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27569.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27569.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27569", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-01T14:15:54.213", - "lastModified": "2024-11-21T09:04:45.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-30T11:25:47.437", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:libtor:lbt-t300-t390_firmware:2.2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "7DDF9A6F-EDBF-4792-A405-6B25535A956E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:libtor:lbt-t300-t390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C1C1053-CBC9-4FD8-BBB5-47E9D63CFACD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/init_nvram.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/init_nvram.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27571.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27571.json index e36cf0be971..3a36e6fa4c7 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27571.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27571.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27571", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-01T14:15:54.280", - "lastModified": "2024-11-21T09:04:46.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-30T11:26:03.620", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:libtor:lbt-t300-t390_firmware:2.2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "7DDF9A6F-EDBF-4792-A405-6B25535A956E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:libtor:lbt-t300-t390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C1C1053-CBC9-4FD8-BBB5-47E9D63CFACD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/makeCurRemoteApList.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/makeCurRemoteApList.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27572.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27572.json index d6d73077f53..a9a63f44f58 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27572.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27572.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27572", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-01T14:15:54.313", - "lastModified": "2024-11-21T09:04:46.270", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-30T11:26:49.620", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:libtor:lbt-t300-t390_firmware:2.2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "7DDF9A6F-EDBF-4792-A405-6B25535A956E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:libtor:lbt-t300-t390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C1C1053-CBC9-4FD8-BBB5-47E9D63CFACD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/updateCurAPlist.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/updateCurAPlist.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24338.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24338.json new file mode 100644 index 00000000000..9db0fecc80c --- /dev/null +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24338.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24338", + "sourceIdentifier": "psirt@bosch.com", + "published": "2025-04-30T11:15:48.150", + "lastModified": "2025-04-30T11:15:48.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the \u201cManages app data\u201d functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", + "source": "psirt@bosch.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24339.