diff --git a/CVE-2025/CVE-2025-45xx/CVE-2025-4568.json b/CVE-2025/CVE-2025-45xx/CVE-2025-4568.json new file mode 100644 index 00000000000..c656c918577 --- /dev/null +++ b/CVE-2025/CVE-2025-45xx/CVE-2025-4568.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-4568", + "sourceIdentifier": "cvd@cert.pl", + "published": "2025-06-05T10:15:21.730", + "lastModified": "2025-06-05T10:15:21.730", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of input provided by an unauthorized user into changes__reference_id parameter in URL allows for boolean-based Blind SQL Injection attacks." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 9.3, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://2clickportal.pl/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/en/posts/2025/06/CVE-2025-4568", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-56xx/CVE-2025-5650.json b/CVE-2025/CVE-2025-56xx/CVE-2025-5650.json new file mode 100644 index 00000000000..ff852eeb39a --- /dev/null +++ b/CVE-2025/CVE-2025-56xx/CVE-2025-5650.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-5650", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-05T10:15:23.020", + "lastModified": "2025-06-05T10:15:23.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in 1000projects Online Notice Board 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ubfbuz3/cve/issues/17", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311140", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311140", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.589819", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-56xx/CVE-2025-5651.json b/CVE-2025/CVE-2025-56xx/CVE-2025-5651.json new file mode 100644 index 00000000000..e3b3be4099b --- /dev/null +++ b/CVE-2025/CVE-2025-56xx/CVE-2025-5651.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5651", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-05T10:15:23.270", + "lastModified": "2025-06-05T10:15:23.270", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/tuooo/CVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311141", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311141", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.589962", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-56xx/CVE-2025-5652.json b/CVE-2025/CVE-2025-56xx/CVE-2025-5652.json new file mode 100644 index 00000000000..7ea4ae96516 --- /dev/null +++ b/CVE-2025/CVE-2025-56xx/CVE-2025-5652.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5652", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-05T10:15:23.477", + "lastModified": "2025-06-05T10:15:23.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/between-date-complaintreport.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/f1rstb100d/myCVE/issues/41", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311142", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311142", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.589963", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-56xx/CVE-2025-5653.json b/CVE-2025/CVE-2025-56xx/CVE-2025-5653.json new file mode 100644 index 00000000000..234b3e4e946 --- /dev/null +++ b/CVE-2025/CVE-2025-56xx/CVE-2025-5653.