Auto-Update: 2025-03-23T07:00:20.572973+00:00

2025-05-07 11:07:05 +00:00 · 2025-03-23 07:03:51 +00:00 · 2025-03-23 07:03:51 +00:00 · 2bf289ce25
commit 2bf289ce25
parent 7ceeb17c6b
5 changed files with 199 additions and 8 deletions
--- a/CVE-2025/CVE-2025-07xx/CVE-2025-0718.json
+++ b/CVE-2025/CVE-2025-07xx/CVE-2025-0718.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2025-0718",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2025-03-23T06:15:11.860",
+  "lastModified": "2025-03-23T06:15:11.860",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/69ddd8eb-33f1-49cf-9428-3d89262b1887/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-14xx/CVE-2025-1446.json
+++ b/CVE-2025/CVE-2025-14xx/CVE-2025-1446.json
@ -0,0 +1,21 @@
+{
+  "id": "CVE-2025-1446",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2025-03-23T06:15:12.110",
+  "lastModified": "2025-03-23T06:15:12.110",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Pods  WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/c170fb45-7ed5-40ef-99f6-8da035a23d89/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-26xx/CVE-2025-2641.json
+++ b/CVE-2025/CVE-2025-26xx/CVE-2025-2641.json
@ -0,0 +1,145 @@
+{
+  "id": "CVE-2025-2641",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-03-23T05:15:12.020",
+  "lastModified": "2025-03-23T05:15:12.020",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-artist-detail.php?editid=1. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 6.9,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "LOW",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "LOW",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+          "baseScore": 7.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-74"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/liuhao2638/cve/issues/2",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://phpgurukul.com/",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.300656",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.300656",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.519768",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-03-23T05:00:19.664838+00:00
+2025-03-23T07:00:20.572973+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-03-23T04:15:14.120000+00:00
+2025-03-23T06:15:12.110000+00:00
 ```

 ### Last Data Feed Release
@ -33,15 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-286231
+286234
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `3`

- [CVE-2025-2639](CVE-2025/CVE-2025-26xx/CVE-2025-2639.json) (`2025-03-23T03:15:11.807`)
- [CVE-2025-2640](CVE-2025/CVE-2025-26xx/CVE-2025-2640.json) (`2025-03-23T04:15:14.120`)
+- [CVE-2025-0718](CVE-2025/CVE-2025-07xx/CVE-2025-0718.json) (`2025-03-23T06:15:11.860`)
+- [CVE-2025-1446](CVE-2025/CVE-2025-14xx/CVE-2025-1446.json) (`2025-03-23T06:15:12.110`)
+- [CVE-2025-2641](CVE-2025/CVE-2025-26xx/CVE-2025-2641.json) (`2025-03-23T05:15:12.020`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -281251,6 +281251,7 @@ CVE-2025-0708,0,0,659d85452dbea3574dcbf830e77ebd7d9b31a5282c05d0b34b2613bd9e24ca
 CVE-2025-0709,0,0,db800c30c627cf742b915e1d20885c2c6704e2eaeeb546112e3cf2e52c16fcbf,2025-01-24T21:15:11.237000