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24339.json new file mode 100644 index 00000000000..2aba9014e7b --- /dev/null +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24339.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24339", + "sourceIdentifier": "psirt@bosch.com", + "published": "2025-04-30T11:15:49.623", + "lastModified": "2025-04-30T11:15:49.623", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-644" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", + "source": "psirt@bosch.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24340.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24340.json new file mode 100644 index 00000000000..22b8c3df9c0 --- /dev/null +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24340.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24340", + "sourceIdentifier": "psirt@bosch.com", + "published": "2025-04-30T11:15:49.797", + "lastModified": "2025-04-30T11:15:49.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-916" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", + "source": "psirt@bosch.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4108.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4108.json new file mode 100644 index 00000000000..821f17cdf38 --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4108.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4108", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-30T10:15:18.407", + "lastModified": "2025-04-30T10:15:18.407", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The manipulation of the argument sub1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/bleakTS/myCVE/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306588", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306588", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.560697", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4109.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4109.json new file mode 100644 index 00000000000..2f4816203fb --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4109.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4109", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-30T10:15:18.813", + "lastModified": "2025-04-30T10:15:18.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-subadmin.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Iandweb/CVE/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306589", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306589", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.560700", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4110.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4110.json new file mode 100644 index 00000000000..6a03178e2b4 --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4110.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4110", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-30T11:15:49.983", + "lastModified": "2025-04-30T11:15:49.983", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-teacher.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Iandweb/CVE/issues/4", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306590", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306590", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.560703", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4111.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4111.json new file mode 100644 index 00000000000..fbacd46ede4 --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4111.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4111", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-30T11:15:50.283", + "lastModified": "2025-04-30T11:15:50.