admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-21T23:55:26.553239+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-21 23:59:07 +00:00
parent 536089617c
commit 25b6ba9cd5
12 changed files with 899 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
CVE-2025/CVE-2025-19xx/CVE-2025-1987.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2025-1987",
"sourceIdentifier": "cve-requests@bitdefender.com",
"published": "2025-06-21T22:15:21.510",
"lastModified": "2025-06-21T22:15:21.510",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS)\u00a0vulnerability has been identified in Psono-Client\u2019s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious vault entry (or trick a user into creating or importing one) with a javascript:URL. When the user interacts with this entry (for example, by clicking or opening it), the application will execute the malicious JavaScript in the context of the Psono vault. This allows an attacker to run arbitrary code in the victim\u2019s browser, potentially giving them access to the user\u2019s password vault and sensitive data."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cve-requests@bitdefender.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "cve-requests@bitdefender.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://bitdefender.com/support/support/security-advisories/stored-xss-in-psono-client-via-malicious-vault-entry-urls",
"source": "cve-requests@bitdefender.com"
}
]
}

60
CVE-2025/CVE-2025-529xx/CVE-2025-52916.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-52916",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-21T23:15:23.820",
"lastModified": "2025-06-21T23:15:23.820",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yealink YMCS RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 2.2,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://support.yealink.com/en/portal/knowledge/show?id=6476e7cd6a27da76bd06a9c9",
"source": "cve@mitre.org"
},
{
"url": "https://www.yealink.com/en/trust-center/security-advisories/b8dc062eaa8d4f59",
"source": "cve@mitre.org"
}
]
}

48
CVE-2025/CVE-2025-529xx/CVE-2025-52917.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2025-52917",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-21T23:15:24.017",
"lastModified": "2025-06-21T23:15:24.017",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Yealink YMCS RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://support.yealink.com/en/portal/knowledge/show?id=6476e7cd6a27da76bd06a9c9",
"source": "cve@mitre.org"
},
{
"url": "https://www.yealink.com/en/trust-center/security-advisories/f8205560a8c7443f",
"source": "cve@mitre.org"
}
]
}

48
CVE-2025/CVE-2025-529xx/CVE-2025-52918.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2025-52918",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-21T23:15:24.157",
"lastModified": "2025-06-21T23:15:24.157",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Yealink YMCS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://support.yealink.com/en/portal/knowledge/show?id=646b44278ef325311f38303f",
"source": "cve@mitre.org"
},
{
"url": "https://www.yealink.com/en/trust-center/security-advisories/1318c5efb82e4526",
"source": "cve@mitre.org"
}
]
}

48
CVE-2025/CVE-2025-529xx/CVE-2025-52919.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2025-52919",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-06-21T23:15:24.297",
"lastModified": "2025-06-21T23:15:24.297",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Yealink YMCS RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://support.yealink.com/en/portal/knowledge/show?id=6476e7cd6a27da76bd06a9c9",
"source": "cve@mitre.org"
},
{
"url": "https://www.yealink.com/en/trust-center/security-advisories/ecb16a4993014d22",
"source": "cve@mitre.org"
}
]
}

4
CVE-2025/CVE-2025-60xx/CVE-2025-6019.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the \"allow_active\" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an \"allow_active\" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de Escalada de Privilegios Locales (LPE) en libblockdev. Generalmente, la configuraci\u00f3n \"allow_active\" de Polkit permite a un usuario f\u00edsicamente presente realizar ciertas acciones seg\u00fan el tipo de sesi\u00f3n. Debido a la forma en que libblockdev interact\u00faa con el daemon udisks, un usuario \"allow_active\" en un sistema puede escalar a privilegios de root completos en el host objetivo. Normalmente, udisks monta im\u00e1genes del sistema de archivos proporcionadas por el usuario con indicadores de seguridad como nosuid y nodev para evitar la escalada de privilegios. Sin embargo, un atacante local puede crear una imagen XFS especialmente manipulada que contenga un shell SUID-root y luego enga\u00f1ar a udisks para que la redimensione. Esto monta su sistema de archivos malicioso con privilegios de root, lo que le permite ejecutar su shell SUID-root y obtener el control total del sistema."
}
],
"metrics": {

