From 21f5dd13923d4d56e9316026cfcf0b29afc7e713 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 30 Apr 2025 12:04:06 +0000 Subject: [PATCH] Auto-Update: 2025-04-30T12:00:24.000346+00:00 --- CVE-2020/CVE-2020-277xx/CVE-2020-27792.json | 6 +- CVE-2024/CVE-2024-275xx/CVE-2024-27567.json | 43 +++++- CVE-2024/CVE-2024-275xx/CVE-2024-27568.json | 43 +++++- CVE-2024/CVE-2024-275xx/CVE-2024-27569.json | 45 +++++- CVE-2024/CVE-2024-275xx/CVE-2024-27571.json | 45 +++++- CVE-2024/CVE-2024-275xx/CVE-2024-27572.json | 45 +++++- CVE-2025/CVE-2025-243xx/CVE-2025-24338.json | 56 ++++++++ CVE-2025/CVE-2025-243xx/CVE-2025-24339.json | 56 ++++++++ CVE-2025/CVE-2025-243xx/CVE-2025-24340.json | 56 ++++++++ CVE-2025/CVE-2025-41xx/CVE-2025-4108.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-41xx/CVE-2025-4109.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-41xx/CVE-2025-4110.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-41xx/CVE-2025-4111.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-41xx/CVE-2025-4112.json | 145 ++++++++++++++++++++ CVE-2025/CVE-2025-41xx/CVE-2025-4113.json | 145 ++++++++++++++++++++ README.md | 32 +++-- _state.csv | 35 +++-- 17 files changed, 1286 insertions(+), 46 deletions(-) create mode 100644 CVE-2025/CVE-2025-243xx/CVE-2025-24338.json create mode 100644 CVE-2025/CVE-2025-243xx/CVE-2025-24339.json create mode 100644 CVE-2025/CVE-2025-243xx/CVE-2025-24340.json create mode 100644 CVE-2025/CVE-2025-41xx/CVE-2025-4108.json create mode 100644 CVE-2025/CVE-2025-41xx/CVE-2025-4109.json create mode 100644 CVE-2025/CVE-2025-41xx/CVE-2025-4110.json create mode 100644 CVE-2025/CVE-2025-41xx/CVE-2025-4111.json create mode 100644 CVE-2025/CVE-2025-41xx/CVE-2025-4112.json create mode 100644 CVE-2025/CVE-2025-41xx/CVE-2025-4113.json diff --git a/CVE-2020/CVE-2020-277xx/CVE-2020-27792.json b/CVE-2020/CVE-2020-277xx/CVE-2020-27792.json index 901b5df76e5..e8b9be2a1ea 100644 --- a/CVE-2020/CVE-2020-277xx/CVE-2020-27792.json +++ b/CVE-2020/CVE-2020-277xx/CVE-2020-27792.json @@ -2,7 +2,7 @@ "id": "CVE-2020-27792", "sourceIdentifier": "secalert@redhat.com", "published": "2022-08-19T23:15:08.303", - "lastModified": "2024-11-21T05:21:50.460", + "lastModified": "2025-04-30T10:15:15.363", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -115,6 +115,10 @@ } ], "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2025:4362", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2020-27792", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27567.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27567.json index dbff684ce68..12b32c78568 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27567.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27567.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27567", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-01T14:15:54.143", - "lastModified": "2024-11-21T09:04:45.313", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-30T11:24:35.913", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,49 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:libtor:lbt-t300-t390_firmware:2.2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "7DDF9A6F-EDBF-4792-A405-6B25535A956E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:libtor:lbt-t300-t390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C1C1053-CBC9-4FD8-BBB5-47E9D63CFACD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/config_vpn_pptp.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/config_vpn_pptp.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27568.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27568.json index 58bf0795892..68e9ebe8d70 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27568.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27568.