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/visitor-details.php. The manipulation of the argument Status leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Iandweb/CVE/issues/5", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306591", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306591", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.560706", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4112.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4112.json new file mode 100644 index 00000000000..1bfaac91202 --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4112.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4112", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-30T11:15:50.500", + "lastModified": "2025-04-30T11:15:50.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Student Record System 3.20. It has been declared as critical. This vulnerability affects unknown code of the file /add-course.php. The manipulation of the argument course-short leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/bleakTS/myCVE/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306592", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306592", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.560701", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4113.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4113.json new file mode 100644 index 00000000000..b9750cdb3a2 --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4113.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4113", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-30T11:15:50.760", + "lastModified": "2025-04-30T11:15:50.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit-pass-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yhy7612/cve-01/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306593", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306593", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.560738", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 99a7af9298f..28fa1045c2c 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-30T10:00:20.773000+00:00 +2025-04-30T12:00:24.000346+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-30T09:15:17.523000+00:00 +2025-04-30T11:26:49.620000+00:00 ``` ### Last Data Feed Release @@ -33,26 +33,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -291757 +291766 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `9` -- [CVE-2025-22882](CVE-2025/CVE-2025-228xx/CVE-2025-22882.json) (`2025-04-30T08:15:31.360`) -- [CVE-2025-22883](CVE-2025/CVE-2025-228xx/CVE-2025-22883.json) (`2025-04-30T08:15:31.600`) -- [CVE-2025-22884](CVE-2025/CVE-2025-228xx/CVE-2025-22884.json) (`2025-04-30T08:15:31.760`) -- [CVE-2025-2890](CVE-2025/CVE-2025-28xx/CVE-2025-2890.json) (`2025-04-30T09:15:14.503`) -- [CVE-2025-4124](CVE-2025/CVE-2025-41xx/CVE-2025-4124.json) (`2025-04-30T09:15:17.300`) -- [CVE-2025-4125](CVE-2025/CVE-2025-41xx/CVE-2025-4125.json) (`2025-04-30T09:15:17.523`) +- [CVE-2025-24338](CVE-2025/CVE-2025-243xx/CVE-2025-24338.json) (`2025-04-30T11:15:48.150`) +- [CVE-2025-24339](CVE-2025/CVE-2025-243xx/CVE-2025-24339.json) (`2025-04-30T11:15:49.623`) +- [CVE-2025-24340](CVE-2025/CVE-2025-243xx/CVE-2025-24340.json) (`2025-04-30T11:15:49.797`) +- [CVE-2025-4108](CVE-2025/CVE-2025-41xx/CVE-2025-4108.json) (`2025-04-30T10:15:18.407`) +- [CVE-2025-4109](CVE-2025/CVE-2025-41xx/CVE-2025-4109.json) (`2025-04-30T10:15:18.813`) +- [CVE-2025-4110](CVE-2025/CVE-2025-41xx/CVE-2