 CVE-2025-0710,0,0,81cfa891cdbaa188ea5f0cdc6436388cbcbfc8f589a6588bc197916940231ee9,2025-03-03T14:55:27.487000
 CVE-2025-0714,0,0,7a5ace77913ec81f29c63850fa9378895a034df434a64ef2c1dd7b18a728bf62,2025-02-19T09:15:09.863000
+CVE-2025-0718,1,1,0e91634afaf5eea5458a9aa8b1e8a00107ada4644b871c0d98fb906db607ed36,2025-03-23T06:15:11.860000
 CVE-2025-0719,0,0,44927ec8b6afaf34270843fd13dbd3ba0f3f99ce1ef23ab7a0954a7b4854cf52,2025-02-26T14:15:11.587000
 CVE-2025-0720,0,0,bf163c74b4e9e0ae1d92684788b595f2199f607068d51d6135d379966c283462,2025-01-26T23:15:21.547000
 CVE-2025-0721,0,0,a17c1b763dfbd45aa4203f0e8b4c3b1bd0f0a61d080bea2c50ad8ff161e60eaa,2025-02-25T20:28:55.787000
@ -281729,6 +281730,7 @@ CVE-2025-1434,0,0,a3866a08b633baa47e1218d0ddb17df7ba7c9c2875011d0577de1d45619f3f
 CVE-2025-1435,0,0,3d678d6656d20bd5b96aa1f5dc812b5bfdb1816c9aa05dbe2ea5cdc48474d52d,2025-03-05T09:15:10.267000
 CVE-2025-1436,0,0,4fd0b2ae4e724dd49b85592d1f1318f63e647837cea49133222d911b8ad33afb,2025-03-14T17:15:50.623000
 CVE-2025-1441,0,0,2d81c29ba90afc9b9a305ea2ed689bb369bca8be1da9da1458054db63323a34f,2025-02-28T19:51:28.980000
+CVE-2025-1446,1,1,c750eef1a13d8d2cb63701c281d836b8473c6e2e9f5917689e35d960a70bcc83,2025-03-23T06:15:12.110000
 CVE-2025-1447,0,0,b52fc293ec2c8f7276787d8ec4e27a605d8feb40937673c00f5fe8646d83ab92,2025-02-19T01:15:09.407000
 CVE-2025-1448,0,0,dcd55b821241f3fcd52c60ec5d939cca30ac2e0644079f21a4efc2df8a0c8c2d,2025-02-19T02:15:08.833000
 CVE-2025-1450,0,0,f0a28cf37155f4c16fff9326b0ffe6a415c6c5c1475546052ba68718728afcec,2025-03-11T15:46:05.180000
@ -285426,11 +285428,12 @@ CVE-2025-26376,0,0,90eeec3b23b739a411f2298590832d14f091d24699dbf3da6862c5e4407f2
 CVE-2025-26377,0,0,96f969cb5307f2cbebc16af725f96ac45b51be8c065b61bf3eeda7b6d861fdb8,2025-02-12T14:15:38.933000
 CVE-2025-26378,0,0,ee2f1897a6683ea6c4c3e60750a42143f8a85d34ee7d0a636569caad0aaac614,2025-03-03T22:06:52.163000
 CVE-2025-2638,0,0,bb7c0deef75ef7c7d44894dc75ee621cbb61332dfe7dfaae74deffe7d266970a,2025-03-23T02:15:24.877000
-CVE-2025-2639,1,1,6f7df99e40957187fa9d990f2cba8e1cd9732c0e9619aaac0fb44ab51eaa1839,2025-03-23T03:15:11.807000
+CVE-2025-2639,0,0,6f7df99e40957187fa9d990f2cba8e1cd9732c0e9619aaac0fb44ab51eaa1839,2025-03-23T03:15:11.807000
 CVE-2025-26393,0,0,0084efd52fbee3d09de405c3fe48d1fbc4bd7655a73c657547c37f33e81d553f,2025-03-17T20:15:14.140000
-CVE-2025-2640,1,1,8a571ac00caf27bcf1f3fdf058216d3356c0f3492cb5c164df6ee5479e91aa19,2025-03-23T04:15:14.120000
+CVE-2025-2640,0,0,8a571ac00caf27bcf1f3fdf058216d3356c0f3492cb5c164df6ee5479e91aa19,2025-03-23T04:15:14.120000
 CVE-2025-26408,0,0,cc3ff44719bfe263908c93711d844cb0c43379729d03c83e2a4a7413b5395225,2025-03-22T15:15:38.687000
 CVE-2025-26409,0,0,cdf29866235215f5068aacbcbdb6f999e9c9f7adf8baf249758a0e54e8048ba1,2025-03-17T17:15:39.723000
+CVE-2025-2641,1,1,5bff2143551f23ed0380bb2239d799975000e33937d7ded7e915049538056cf4,2025-03-23T05:15:12.020000
 CVE-2025-26410,0,0,e0a8c1ecc38adad5db47008cfe5d8287500ec3cbba2c1f9a4a60a8e1051c525e,2025-03-18T19:15:50.450000
 CVE-2025-26411,0,0,3c8f066d5451ad6ef36a27d64d17719d6f654697fa56337f49dfc83e42e73333,2025-03-14T18:15:31.947000
 CVE-2025-26465,0,0,10ca81b0503bc2056f51aff42b836da7e13cef94fb05326f3b97cc95851c9520,2025-03-06T17:20:00.520000