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27568", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-01T14:15:54.180", - "lastModified": "2024-11-21T09:04:45.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-30T11:25:24.113", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,49 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:libtor:lbt-t300-t390_firmware:2.2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "7DDF9A6F-EDBF-4792-A405-6B25535A956E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:libtor:lbt-t300-t390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C1C1053-CBC9-4FD8-BBB5-47E9D63CFACD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/setupEC20Apn.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/setupEC20Apn.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27569.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27569.json index d0d84764a53..ac35416b540 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27569.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27569.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27569", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-01T14:15:54.213", - "lastModified": "2024-11-21T09:04:45.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-30T11:25:47.437", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:libtor:lbt-t300-t390_firmware:2.2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "7DDF9A6F-EDBF-4792-A405-6B25535A956E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:libtor:lbt-t300-t390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C1C1053-CBC9-4FD8-BBB5-47E9D63CFACD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/init_nvram.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/init_nvram.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27571.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27571.json index e36cf0be971..3a36e6fa4c7 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27571.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27571.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27571", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-01T14:15:54.280", - "lastModified": "2024-11-21T09:04:46.057", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-30T11:26:03.620", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:libtor:lbt-t300-t390_firmware:2.2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "7DDF9A6F-EDBF-4792-A405-6B25535A956E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:libtor:lbt-t300-t390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C1C1053-CBC9-4FD8-BBB5-47E9D63CFACD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/makeCurRemoteApList.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/makeCurRemoteApList.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27572.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27572.json index d6d73077f53..a9a63f44f58 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27572.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27572.json @@ -2,8 +2,8 @@ "id": "CVE-2024-27572", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-01T14:15:54.313", - "lastModified": "2024-11-21T09:04:46.270", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-04-30T11:26:49.620", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,51 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:libtor:lbt-t300-t390_firmware:2.2.1.8:*:*:*:*:*:*:*", + "matchCriteriaId": "7DDF9A6F-EDBF-4792-A405-6B25535A956E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:libtor:lbt-t300-t390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C1C1053-CBC9-4FD8-BBB5-47E9D63CFACD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/updateCurAPlist.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/updateCurAPlist.