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5653", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-05T11:15:21.093", + "lastModified": "2025-06-05T11:15:21.093", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/between-date-userreport.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/f1rstb100d/myCVE/issues/42", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311143", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311143", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.589964", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-56xx/CVE-2025-5654.json b/CVE-2025/CVE-2025-56xx/CVE-2025-5654.json new file mode 100644 index 00000000000..7632f40fc96 --- /dev/null +++ b/CVE-2025/CVE-2025-56xx/CVE-2025-5654.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5654", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-05T11:15:22.133", + "lastModified": "2025-06-05T11:15:22.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-state.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/f1rstb100d/myCVE/issues/43", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311144", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311144", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.589965", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-56xx/CVE-2025-5655.json b/CVE-2025/CVE-2025-56xx/CVE-2025-5655.json new file mode 100644 index 00000000000..3309e7385ae --- /dev/null +++ b/CVE-2025/CVE-2025-56xx/CVE-2025-5655.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5655", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-05T11:15:22.313", + "lastModified": "2025-06-05T11:15:22.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument subcategory leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/f1rstb100d/myCVE/issues/44", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311145", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311145", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.589966", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index eb87e601446..b322ce868cc 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-05T10:00:20.740230+00:00 +2025-06-05T12:00:21.484429+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-05T09:15:23.353000+00:00 +2025-06-05T11:15:22.313000+00:00 ``` ### Last Data Feed Release @@ -33,27 +33,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -296557 +296564 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `7` -- [CVE-2025-5645](CVE-2025/CVE-2025-56xx/CVE-2025-5645.json) (`2025-06-05T08:15:20.973`) -- [CVE-2025-5646](CVE-2025/CVE-2025-56xx/CVE-2025-5646.json) (`2025-06-05T08:15:21.197`) -- [CVE-2025-5647](CVE-2025/CVE-2025-56xx/CVE-2025-5647.json) (`2025-06-05T09:15:22.847`) -- [CVE-2025-5648](CVE-2025/CVE-2025-56xx/CVE-2025-5648.json) (`2025-06-05T09:15:23.123`) -- [CVE-2025-5649](CVE-2025/CVE-2025-56xx/CVE-2025-5649.json) (`2025-06-05T09:15:23.353`) +- [CVE-2025-4568](CVE-2025/CVE-2025-45xx/CVE-2025-4568.json) (`2025-06-05T10:15:21.730`) +- [CVE-2025-5650](CVE-2025/CVE-2025-56xx/CVE-2025-5650.json) (`2025-06-05T10:15:23.020`) +- [CVE-2025-5651](CVE-2025/CVE-2025-56xx/CVE-2025-5651.json) (`2025-06-05T10:15:23.270`) +- [CVE-2025-5652](CVE-2025/CVE-2025-56xx