145
CVE-2025/CVE-2025-64xx/CVE-2025-6420.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-6420",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-21T22:15:21.687",
"lastModified": "2025-06-21T22:15:21.687",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add_room.php. The manipulation of the argument room_type leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zzb1388/cve/issues/6",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.313414",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.313414",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.598246",
"source": "cna@vuldb.com"
}
]
}

149
CVE-2025/CVE-2025-64xx/CVE-2025-6421.json Normal file
View File

@ -0,0 +1,149 @@
{
"id": "CVE-2025-6421",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-21T22:15:21.870",
"lastModified": "2025-06-21T22:15:21.870",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/add_account.php. The manipulation of the argument name/admin_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zzb1388/cve/issues/7",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.313415",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.313415",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.598247",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.598584",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-64xx/CVE-2025-6422.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-6422",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-21T23:15:24.563",
"lastModified": "2025-06-21T23:15:24.563",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=save_settings of the component About Content Page. The manipulation of the argument img leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/Sp1d3rL1/CVE/issues/2",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.313417",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.313417",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.598211",
"source": "cna@vuldb.com"
},
{
"url": "https://www.campcodes.com/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-64xx/CVE-2025-6446.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-6446",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-21T23:15:24.743",
"lastModified": "2025-06-21T23:15:24.743",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /clientdetails/admin/index.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/kakalalaww/CVE/issues/18",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.313553",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.313553",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.598499",
"source": "cna@vuldb.com"
}
]
}