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24338.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24338.json new file mode 100644 index 00000000000..9db0fecc80c --- /dev/null +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24338.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24338", + "sourceIdentifier": "psirt@bosch.com", + "published": "2025-04-30T11:15:48.150", + "lastModified": "2025-04-30T11:15:48.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the \u201cManages app data\u201d functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to execute arbitrary client-side code in the context of another user's browser via multiple crafted HTTP requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", + "source": "psirt@bosch.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24339.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24339.json new file mode 100644 index 00000000000..2aba9014e7b --- /dev/null +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24339.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24339", + "sourceIdentifier": "psirt@bosch.com", + "published": "2025-04-30T11:15:49.623", + "lastModified": "2025-04-30T11:15:49.623", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-644" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", + "source": "psirt@bosch.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-243xx/CVE-2025-24340.json b/CVE-2025/CVE-2025-243xx/CVE-2025-24340.json new file mode 100644 index 00000000000..22b8c3df9c0 --- /dev/null +++ b/CVE-2025/CVE-2025-243xx/CVE-2025-24340.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-24340", + "sourceIdentifier": "psirt@bosch.com", + "published": "2025-04-30T11:15:49.797", + "lastModified": "2025-04-30T11:15:49.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@bosch.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-916" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-640452.html", + "source": "psirt@bosch.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4108.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4108.json new file mode 100644 index 00000000000..821f17cdf38 --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4108.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4108", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-30T10:15:18.407", + "lastModified": "2025-04-30T10:15:18.407", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /add-subject.php. The manipulation of the argument sub1 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/bleakTS/myCVE/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306588", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306588", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.560697", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4109.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4109.json new file mode 100644 index 00000000000..2f4816203fb --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4109.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4109", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-30T10:15:18.813", + "lastModified": "2025-04-30T10:15:18.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-subadmin.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Iandweb/CVE/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306589", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306589", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.560700", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4110.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4110.json new file mode 100644 index 00000000000..6a03178e2b4 --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4110.