diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7035.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7035.json index 0bfa7555e64..a0b058b79a4 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7035.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7035.json @@ -2,13 +2,13 @@ "id": "CVE-2023-7035", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-21T15:15:13.967", - "lastModified": "2024-11-21T08:45:05.527", + "lastModified": "2025-06-15T19:15:18.793", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\\standard\\templates\\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\\standard\\templates\\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "es", @@ -16,6 +16,50 @@ } ], "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], "cvssMetricV31": [ { "source": "cna@vuldb.com", @@ -92,6 +136,10 @@ { "lang": "en", "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" } ] } @@ -139,6 +187,18 @@ "Third Party Advisory" ] }, + { + "url": "https://vuldb.com/?submit.249813", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.249814", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.597122", + "source": "cna@vuldb.com" + }, { "url": "https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Stored%20Cross%20Site%20Scripting%20(XSS)", "source": "af854a3a-2127-422b-91ae-364da2661108", diff --git a/CVE-2025/CVE-2025-59xx/CVE-2025-5990.json b/CVE-2025/CVE-2025-59xx/CVE-2025-5990.json new file mode 100644 index 00000000000..cdd8a4297e2 --- /dev/null +++ b/CVE-2025/CVE-2025-59xx/CVE-2025-5990.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-5990", + "sourceIdentifier": "cve@gitlab.com", + "published": "2025-06-15T18:15:18.267", + "lastModified": "2025-06-15T18:15:18.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", + "baseScore": 7.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/crafty-controller/crafty-4/-/issues/567", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-60xx/CVE-2025-6092.json b/CVE-2025/CVE-2025-60xx/CVE-2025-6092.json new file mode 100644 index 00000000000..26b4c82edea --- /dev/null +++ b/CVE-2025/CVE-2025-60xx/CVE-2025-6092.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-6092", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-15T18:15:19.037", + "lastModified": "2025-06-15T18:15:19.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://gist.github.com/superboy-zjc/96f0d56da584d840ba18355cbea96ac4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.312559", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.312559", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.588224", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 207128d5b56..14f0846ee40 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-15T18:00:13.656856+00:00 +2025-06-15T20:00:19.924711+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-15T17:15:18.360000+00:00 +2025-06-15T19:15:18.793000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -297962 +297964 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -- [CVE-2024-25573](CVE-2024/CVE-2024-255xx/CVE-2024-25573.json) (`2025-06-15T16:15:18.683`) -- [CVE-2025-6091](CVE-2025/CVE-2025-60xx/CVE-2025-6091.json) (`2025-06-15T17:15:18.360`) +- [CVE-2025-5990](CVE-2025/CVE-2025-59xx/CVE-2025-5990.json) (`2025-06-15T18:15:18.267`) +- [CVE-2025-6092](CVE-2025/CVE-2025-60xx/CVE-2025-6092.json) (`2025-06-15T18:15:19.037`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -- [CVE-2025-28380](CVE-2025/CVE-2025-283xx/CVE-2025-28380.json) (`2025-06-15T17:15:18.007`) +- [CVE-2023-7035](CVE-2023/CVE-2023-70xx/CVE-2023-7035.json) (`2025-06-15T19:15:18.793`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e664e1d583c..7fb6d7456c8 