24
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-06-21T22:00:22.357400+00:00
2025-06-21T23:55:26.553239+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-06-21T21:15:24.453000+00:00
2025-06-21T23:15:24.743000+00:00
```
### Last Data Feed Release
@ -33,23 +33,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
299005
299014
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `9`
- [CVE-2025-6416](CVE-2025/CVE-2025-64xx/CVE-2025-6416.json) (`2025-06-21T20:15:26.237`)
- [CVE-2025-6417](CVE-2025/CVE-2025-64xx/CVE-2025-6417.json) (`2025-06-21T20:15:27.210`)
- [CVE-2025-6418](CVE-2025/CVE-2025-64xx/CVE-2025-6418.json) (`2025-06-21T21:15:23.713`)
- [CVE-2025-6419](CVE-2025/CVE-2025-64xx/CVE-2025-6419.json) (`2025-06-21T21:15:24.453`)
- [CVE-2025-1987](CVE-2025/CVE-2025-19xx/CVE-2025-1987.json) (`2025-06-21T22:15:21.510`)
- [CVE-2025-52916](CVE-2025/CVE-2025-529xx/CVE-2025-52916.json) (`2025-06-21T23:15:23.820`)
- [CVE-2025-52917](CVE-2025/CVE-2025-529xx/CVE-2025-52917.json) (`2025-06-21T23:15:24.017`)
- [CVE-2025-52918](CVE-2025/CVE-2025-529xx/CVE-2025-52918.json) (`2025-06-21T23:15:24.157`)
- [CVE-2025-52919](CVE-2025/CVE-2025-529xx/CVE-2025-52919.json) (`2025-06-21T23:15:24.297`)
- [CVE-2025-6420](CVE-2025/CVE-2025-64xx/CVE-2025-6420.json) (`2025-06-21T22:15:21.687`)
- [CVE-2025-6421](CVE-2025/CVE-2025-64xx/CVE-2025-6421.json) (`2025-06-21T22:15:21.870`)
- [CVE-2025-6422](CVE-2025/CVE-2025-64xx/CVE-2025-6422.json) (`2025-06-21T23:15:24.563`)
- [CVE-2025-6446](CVE-2025/CVE-2025-64xx/CVE-2025-6446.json) (`2025-06-21T23:15:24.743`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2025-6019](CVE-2025/CVE-2025-60xx/CVE-2025-6019.json) (`2025-06-19T12:15:19.727`)
## Download and Usage

19
_state.csv
View File

@ -284339,6 +284339,7 @@ CVE-2025-1983,0,0,b00a7fbfc7e72efc3071430d1c49bb16299e59e8ab10971b7b91d7f6d942af
CVE-2025-1984,0,0,9c3841609345cdbc038774b45498dc390a4f9eba4042b93fef2b069dfe449491,2025-03-14T18:15:31.507000
CVE-2025-1985,0,0,4ffdbac0d26e1471a14176bc9434556c5b29dab614d77fc4aad8694095a6def1,2025-05-28T15:01:30.720000
CVE-2025-1986,0,0,9ce2b14337b22a581b34a818b054e13cb4e2ea01e7c82ab0b4045cd40f48f650,2025-05-28T15:55:16.960000
CVE-2025-1987,1,1,d80da0d4835d50b09ac78eaae8ca0679dca822781fa6a1e6b801d77c3b173b7c,2025-06-21T22:15:21.510000
CVE-2025-1992,0,0,0af2ea688587765257ed9f7059d6c1312f1c590028ff15abda68c50e681fb7cd,2025-05-05T20:54:19.760000
CVE-2025-1993,0,0,cc38e952c65d052c82178ffa099a41c9554ba3ffc8216755b6ee79ded066b7ff,2025-05-12T17:32:32.760000
CVE-2025-1997,0,0,2320e8fae7a90840d951f0ca1bf029eb0495106dea7a57ba1224c981543ab87d,2025-03-27T16:45:12.210000
@ -298259,6 +298260,10 @@ CVE-2025-5288,0,0,5b20c7a865ed486d932e1f5165bbcfd30ae2f04bc0acfb20d9396799c2c655
CVE-2025-5289,0,0,b9d742cd07348cf5ac5a6bc32677ea7f81a3f79e8dc609eede8959a563a09a42,2025-06-21T11:15:35.240000
CVE-2025-5290,0,0,ad45f62f849dd27deb380b44d26b94809d4f0499166fbd95cf7b52d6d8099374,2025-06-02T17:32:17.397000
CVE-2025-5291,0,0,30fc605f4380fb7e9cd3dc4c3c29792847dcfc90b0ea5fa3ca9a29d145a853dc,2025-06-17T20:50:23.507000
CVE-2025-52916,1,1,b5a11ea5cc8605934f267f997b908b5ac420694070654e4f2d18f8c04dda6d3f,2025-06-21T23:15:23.820000
CVE-2025-52917,1,1,3b9f4b8ce8efe130bc630d63cb09ab0e4ca15d247bf3be622eb1776b91ed9460,2025-06-21T23:15:24.017000