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4110", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-30T11:15:49.983", + "lastModified": "2025-04-30T11:15:49.983", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-teacher.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Iandweb/CVE/issues/4", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306590", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306590", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.560703", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4111.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4111.json new file mode 100644 index 00000000000..fbacd46ede4 --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4111.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4111", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-30T11:15:50.283", + "lastModified": "2025-04-30T11:15:50.283", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/visitor-details.php. The manipulation of the argument Status leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Iandweb/CVE/issues/5", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306591", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306591", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.560706", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4112.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4112.json new file mode 100644 index 00000000000..1bfaac91202 --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4112.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4112", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-30T11:15:50.500", + "lastModified": "2025-04-30T11:15:50.500", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Student Record System 3.20. It has been declared as critical. This vulnerability affects unknown code of the file /add-course.php. The manipulation of the argument course-short leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/bleakTS/myCVE/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306592", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306592", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.560701", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-41xx/CVE-2025-4113.json b/CVE-2025/CVE-2025-41xx/CVE-2025-4113.json new file mode 100644 index 00000000000..b9750cdb3a2 --- /dev/null +++ b/CVE-2025/CVE-2025-41xx/CVE-2025-4113.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-4113", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-30T11:15:50.760", + "lastModified": "2025-04-30T11:15:50.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit-pass-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yhy7612/cve-01/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.306593", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.306593", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.560738", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 99a7af9298f..28fa1045c2c 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-30T10:00:20.773000+00:00 +2025-04-30T12:00:24.000346+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-30T09:15:17.523000+00:00 +2025-04-30T11:26:49.620000+00:00 ``` ### Last Data Feed Release @@ -33,26 +33,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -291757 +291766 