/CVE-2025-5652.json) (`2025-06-05T10:15:23.477`) +- [CVE-2025-5653](CVE-2025/CVE-2025-56xx/CVE-2025-5653.json) (`2025-06-05T11:15:21.093`) +- [CVE-2025-5654](CVE-2025/CVE-2025-56xx/CVE-2025-5654.json) (`2025-06-05T11:15:22.133`) +- [CVE-2025-5655](CVE-2025/CVE-2025-56xx/CVE-2025-5655.json) (`2025-06-05T11:15:22.313`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `0` -- [CVE-2023-6837](CVE-2023/CVE-2023-68xx/CVE-2023-6837.json) (`2025-06-05T09:15:21.813`) -- [CVE-2025-47577](CVE-2025/CVE-2025-475xx/CVE-2025-47577.json) (`2025-06-05T09:15:22.680`) -- [CVE-2025-5644](CVE-2025/CVE-2025-56xx/CVE-2025-5644.json) (`2025-06-05T07:15:23.990`) ## Download and Usage diff --git a/_state.csv b/_state.csv index c24d12ff270..fd83fdc979f 100644 --- a/_state.csv +++ b/_state.csv @@ -243685,7 +243685,7 @@ CVE-2023-6832,0,0,6a90580492f9d38df9fd6d1827ce228df2bbc5f49746cd9544810f80933154 CVE-2023-6833,0,0,5b3660cdc42820823ba7a126010a2a7497c2a7133a3e273438edd05670d71c65,2024-11-21T08:44:38.547000 CVE-2023-6835,0,0,252c9566237081f48f16e407655c88ecc560df01fb4ba359634d671fe01c26d2,2024-11-21T08:44:38.680000 CVE-2023-6836,0,0,6d82b41c95c77801da8fe6aab355a889a5b0d0b365b95f10c8b48621743359ac,2024-11-21T08:44:38.827000 -CVE-2023-6837,0,1,98e604dfeb4708ff2e3062bc94b58bb6cabc485855e519f069e4d9de9eeba5be,2025-06-05T09:15:21.813000 +CVE-2023-6837,0,0,98e604dfeb4708ff2e3062bc94b58bb6cabc485855e519f069e4d9de9eeba5be,2025-06-05T09:15:21.813000 CVE-2023-6838,0,0,94589a15cd43d095d6904ee58354d0379e7bd4e5f6cd1d2760693ae54a8214e4,2024-11-21T08:44:39.153000 CVE-2023-6839,0,0,33aa58158b721beae894461c30e7e6926f93c29fdec2cf47a3d03407368eacb2,2024-11-21T08:44:39.303000 CVE-2023-6840,0,0,6d546453dbc1e0a3746d923568ce015e06fbb09e2bd08253f5dd212306e4b902,2024-11-21T08:44:39.447000 @@ -294721,6 +294721,7 @@ CVE-2025-45618,0,0,767ee00e764e7ef5bf5da280443f8f8ac155a067bd61e2227396cf4720a51 CVE-2025-4562,0,0,d2657f9e359abe15e16bbecb49ae9ba4428138285e1222df0d7e8c7358260e0e,2025-05-22T23:15:19.620000 CVE-2025-4564,0,0,8d3f9720d908e446b737db8b900434db81b180dd53397ac7362129a7e91e5314,2025-05-16T14:43:26.160000 CVE-2025-4567,0,0,58147eb394708580d7afe585e734cf01dd405d0c4de5ce4464b448a64c2b1169,2025-06-04T14:54:33.783000 +CVE-2025-4568,1,1,29804dbca17dc2cdb314f878db2d00cdd669a902429b3276afb628cea7658662,2025-06-05T10:15:21.730000 CVE-2025-4574,0,0,a936e70ea81d08570f1b370d85f904e33ed32b85014f55e350943da2afdfcfb5,2025-05-16T14:43:56.797000 CVE-2025-45746,0,0,4f739c19260013516117a27de71915ddd8b481653d1fe15c253a574b15da0223,2025-05-21T14:15:31.553000 CVE-2025-4575,0,0,0624d6300232d42a9f90f1e62069c560ca8ea8d361bea47508069c55d62ec0b1,2025-05-23T15:55:02.040000 @@ -295422,7 +295423,7 @@ CVE-2025-47568,0,0,816122bf6ee3258a91c70b57c27a64864503daf9f011fa2dfdbf1808df01c CVE-2025-4757,0,0,aff32a5dd8531f1cf16b47f2eaa3e2f3dcb4fa067452c943f1a1e24c22fb61c9,2025-05-27T19:49:21.437000 CVE-2025-47575,0,0,3856dc014fc47893d7ef5712b0e151680734365e77cbdf4b14af12b94f83ad85,2025-05-23T15:54:42.643000 CVE-2025-47576,0,0,edb28b0afb2590818e704b2b702bc94672987057adfe446ab20f50ce396f0510,2025-05-21T20:25:16.407000 -CVE-2025-47577,0,1,e6bf35f708db79d6247522f1af460f531b906a5c3729299a5379bdb63ca6b1e2,2025-06-05T09:15:22.680000 +CVE-2025-47577,0,0,e6bf35f708db79d6247522f1af460f531b906a5c3729299a5379bdb63ca6b1e2,2025-06-05T09:15:22.680000 CVE-2025-47578,0,0,b616bbe684d2eb7dd92eb1261c0ad506edfdcec7b43968e410f446f8f1826964,2025-05-12T17:32:32.760000 CVE-2025-4758,0,0,b1e527b6226a15a73ab3d3f863b7bc3ca89ba9b39c71a5d7592a77b45f45047c,2025-05-27T19:49:07.163000 CVE-2025-47580,0,0,f8509d199a0124c7777f42c3b3494347d37d7adbf76a1a5ef4cb845905274582,2025-05-16T14:43:26.160000 @@ -296547,12 +296548,18 @@ CVE-2025-5640,0,0,0a44d2717618bf0a46c88e7eba3b9b2d49b4870ec347415bc404a7a4edcf5d CVE-2025-5641,0,0,c8b8d3bca818a7becef08e6b36639b90c5e27057202f0ffcc45129c6a66a20df,2025-06-05T07:15:23.317000 CVE-2025-5642,0,0,528421914045159b8b3e5e1b139bbeed69ee32d429d13b5ecfeb7c038e4694db,2025-06-05T07:15:23.583000 CVE-2025-5643,0,0,73930ae01cb8be7ac4fa838687eb1a706ac7c2dbb69c6b7c4c1bf2bbac46b053,2025-06-05T07:15:23.780000 -CVE-2025-5644,0,1,7ef9cceda7c9a616d93e140c0a3079d5da3ae6acc00054e6bac6ae7d35b196ca,2025-06-05T07:15:23.990000 -CVE-2025-5645,1,1,b59a0a4f8672151ed1dc642279b01eceb4f0cc95ef2b492169510ec16e578632,2025-06-05T08:15:20.973000 -CVE-2025-5646,1,1,1c09e3ee4279bbb303f68b9f5ffb1ac47b840b242c88be0ecdb8280bcd0ebd1c,2025-06-05T08:15:21.197000 -CVE-2025-5647,1,1,71bb7d14d0c12b1cdce5374f6e7f9b7e420d3be3ca525fe3c6817f62ae103604,2025-06-05T09:15:22.847000 -CVE-2025-5648,1,1,fbfbcda085b87e923a60877f0858ed1713cb4a263dbfefcc550392244e8b26f5,2025-06-05T09:15:23.123000 -CVE-2025-5649,1,1,c5902840d6b6394c48c9775eda5452a9ca0d6c5bc764ed076171722caf945a02,2025-06-05T09:15:23.353000 +CVE-2025-5644,0,0,7ef9cceda7c9a616d93e140c0a3079d5da3ae6acc00054e6bac6ae7d35b196ca,2025-06-05T07:15:23.990000 +CVE-2025-5645,0,0,b59a0a4f8672151ed1dc642279b01eceb4f0cc95ef2b492169510ec16e578632,2025-06-05T08:15:20.973000 +CVE-2025-5646,0,0,1c09e3ee4279bbb303f68b9f5ffb1ac47b840b242c88be0ecdb8280bcd0ebd1c,2025-06-05T08:15:21.197000 +CVE-2025-5647,0,0,71bb7d14d0c12b1cdce5374f6e7f9b7e420d3be3ca525fe3c6817f62ae103604,2025-06-05T09:15:22.847000 +CVE-2025-5648,0,0,fbfbcda085b87e923a60877f0858ed1713cb4a263dbfefcc550392244e8b26f5,2025-06-05T09:15:23.123000 +CVE-2025-5649,0,0,c5902840d6b6394c48c9775eda5452a9ca0d6c5bc764ed076171722caf945a02,2025-06-05T09:15:23.353000 +CVE-2025-5650,1,1,b2fcc16e9e2d67331d6225af628f2742cf989eb49709e012a985d5c2c9128015,2025-06-05T10:15:23.020000 +CVE-2025-5651,1,1,faaaae0c6ab7f44cada622ff689882dd1bf6e3d9d5455ef956229bd187c0c8e2,2025-06-05T10:15:23.270000 +CVE-2025-5652,1,1,aa7cc3b3173f805c8726602c5a4f2758cf548e05d85c7daeef7cc865f6c5c669,2025-06-05T10:15:23.477000 +CVE-2025-5653,1,1,b830e3106d8341b72802bb4ce6673af8da2ad2a8b99006202e99812deb7cbe0c,2025-06-05T11:15:21.093000 +CVE-2025-5654,1,1,49e9d2a391c820529831583d942e6d45bb44650b0264404c2ba595a167d8623f,2025-06-05T11:15:22.133000 +CVE-2025-5655,1,1,f89a2b4fde8513e5947db455187b5cb74296f432637dfa8bd45dbc068a0412da,2025-06-05T11:15:22.313000 CVE-2025-5683,0,0,ba4cab8ac4a992f679318045c0972e1d1d7a83c5101ea31565eb781d5696d00a,2025-06-05T06:15:27.517000 CVE-2025-5688,0,0,73bb641229fc7f0cc58d056bcd50b9204b2df12fec290a20f6d3344d9742580f,2025-06-04T17:15:29.330000 CVE-2025-5690,0,0,ac9502bdafeae675eb4593084c8644a2164e57d1b6a23446acd8173b20c2ef82,2025-06-04T22:15:26.470000