CVE-2025-52918,1,1,0260d7a54d0c0ee27698ebe270d89da32f1371db0fff57c89e2e419da5a78931,2025-06-21T23:15:24.157000
CVE-2025-52919,1,1,70c019e4086e225b954f0e6240e3350398103fb9946c1f4b622121acb25ff5a1,2025-06-21T23:15:24.297000
CVE-2025-5292,0,0,30cec8bd4cde62e6ca85175b601b2d9fd7dc117c201a288e7f0e6414bd251b48,2025-06-02T17:32:17.397000
CVE-2025-5295,0,0,d0e6aa3b032b1532910154b10cc32ceaaf64a98256f38c6f6f628cd0a1c4bacc,2025-05-28T15:01:30.720000
CVE-2025-5297,0,0,32219ebb357b11c35687ad82e2d72808a3fe88681e14d78b6d0829c9d1dbc7ef,2025-06-10T19:33:01.990000
@ -298763,7 +298768,7 @@ CVE-2025-6007,0,0,ad7217a46edf88f3122f03c09e2fdcfd31382468cbe1002c4a5de402899399
CVE-2025-6008,0,0,cf45d1b8877307f98a5e962959db4dd8b70df84c99522375a10c3d04cde0826f,2025-06-19T01:26:01.867000
CVE-2025-6009,0,0,78abb2d4f36e6029b865859c44e8b3b2ae426316eb8bf2e15ca3e33565c4ca16,2025-06-19T01:25:17.743000
CVE-2025-6012,0,0,26f2f66d87f45d6aa756cc004552cfa11ed42d44708395d664a6658fe8d21b45,2025-06-16T12:32:18.840000
CVE-2025-6019,0,0,04254b9397dd11cd6c3c371a0a809a11e95d3435e7861389ea1ee8b10ff74261,2025-06-19T12:15:19.727000
CVE-2025-6019,0,1,ebf4f12bdb263a546c3aea4ef4c7f4363c6b17ec70827c011e272bb086ea941e,2025-06-19T12:15:19.727000
CVE-2025-6020,0,0,439a2d09f05868a64a6818f204c8af8c3741a1aa91da69dac7da1c6864b5ef72,2025-06-17T20:50:23.507000
CVE-2025-6021,0,0,4d6c316d6b2265feaa5a1f1976caab5acbb233a1583e3791720a0a82dcf439c4,2025-06-12T16:06:20.180000
CVE-2025-6029,0,0,e9108be7e98d0780991a9dbc9771d79381463de686ea76ad25b1212ca465841e,2025-06-16T12:32:18.840000
@ -299000,7 +299005,11 @@ CVE-2025-6412,0,0,6bba585df4a6a1290d4defcad0a067fb3000d58fdf83ecbd8be32ef6de5550
CVE-2025-6413,0,0,2c67f254879dfc9ce5e2d24bd979b380871fc604ef9b83493a225329ac05d70c,2025-06-21T18:15:24.720000
CVE-2025-6414,0,0,b56f6b53339431609c016ed1e0e82b07ecc8f618efa5ab387037f963d66bf70d,2025-06-21T19:15:22.377000
CVE-2025-6415,0,0,2852b6515f76b658080b4c30498f8e68b4aa0c6737918f095052eb7634b13fa0,2025-06-21T19:15:22.583000
CVE-2025-6416,1,1,590d0de6a914b6c2d6e1a305dc8abe612106f3ade364bb3dca0c9e479668dd66,2025-06-21T20:15:26.237000
CVE-2025-6417,1,1,e5d68cbd614c8f58368ae09f20799a678361eff6c9238f113588378a96ab8d06,2025-06-21T20:15:27.210000
CVE-2025-6418,1,1,bf63b4b5076d801229d55234c4c4fbb4f51ea0eeeaed7f67ca98251ce3be4951,2025-06-21T21:15:23.713000
CVE-2025-6419,1,1,8a6c0984ee0e4845996c700baf1b94b25cf3b01bafa3c0e7672286075bb4e704,2025-06-21T21:15:24.453000
CVE-2025-6416,0,0,590d0de6a914b6c2d6e1a305dc8abe612106f3ade364bb3dca0c9e479668dd66,2025-06-21T20:15:26.237000
CVE-2025-6417,0,0,e5d68cbd614c8f58368ae09f20799a678361eff6c9238f113588378a96ab8d06,2025-06-21T20:15:27.210000
CVE-2025-6418,0,0,bf63b4b5076d801229d55234c4c4fbb4f51ea0eeeaed7f67ca98251ce3be4951,2025-06-21T21:15:23.713000
CVE-2025-6419,0,0,8a6c0984ee0e4845996c700baf1b94b25cf3b01bafa3c0e7672286075bb4e704,2025-06-21T21:15:24.453000
CVE-2025-6420,1,1,144970e9c742151c2f5543c7029e473aec0dc4693af2b6598db08315e80f9dc0,2025-06-21T22:15:21.687000
CVE-2025-6421,1,1,6bb0ef4553796d4b17bf674ba71ed376e533d1be3053d4e8013f1629fd9ee955,2025-06-21T22:15:21.870000
CVE-2025-6422,1,1,c573c4db3c0f20957365ddf4fca4d8cd722bee1aea05672517904a42b456062e,2025-06-21T23:15:24.563000
CVE-2025-6446,1,1,44bb6e746b3927f98410a922df7f49f7dfc756465d7a1b8c41e32b3d72a60ca9,2025-06-21T23:15:24.743000

Can't render this file because it is too large.