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `9` -- [CVE-2025-22882](CVE-2025/CVE-2025-228xx/CVE-2025-22882.json) (`2025-04-30T08:15:31.360`) -- [CVE-2025-22883](CVE-2025/CVE-2025-228xx/CVE-2025-22883.json) (`2025-04-30T08:15:31.600`) -- [CVE-2025-22884](CVE-2025/CVE-2025-228xx/CVE-2025-22884.json) (`2025-04-30T08:15:31.760`) -- [CVE-2025-2890](CVE-2025/CVE-2025-28xx/CVE-2025-2890.json) (`2025-04-30T09:15:14.503`) -- [CVE-2025-4124](CVE-2025/CVE-2025-41xx/CVE-2025-4124.json) (`2025-04-30T09:15:17.300`) -- [CVE-2025-4125](CVE-2025/CVE-2025-41xx/CVE-2025-4125.json) (`2025-04-30T09:15:17.523`) +- [CVE-2025-24338](CVE-2025/CVE-2025-243xx/CVE-2025-24338.json) (`2025-04-30T11:15:48.150`) +- [CVE-2025-24339](CVE-2025/CVE-2025-243xx/CVE-2025-24339.json) (`2025-04-30T11:15:49.623`) +- [CVE-2025-24340](CVE-2025/CVE-2025-243xx/CVE-2025-24340.json) (`2025-04-30T11:15:49.797`) +- [CVE-2025-4108](CVE-2025/CVE-2025-41xx/CVE-2025-4108.json) (`2025-04-30T10:15:18.407`) +- [CVE-2025-4109](CVE-2025/CVE-2025-41xx/CVE-2025-4109.json) (`2025-04-30T10:15:18.813`) +- [CVE-2025-4110](CVE-2025/CVE-2025-41xx/CVE-2025-4110.json) (`2025-04-30T11:15:49.983`) +- [CVE-2025-4111](CVE-2025/CVE-2025-41xx/CVE-2025-4111.json) (`2025-04-30T11:15:50.283`) +- [CVE-2025-4112](CVE-2025/CVE-2025-41xx/CVE-2025-4112.json) (`2025-04-30T11:15:50.500`) +- [CVE-2025-4113](CVE-2025/CVE-2025-41xx/CVE-2025-4113.json) (`2025-04-30T11:15:50.760`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `6` -- [CVE-2025-3953](CVE-2025/CVE-2025-39xx/CVE-2025-3953.json) (`2025-04-30T06:15:53.300`) +- [CVE-2020-27792](CVE-2020/CVE-2020-277xx/CVE-2020-27792.json) (`2025-04-30T10:15:15.363`) +- [CVE-2024-27567](CVE-2024/CVE-2024-275xx/CVE-2024-27567.json) (`2025-04-30T11:24:35.913`) +- [CVE-2024-27568](CVE-2024/CVE-2024-275xx/CVE-2024-27568.json) (`2025-04-30T11:25:24.113`) +- [CVE-2024-27569](CVE-2024/CVE-2024-275xx/CVE-2024-27569.json) (`2025-04-30T11:25:47.437`) +- [CVE-2024-27571](CVE-2024/CVE-2024-275xx/CVE-2024-27571.json) (`2025-04-30T11:26:03.620`) +- [CVE-2024-27572](CVE-2024/CVE-2024-275xx/CVE-2024-27572.json) (`2025-04-30T11:26:49.620`) ## Download and Usage diff --git a/_state.csv b/_state.csv index df8cb6a2fc5..81c9def011d 100644 --- a/_state.csv +++ b/_state.csv @@ -156645,7 +156645,7 @@ CVE-2020-27789,0,0,b3222c3c02699b580895e7172ebafc73b737a78052c9b1d7d86d99b0e1c0c CVE-2020-2779,0,0,b546cdc21687409569d1539faaab8179ac026868e05268399c4a7381bea6b326,2024-11-21T05:26:14.967000 CVE-2020-27790,0,0,e2ba23c1880812cb44323bec3dedaa842c5eb4e6c0e4d691cf11e7f572c85aeb,2025-04-11T12:27:55.013000 CVE-2020-27791,0,0,bd58b5a63fb12f23763b7a92ad2bfd8f2392941dd2a626792c7548135e9e365d,2023-11-07T03:21:01.037000 -CVE-2020-27792,0,0,1782477228c7b6d0cbf1779152866b857817daa6a59c44a084f20be8bcfd4deb,2024-11-21T05:21:50.460000 +CVE-2020-27792,0,1,a0d3ac6e03c27749af9104f88874bff88cd4d1e56b0e01c387136cab45e0c38d,2025-04-30T10:15:15.363000 CVE-2020-27793,0,0,e4b8108131c7eae79f8ef1ed36b42a40d0e0321ad5a607ce3ebd72c17bd69d63,2024-11-21T05:21:50.600000 CVE-2020-27794,0,0,e4205ad077184110f8b3b0bbebf84f46a006c33feb38f0ae4a8074048f46fc58,2024-11-21T05:21:50.713000 CVE-2020-27795,0,0,5d7d09a109d60815049e72fd6d58e57ade47f013cb01bd7f35726f79967bc78c,2024-11-21T05:21:50.820000 @@ -255103,13 +255103,13 @@ CVE-2024-27561,0,0,fc16f92d17651bc7c1c4e9050d562b06f5135d4a3f335b425cd240bae1399 CVE-2024-27563,0,0,5533c243cccd53d02317f51d488d5c114a766a4a03a83659e29f733a18ae8237,2025-01-21T15:08:45.213000 CVE-2024-27564,0,0,e91219478d8b2c2aff51f0a7bd341b7f0fb0cc52077d3e34e633b49f9d664e20,2025-03-20T15:15:41.543000 CVE-2024-27565,0,0,a3b38ad3cbec062b28bbaa8b020ffb17a64d4ab23e3a1af71e103df51fce5c55,2025-01-21T15:11:29.370000 -CVE-2024-27567,0,0,1cabb61feb31ce9256b51a36fe51ecd8a3fe0d13c184bf0c394563554cdc6fb6,2024-11-21T09:04:45.313000 -CVE-2024-27568,0,0,f60461d2234dac0a41c0e3ac1d3945e36e4cc38ca6bc0749c4b7d5949db225b3,2024-11-21T09:04:45.523000 -CVE-2024-27569,0,0,4cedce0d2d8555105b481b4a2b248a6ef9a0fbb7e692408cafbcc2b19a493a18,2024-11-21T09:04:45.727000 +CVE-2024-27567,0,1,657d583e4bf717cbd446c99d9464cf362560078109f21bcf791ee78fc86cd7d8,2025-04-30T11:24:35.913000 +CVE-2024-27568,0,1,63eaff0d823d4aa90bd90229f4b7910e21410a2b51ca2379a4f3a541dfc25fb9,2025-04-30T11:25:24.113000 +CVE-2024-27569,0,1,fdaf19b4684f0f321f2de3c1f992482f70a557e984ccc2a3178e60f53059d59a,2025-04-30T11:25:47.437000 CVE-2024-2757,0,0,b6a58696e8d78b44d11f214bd59212dee93b29323cf80730dfa63c3675a6e16c,2025-02-13T18:17:57.187000 CVE-2024-27570,0,0,c44a55b067208addadad955f2c5db94e9753aa69ffa8333feeae68fe65e998fc,2025-03-14T01:15:38.783000 -CVE-2024-27571,0,0,c503204113538f77292ea19433990d5a2f981efcf24550bcb77c7fda84580dd2,2024-11-21T09:04:46.057000 -CVE-2024-27572,0,0,edeadca2e30c63ec3bf09920d1967999a9dbf7af68af6e2986a8e0b3d8d65232,2024-11-21T09:04:46.270000 +CVE-2024-27571,0,1,39e1e124c341cd4168ecf30639dd3480a51a059e81cfe3db5f24cbe80da90c31,2025-04-30T11:26:03.620000 +CVE-2024-27572,0,1,3a11639b43d227027e00f6fc3f89aff940a03f6cf64d2cfc8ceb3a3dd996a32c,2025-04-30T11:26:49.620000 CVE-2024-27574,0,0,1ed2792d66dba95eaf1291cd1f79efcac416f4905846dac9ed130d5eee0c5e62,2024-11-21T09:04:46.483000 CVE-2024-27575,0,0,c6c51e5ffbe8a47b581795b30fd037904da94b8aa82eb6eefa43d6fc895baf4f,2024-11-21T09:04:46.687000 CVE-2024-2758,0,0,3750812ffd0bc2f74afa8a930d62773b666d568dbe350389af15f011876a0c16,2024-11-21T09:10:26.913000 @@ -284728,9 +284728,9 @@ CVE-2025-22872,0,0,fa27a6fa31bcce451e23efd11332fdb5763aa6868809f671a46220dab8775 CVE-2025-2288,0,0,ea5cf9eb4e5e7d5beb8e92f7104073ba5d1adc8fc07f8a97145fc23482c0367a,2025-04-08T18:13:53.347000 CVE-2025-22880,0,0,755860b5cb6bfe06dab2e3046cf933164388a1927143f657d932a4500aa42249,2025-02-07T08:15:28.737000 CVE-2025-22881,0,0,bac764bb844fd45fc50560c993c0edd1d8ed2c5159276215579d0cda943f98d6,2025-02-26T08:14:25.137000 -CVE-2025-22882,1,1,df4e35b33a245855d8002ed33b704483737eb25dd3aaf994dd914dd7bed46370,2025-04-30T08:15:31.360000 -CVE-2025-22883,1,1,eabaa8834694154d2a8c6e4eb7d03f27ed00d4883c398bbd94fca0ff89dd7d47,2025-04-30T08:15:31.600000 -CVE-2025-22884,1,1,dba3f2a28d43c092853364c75280be9666ef4a2c45f26ee5a94215f7c1fee1ab,2025-04-30T08:15:31.760000 +CVE-2025-22882,0,0,df4e35b33a245855d8002ed33b704483737eb25dd3aaf994dd914dd7bed46370,2025-04-30T08:15:31.360000 +CVE-2025-22883,0,0,eabaa8834694154d2a8c6e4eb7d03f27ed00d4883c398bbd94fca0ff89dd7d47,2025-04-30T08:15:31.600000 +CVE-2025-22884,0,0,dba3f2a28d43c092853364c75280be9666ef4a2c45f26ee5a94215f7c1fee1ab,2025-04-30T08:15:31.760000 CVE-2025-22888,0,0,8715446d28ee196d4b5c9f7b0ea6743f100a7fae140bfca4a55cb2369c02c83f,2025-02-19T06:15:21.687000 CVE-2025-2289,0,0,46f397d6716276fb1c9c11c65e09dcb422ca6f1cf70d54651264c5bcb9bbbcb4,2025-03-21T15:03:12.617000 CVE-2025-22890,0,0,8dd6ffe45f0151dcb8b41a48dac74b1e668a5294c2f1614982860358b9b03cd6,2025-02-06T07:15:17.113000 @@ -285884,6 +285884,9 @@ CVE-2025-24320,0,0,22204bebd126ec0b8efa20c54300c5d2c2817352b294d53c5a23f29d2ef87 CVE-2025-24326,0,0,dd13af4709b7b17ac448c947eb2606b60fddc8b7e04055280df591b39ac70dcf,2025-02-05T18:15:35.420000 CVE-2025-24336,0,0,0c1fb43f965e1337be57c1e176a52234211acbdc43cd0f3b53a81b279dc7a08b,2025-01-31T00:15:20.607000 CVE-2025-24337,0,0,909a943b00c8b637d3fed5ce70273699981b2448e37e3c32ed1614924942542d,2025-01-20T14:15:27.130000 +CVE-2025-24338,1,1,297260a5316cce01dbb804bde426952e0fbed76f4139198ad513a9fc04da5620,2025-04-30T11:15:48.150000 +CVE-2025-24339,1,1,7d29129baa469ae986fd5fe11e38eaebe81149342a7d9beb238fac29e6b9cdc0,2025-04-30T11:15:49.623000 +CVE-2025-24340,1,1,9310ef395b544b7f75fbdcd4fbd2522e545d2f95ea0d4c0b36bfab15e8e36f39,2025-04-30T11:15:49.797000 CVE-2025-24353,0,0,73a00e82e652255c53e1c9aa441604ca19c4f6e89dc8a22b2403655764d58be1,2025-01-23T18:15:33.990000 CVE-2025-24354,0,0,33e96f6ab404cf45f0a4405c77520b82358348aceacdc778687814571e590be5,2025-01-27T18:15:41.197000 CVE-2025-24355,0,0,2b68b163db748dec99ff55b2d4d371492d44a4482a7f15b8973aa6b3a0f994c5,2025-01-24T17:15:16.047000 @@ -288328,7 +288331,7 @@ CVE-2025-28896,0,0,6e6a2fa3cde195ce87392bd7667516c083ecc1dc25f056878eda15e50fea7 