025-4110.json) (`2025-04-30T11:15:49.983`) +- [CVE-2025-4111](CVE-2025/CVE-2025-41xx/CVE-2025-4111.json) (`2025-04-30T11:15:50.283`) +- [CVE-2025-4112](CVE-2025/CVE-2025-41xx/CVE-2025-4112.json) (`2025-04-30T11:15:50.500`) +- [CVE-2025-4113](CVE-2025/CVE-2025-41xx/CVE-2025-4113.json) (`2025-04-30T11:15:50.760`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `6` -- [CVE-2025-3953](CVE-2025/CVE-2025-39xx/CVE-2025-3953.json) (`2025-04-30T06:15:53.300`) +- [CVE-2020-27792](CVE-2020/CVE-2020-277xx/CVE-2020-27792.json) (`2025-04-30T10:15:15.363`) +- [CVE-2024-27567](CVE-2024/CVE-2024-275xx/CVE-2024-27567.json) (`2025-04-30T11:24:35.913`) +- [CVE-2024-27568](CVE-2024/CVE-2024-275xx/CVE-2024-27568.json) (`2025-04-30T11:25:24.113`) +- [CVE-2024-27569](CVE-2024/CVE-2024-275xx/CVE-2024-27569.json) (`2025-04-30T11:25:47.437`) +- [CVE-2024-27571](CVE-2024/CVE-2024-275xx/CVE-2024-27571.json) (`2025-04-30T11:26:03.620`) +- [CVE-2024-27572](CVE-2024/CVE-2024-275xx/CVE-2024-27572.json) (`2025-04-30T11:26:49.620`) ## Download and Usage diff --git a/_state.csv b/_state.csv index df8cb6a2fc5..81c9def011d 100644 --- a/_state.csv +++ b/_state.csv @@ -156645,7 +156645,7 @@ CVE-2020-27789,0,0,b3222c3c02699b580895e7172ebafc73b737a78052c9b1d7d86d99b0e1c0c CVE-2020-2779,0,0,b546cdc21687409569d1539faaab8179ac026868e05268399c4a7381bea6b326,2024-11-21T05:26:14.967000 CVE-2020-27790,0,0,e2ba23c1880812cb44323bec3dedaa842c5eb4e6c0e4d691cf11e7f572c85aeb,2025-04-11T12:27:55.013000 CVE-2020-27791,0,0,bd58b5a63fb12f23763b7a92ad2bfd8f2392941dd2a626792c7548135e9e365d,2023-11-07T03:21:01.037000 -CVE-2020-27792,0,0,1782477228c7b6d0cbf1779152866b857817daa6a59c44a084f20be8bcfd4deb,2024-11-21T05:21:50.460000 +CVE-2020-27792,0,1,a0d3ac6e03c27749af9104f88874bff88cd4d1e56b0e01c387136cab45e0c38d,2025-04-30T10:15:15.363000 CVE-2020-27793,0,0,e4b8108131c7eae79f8ef1ed36b42a40d0e0321ad5a607ce3ebd72c17bd69d63,2024-11-21T05:21:50.600000 CVE-2020-27794,0,0,e4205ad077184110f8b3b0bbebf84f46a006c33feb38f0ae4a8074048f46fc58,2024-11-21T05:21:50.713000 CVE-2020-27795,0,0,5d7d09a109d60815049e72fd6d58e57ade47f013cb01bd7f35726f79967bc78c,2024-11-21T05:21:50.820000 @@ -255103,13 +255103,13 @@ CVE-2024-27561,0,0,fc16f92d17651bc7c1c4e9050d562b06f5135d4a3f335b425cd240bae1399 CVE-2024-27563,0,0,5533c243cccd53d02317f51d488d5c114a766a4a03a83659e29f733a18ae8237,2025-01-21T15:08:45.213000 CVE-2024-27564,0,0,e91219478d8b2c2aff51f0a7bd341b7f0fb0cc52077d3e34e633b49f9d664e20,2025-03-20T15:15:41.543000 CVE-2024-27565,0,0,a3b38ad3cbec062b28bbaa8b020ffb17a64d4ab23e3a1af71e103df51fce5c55,2025-01-21T15:11:29.370000 -CVE-2024-27567,0,0,1cabb61feb31ce9256b51a36fe51ecd8a3fe0d13c184bf0c394563554cdc6fb6,2024-11-21T09:04:45.313000 -CVE-2024-27568,0,0,f60461d2234dac0a41c0e3ac1d3945e36e4cc38ca6bc0749c4b7d5949db225b3,2024-11-21T09:04:45.523000 -CVE-2024-27569,0,0,4cedce0d2d8555105b481b4a2b248a6ef9a0fbb7e692408cafbcc2b19a493a18,2024-11-21T09:04:45.727000 +CVE-2024-27567,0,1,657d583e4bf717cbd446c99d9464cf362560078109f21bcf791ee78fc86cd7d8,2025-04-30T11:24:35.913000 +CVE-2024-27568,0,1,63eaff0d823d4aa90bd90229f4b7910e21410a2b51ca2379a4f3a541dfc25fb9,2025-04-30T11:25:24.113000 +CVE-2024-27569,0,1,fdaf19b4684f0f321f2de3c1f992482f70a557e984ccc2a3178e60f53059d59a,2025-04-30T11:25:47.437000 CVE-2024-2757,0,0,b6a58696e8d78b44d11f214bd59212dee93b29323cf80730dfa63c3675a6e16c,2025-02-13T18:17:57.187000 CVE-2024-27570,0,0,c44a55b067208addadad955f2c5db94e9753aa69ffa8333feeae68fe65e998fc,2025-03-14T01:15:38.783000 -CVE-2024-27571,0,0,c503204113538f77292ea19433990d5a2f981efcf24550bcb77c7fda84580dd2,2024-11-21T09:04:46.057000 -CVE-2024-27572,0,0,edeadca2e30c63ec3bf09920d1967999a9dbf7af68af6e2986a8e0b3d8d65232,2024-11-21T09:04:46.270000 +CVE-2024-27571,0,1,39e1e124c341cd4168ecf30639dd3480a51a059e81cfe3db5f24cbe80da90c31,2025-04-30T11:26:03.620000 +CVE-2024-27572,0,1,3a11639b43d227027e00f6fc3f89aff940a03f6cf64d2cfc8ceb3a3dd996a32c,2025-04-30T11:26:49.620000 CVE-2024-27574,0,0,1ed2792d66dba95eaf1291cd1f79efcac416f4905846dac9ed130d5eee0c5e62,2024-11-21T09:04:46.483000 CVE-2024-27575,0,0,c6c51e5ffbe8a47b581795b30fd037904da94b8aa82eb6eefa43d6fc895baf4f,2024-11-21T09:04:46.687000 CVE-2024-2758,0,0,3750812ffd0bc2f74afa8a930d62773b666d568dbe350389af15f011876a0c16,2024-11-21T09:10:26.913000 @@ -284728,9 +284728,9 @@ CVE-2025-22872,0,0,fa27a6fa31bcce451e23efd11332fdb5763aa6868809f671a46220dab8775 CVE-2025-2288,0,0,ea5cf9eb4e5e7d5beb8e92f7104073ba5d1adc8fc07f8a97145fc23482c0367a,2025-04-08T18:13:53.347000 CVE-2025-22880,0,0,755860b5cb6bfe06dab2e3046cf933164388a1927143f657d932a4500aa42249,2025-02-07T08:15:28.737000 CVE-2025-22881,0,0,bac764bb844fd45fc50560c993c0edd1d8ed2c5159276215579d0cda943f98d6,2025-02-26T08:14:25.137000 -CVE-2025-22882,1,1,df4e35b33a245855d8002ed33b704483737eb25dd3aaf994dd914dd7bed46370,2025-04-30T08:15:31.360000 -CVE-2025-22883,1,1,eabaa8834694154d2a8c6e4eb7d03f27ed00d4883c398bbd94fca0ff89dd7d47,2025-04-30T08:15:31.600000 -CVE-2025-22884,1,1,dba3f2a28d43c092853364c75280be9666ef4a2c45f26ee5a94215f7c1fee1ab,2025-04-30T08:15:31.760000 +CVE-2025-22882,0,0,df4e35b33a245855d8002ed33b704483737eb25dd3aaf994dd914dd7bed46370,2025-04-30T08:15:31.360000 +CVE-2025-22883,0,0,eabaa8834694154d2a8c6e4eb7d03f27ed00d4883c398bbd94fca0ff89dd7d47,2025-04-30T08:15:31.600000 +CVE-2025-22884,0,0,dba3f2a28d43c092853364c75280be9666ef4a2c45f26ee5a94215f7c1fee1ab,2025-04-30T08:15:31.760000 CVE-2025-22888,0,0,8715446d28ee196d4b5c9f7b0ea6743f100a7fae140bfca4a55cb2369c02c83f,2025-02-19T06:15:21.687000 CVE-2025-2289,0,0,46f397d6716276fb1c9c11c65e09dcb422ca6f1cf70d54651264c5bcb9bbbcb4,2025-03-21T15:03:12.617000 CVE-2025-22890,0,0,8dd6ffe45f0151dcb8b41a48dac74b1e668a5294c2f1614982860358b9b03cd6,2025-02-06T07:15:17.113000 @@ -285884,6 +285884,9 @@ CVE-2025-24320,0,0,22204bebd126ec0b8efa20c54300c5d2c2817352b294d53c5a23f29d2ef87 CVE-2025-24326,0,0,dd13af4709b7b17ac448c947eb2606b60fddc8b7e04055280df591b39ac70dcf,2025-02-05T18:15:35.420000 CVE-2025-24336,0,0,0c1fb43f965e1337be57c1e176a52234211acbdc43cd0f3b53a81b279dc7a08b,2025-01-31T00:15:20.607000 CVE-2025-24337,0,0,909a943b00c8b637d3fed5ce70273699981b2448e37e3c32ed1614924942542d,2025-01-20T14:15:27.130000 +CVE-2025-24338,1,1,297260a5316cce01dbb804bde426952e0fbed76f4139198ad513a9fc04da5620,2025-04-30T11:15:48.150000 +CVE-2025-24339,1,1,7d29129baa469ae986fd5fe11e38eaebe81149342a7d9beb238fac29e6b9cdc0,2025-04-30T11:15:49.623000 +CVE-2025-24340,1,1,9310ef395b544b7f75fbdcd4fbd2522e545d2f95ea0d4c0b36bfab15e8e36f39,2025-04-30T11:15:49.797000 CVE-2025-24353,0,0,73a00e82e652255c53e1c9aa441604ca19c4f6e89dc8a22b2403655764d58be1,2025-01-23T18:15:33.990000 CVE-2025-24354,0,0,33e96f6ab404cf45f0a4405c77520b82358348aceacdc778687814571e590be5,2025-01-27T18:15:41.197000 CVE-2025-24355,0,0,2b68b163db748dec99ff55b2d4d371492d44a4482a7f15b8973aa6b3a0f994c5,2025-01-24T17:15:16.047000 @@ -288328,7 +288331,7 @@ CVE-2025-28896,0,0,6e6a2fa3cde195ce87392bd7667516c083ecc1dc25f056878eda15e50fea7 CVE-2025-28897,0,0,b9be4fc485f3486e720bfb05c055043e37c0d9f5d96c1d8a54257acf1fac99df,2025-03-11T21:15:47.163000 CVE-2025-28898,0,0,1fa2da02c3d09462dce154b0e448bf579b956438cdcaba50392a81533eeb8b5b,2025-03-27T16:45:27.850000 