CVE-2025-28897,0,0,b9be4fc485f3486e720bfb05c055043e37c0d9f5d96c1d8a54257acf1fac99df,2025-03-11T21:15:47.163000 CVE-2025-28898,0,0,1fa2da02c3d09462dce154b0e448bf579b956438cdcaba50392a81533eeb8b5b,2025-03-27T16:45:27.850000 CVE-2025-28899,0,0,4bf0dd6493ddb418b803121ef81c721db73f7fb1f81b8bf520a2fef08133e144,2025-03-27T16:45:27.850000 -CVE-2025-2890,1,1,4546ae37c74aa8b236e59ab7216bbbe7ee2e0bbe83ba78ab92b311ef8aedbac6,2025-04-30T09:15:14.503000 +CVE-2025-2890,0,0,4546ae37c74aa8b236e59ab7216bbbe7ee2e0bbe83ba78ab92b311ef8aedbac6,2025-04-30T09:15:14.503000 CVE-2025-28900,0,0,fed3bb83935a97bb6bcbaae18b7594a3620ff5c19cbcf2c9eb481741eb05f045,2025-03-11T21:15:47.313000 CVE-2025-28901,0,0,51ce41c5f42dd489e9c4b813887e6ff8e81a44c31a938903e1d90133cd1b5c03,2025-03-11T21:15:47.470000 CVE-2025-28902,0,0,fc2faabc0e3a80f192c6819497732bc38ae75103642686e8bdb9fd66a48e4b48,2025-03-11T21:15:47.627000 @@ -291260,7 +291263,7 @@ CVE-2025-39526,0,0,e48eefb58efeec413382bf0a150c6063a3820bdf98f98c55351275c777655 CVE-2025-39527,0,0,3284145183922bc0e58f1a51fb33927acbe4c2798946bac3fed9855491e320fa,2025-04-17T20:21:05.203000 CVE-2025-39528,0,0,b664d763e51683b756b32fed17f8ce933e99d37fef048895d1a00e8da105b797,2025-04-16T13:25:37.340000 CVE-2025-39529,0,0,bcf34c2d62331729e70811811e71dcf889d640ae1b171cefed763836fbc33e68,2025-04-16T13:25:37.340000 -CVE-2025-3953,0,1,e520f2d8cc53e58d31fbdc99cf7409be960dec4377d02716bb6979f3b1aa6819,2025-04-30T06:15:53.300000 +CVE-2025-3953,0,0,e520f2d8cc53e58d31fbdc99cf7409be960dec4377d02716bb6979f3b1aa6819,2025-04-30T06:15:53.300000 CVE-2025-39530,0,0,04cd4efd0982bc2e3b3a3fdf151be77700254449378583fee75d72392e767a80,2025-04-16T13:25:37.340000 CVE-2025-39531,0,0,ff1b3efe015a3987f44dddec7757fb08524f162b253adf68dd482dc34a954500,2025-04-16T13:25:37.340000 CVE-2025-39532,0,0,c6a1aa250e41f609065af7ae7d78ed7ce37833beb178fb16dc9d01c8b07d0228,2025-04-17T20:21:05.203000 @@ -291462,8 +291465,14 @@ CVE-2025-4091,0,0,be76f80720d6507adedb56244fc15d9bfa10d0652d1ed50301d66beeacf973 CVE-2025-4092,0,0,200d711ebe2e15156ad0230ced68f0f5a246d532b5d02cde90c654c8fdd064ec,2025-04-29T16:15:39.707000 CVE-2025-4093,0,0,d891b279ce00073f17d8f58a8ebf719e451cb06357235d1b137c7bf6521fbbb1,2025-04-29T16:15:39.850000 CVE-2025-4095,0,0,f2539477bf5eaf9485d044b6cf6e79bb8583734ab1b2d0e4b42ac3598cab5848,2025-04-29T18:15:46.180000 -CVE-2025-4124,1,1,5de9fad0aff01bcc9b08950740facb2df74f7717b7ae5c11db77f58373920085,2025-04-30T09:15:17.300000 -CVE-2025-4125,1,1,16c5f2432c5bb3ea366fa409fa144ceffae152b47513b47039009d6c13254fc7,2025-04-30T09:15:17.523000 +CVE-2025-4108,1,1,9bfd6d1ad4fcc03f836aae2b64adaf887b9300aa371e576f132f375b19a71239,2025-04-30T10:15:18.407000 +CVE-2025-4109,1,1,dc55813f8b4d8971c2db3d8e03f9b60d13669f4e540622a7a0de82c2044c0fb3,2025-04-30T10:15:18.813000 +CVE-2025-4110,1,1,196e64505e5460ba2420017a2a68042ee5b550e797cc65f00f251cf067b66bb8,2025-04-30T11:15:49.983000 +CVE-2025-4111,1,1,f0b05f0d6da948ca73a43bc559b2f71a2a5f78e63f1cdc9e72297ca6f5d78aca,2025-04-30T11:15:50.283000 +CVE-2025-4112,1,1,f41dfb5d617f985da38472fed0d63571d8946e35ce49689d95db2f21d2a12acd,2025-04-30T11:15:50.500000 +CVE-2025-4113,1,1,e4e796ce680a15d0f27b4a9e929f8e824962cee8d2a67533fc94ca512ace1d62,2025-04-30T11:15:50.760000 +CVE-2025-4124,0,0,5de9fad0aff01bcc9b08950740facb2df74f7717b7ae5c11db77f58373920085,2025-04-30T09:15:17.300000 +CVE-2025-4125,0,0,16c5f2432c5bb3ea366fa409fa144ceffae152b47513b47039009d6c13254fc7,2025-04-30T09:15:17.523000 CVE-2025-41395,0,0,65b9e3526569f587eb1cd97410ac7325e217f46717fe2bbf0abfe0a9511ead3c,2025-04-29T13:52:47.470000 CVE-2025-41423,0,0,3ae1e637900a2dfc5b6bacaa494e26a0b5d8e1e48accef6073153be61f7a9347,2025-04-29T13:52:47.470000 CVE-2025-42598,0,0,4c400d87dc34a2b74819c41bbdd48bd1c3da0af3c35841d82c2177d30b1cb5f5,2025-04-29T13:52:10.697000