CVE-2025-28899,0,0,4bf0dd6493ddb418b803121ef81c721db73f7fb1f81b8bf520a2fef08133e144,2025-03-27T16:45:27.850000 -CVE-2025-2890,1,1,4546ae37c74aa8b236e59ab7216bbbe7ee2e0bbe83ba78ab92b311ef8aedbac6,2025-04-30T09:15:14.503000 +CVE-2025-2890,0,0,4546ae37c74aa8b236e59ab7216bbbe7ee2e0bbe83ba78ab92b311ef8aedbac6,2025-04-30T09:15:14.503000 CVE-2025-28900,0,0,fed3bb83935a97bb6bcbaae18b7594a3620ff5c19cbcf2c9eb481741eb05f045,2025-03-11T21:15:47.313000 CVE-2025-28901,0,0,51ce41c5f42dd489e9c4b813887e6ff8e81a44c31a938903e1d90133cd1b5c03,2025-03-11T21:15:47.470000 CVE-2025-28902,0,0,fc2faabc0e3a80f192c6819497732bc38ae75103642686e8bdb9fd66a48e4b48,2025-03-11T21:15:47.627000 @@ -291260,7 +291263,7 @@ CVE-2025-39526,0,0,e48eefb58efeec413382bf0a150c6063a3820bdf98f98c55351275c777655 CVE-2025-39527,0,0,3284145183922bc0e58f1a51fb33927acbe4c2798946bac3fed9855491e320fa,2025-04-17T20:21:05.203000 CVE-2025-39528,0,0,b664d763e51683b756b32fed17f8ce933e99d37fef048895d1a00e8da105b797,2025-04-16T13:25:37.340000 CVE-2025-39529,0,0,bcf34c2d62331729e70811811e71dcf889d640ae1b171cefed763836fbc33e68,2025-04-16T13:25:37.340000 -CVE-2025-3953,0,1,e520f2d8cc53e58d31fbdc99cf7409be960dec4377d02716bb6979f3b1aa6819,2025-04-30T06:15:53.300000 +CVE-2025-3953,0,0,e520f2d8cc53e58d31fbdc99cf7409be960dec4377d02716bb6979f3b1aa6819,2025-04-30T06:15:53.300000 CVE-2025-39530,0,0,04cd4efd0982bc2e3b3a3fdf151be77700254449378583fee75d72392e767a80,2025-04-16T13:25:37.340000 CVE-2025-39531,0,0,ff1b3efe015a3987f44dddec7757fb08524f162b253adf68dd482dc34a954500,2025-04-16T13:25:37.340000 CVE-2025-39532,0,0,c6a1aa250e41f609065af7ae7d78ed7ce37833beb178fb16dc9d01c8b07d0228,2025-04-17T20:21:05.203000 @@ -291462,8 +291465,14 @@ CVE-2025-4091,0,0,be76f80720d6507adedb56244fc15d9bfa10d0652d1ed50301d66beeacf973 CVE-2025-4092,0,0,200d711ebe2e15156ad0230ced68f0f5a246d532b5d02cde90c654c8fdd064ec,2025-04-29T16:15:39.707000 CVE-2025-4093,0,0,d891b279ce00073f17d8f58a8ebf719e451cb06357235d1b137c7bf6521fbbb1,2025-04-29T16:15:39.850000 CVE-2025-4095,0,0,f2539477bf5eaf9485d044b6cf6e79bb8583734ab1b2d0e4b42ac3598cab5848,2025-04-29T18:15:46.180000 -CVE-2025-4124,1,1,5de9fad0aff01bcc9b08950740facb2df74f7717b7ae5c11db77f58373920085,2025-04-30T09:15:17.300000 -CVE-2025-4125,1,1,16c5f2432c5bb3ea366fa409fa144ceffae152b47513b47039009d6c13254fc7,2025-04-30T09:15:17.523000 +CVE-2025-4108,1,1,9bfd6d1ad4fcc03f836aae2b64adaf887b9300aa371e576f132f375b19a71239,2025-04-30T10:15:18.407000 +CVE-2025-4109,1,1,dc55813f8b4d8971c2db3d8e03f9b60d13669f4e540622a7a0de82c2044c0fb3,2025-04-30T10:15:18.813000 +CVE-2025-4110,1,1,196e64505e5460ba2420017a2a68042ee5b550e797cc65f00f251cf067b66bb8,2025-04-30T11:15:49.983000 +CVE-2025-4111,1,1,f0b05f0d6da948ca73a43bc559b2f71a2a5f78e63f1cdc9e72297ca6f5d78aca,2025-04-30T11:15:50.283000 +CVE-2025-4112,1,1,f41dfb5d617f985da38472fed0d63571d8946e35ce49689d95db2f21d2a12acd,2025-04-30T11:15:50.500000 +CVE-2025-4113,1,1,e4e796ce680a15d0f27b4a9e929f8e824962cee8d2a67533fc94ca512ace1d62,2025-04-30T11:15:50.760000 +CVE-2025-4124,0,0,5de9fad0aff01bcc9b08950740facb2df74f7717b7ae5c11db77f58373920085,2025-04-30T09:15:17.300000 +CVE-2025-4125,0,0,16c5f2432c5bb3ea366fa409fa144ceffae152b47513b47039009d6c13254fc7,2025-04-30T09:15:17.523000 CVE-2025-41395,0,0,65b9e3526569f587eb1cd97410ac7325e217f46717fe2bbf0abfe0a9511ead3c,2025-04-29T13:52:47.470000 CVE-2025-41423,0,0,3ae1e637900a2dfc5b6bacaa494e26a0b5d8e1e48accef6073153be61f7a9347,2025-04-29T13:52:47.470000 CVE-2025-42598,0,0,4c400d87dc34a2b74819c41bbdd48bd1c3da0af3c35841d82c2177d30b1cb5f5,2025-04-29T13:52:10.697000