100644 --- a/_state.csv +++ b/_state.csv @@ -243892,7 +243892,7 @@ CVE-2023-7030,0,0,3c0e7e678cd5c617b5ce9677e1be89fed25cef8cbc989aad9df6d54a4663d5 CVE-2023-7031,0,0,d56d1f243e4bd6c87e3002c4501e9fe5a78b6fc19e814625316adbaf20b3903f,2024-11-21T08:45:04.987000 CVE-2023-7032,0,0,90028d31b608d7a4d2fc3aaf47e6ddce9fe1fee5eae81e1705864bc5b8e20e15,2024-11-21T08:45:05.137000 CVE-2023-7033,0,0,3740bc13eb2fe0e0616085b4a70bef4c5f396920119b20e38bd7301edafc37d2,2025-01-16T05:15:09.720000 -CVE-2023-7035,0,0,9a580e747a6f691e954c5cf866c67d6926e0732ca03645e320728e14627545d3,2024-11-21T08:45:05.527000 +CVE-2023-7035,0,1,325a07b42a5d13919ffe081e81d3eff67d168a9958bd33fa61975db7c83e6d19,2025-06-15T19:15:18.793000 CVE-2023-7036,0,0,e8a0ecd56cc1901f1ceaafdfee06a05cea7e8ad945252611e87d6c4ac4ef2ec2,2024-11-21T08:45:05.700000 CVE-2023-7037,0,0,43c6fec2f65f06abfabe29dda4ceaabe11aa4fb5a5ee0860d8c7a05dfe2b8e1a,2024-11-21T08:45:05.857000 CVE-2023-7038,0,0,bd5ce6d7cbc577c782047ab2ec9f96028fdffed14ff8d4c1b0642fb5c9ec44e6,2024-11-21T08:45:06.013000 @@ -254080,7 +254080,7 @@ CVE-2024-25569,0,0,b037d1dac321d0fad4f682820302460ba3789c0955cd0c11614e35160f41f CVE-2024-2557,0,0,1401ca997ffd5c020e7fbea47e5541f7ac467d517340858576f69f2e489eab1e,2025-05-07T16:30:33.517000 CVE-2024-25571,0,0,8a68e54b2e23ebcb2672041b2be0c0d79b94a807b69a2bcde573f17191362239,2025-02-12T22:15:31.667000 CVE-2024-25572,0,0,cbed3561a996d8fc0913552e9f85910773571a0e0f73b275ef35dc4399b8665b,2025-04-08T15:17:15.773000 -CVE-2024-25573,1,1,da0a97ca9953301e68007eb7f7395e51118eb44ee18edcd5036ff6bbb141ed0f,2025-06-15T16:15:18.683000 +CVE-2024-25573,0,0,da0a97ca9953301e68007eb7f7395e51118eb44ee18edcd5036ff6bbb141ed0f,2025-06-15T16:15:18.683000 CVE-2024-25574,0,0,3a6d003e6549d6e7e9bf748f59f234891c4a95854309550ae4079efeefd3444d,2025-02-27T15:03:31.583000 CVE-2024-25575,0,0,1018bd05e409a13236c5dcb2237c77906e7f23238c36cbe4ff25ea1f8323e117,2024-11-21T09:01:00.773000 CVE-2024-25576,0,0,8c96953d02c3ecec70b0880ceff32ab69ff1846b5ba0dbd1e89bf62fd8ac88d6,2024-09-06T20:17:14.003000 @@ -290004,7 +290004,7 @@ CVE-2025-28367,0,0,4a07d437818fe7720795b8f309552d71415612c2033b36795a35ab5455779 CVE-2025-2837,0,0,b89aeb2a53f8a50fdc7d1cb971618f78d6548d3dfb914df0b41cb0d9a2a5f82a,2025-03-27T16:45:27.850000 CVE-2025-28371,0,0,9134c0b29ad829ee44935d8e974e7c73f0d8c01267cd2682d218b45eeaf0a178,2025-06-12T16:26:26.253000 CVE-2025-2838,0,0,ad5519332c14610c417f2ebe0957fac238c08deca06808872c71584919e4dfa3,2025-03-27T16:45:27.850000 -CVE-2025-28380,0,1,36bedb167d7833934d7536384701227f764cb62b7a0dbd404b1ba222663bec45,2025-06-15T17:15:18.007000 +CVE-2025-28380,0,0,36bedb167d7833934d7536384701227f764cb62b7a0dbd404b1ba222663bec45,2025-06-15T17:15:18.007000 CVE-2025-28381,0,0,39b7cc899f9c111fc1c462db749276045ab89748c7ae3428b15001fa97ee1759,2025-06-13T16:15:25.227000 CVE-2025-28382,0,0,4472d28087ea6d98e4980583cd33e37dfe9c5525edfbc1010418c6c4049e8a0f,2025-06-13T18:15:20.677000 CVE-2025-28384,0,0,ba795bd2e5eabc22fedd790aa0a529c7ee0985ace1561a3ab6045d696221e28a,2025-06-13T18:15:21.510000 @@ -297931,6 +297931,7 @@ CVE-2025-5982,0,0,0c7dea74cc8efc70e60ba20222cf4cd8ed64924645dcf72550beef2f337a91 CVE-2025-5984,0,0,7cfaf20c4da70667d156850823eee53a39a37c9deae6d419cb0c5d32dacf8676,2025-06-12T16:06:20.180000 CVE-2025-5985,0,0,ebcdda4dcd61ee165daceb4c1cf64a9b8507d5f9de3a48b2f52bb73592cb298b,2025-06-12T16:06:20.180000 CVE-2025-5986,0,0,dd95f639f37e975a11d2593698d4d1fa27a00a42ab756d34661be25296fae63b,2025-06-12T16:06:20.180000 +CVE-2025-5990,1,1,961673ab9954b97229be3fc18a50e664a0bc9fa9400cb93454dd37859378dd5b,2025-06-15T18:15:18.267000 CVE-2025-5991,0,0,2d56ef31c39d49ebda5cce54941d2d07bc366906f8f2e10ec12b1264a4709a15,2025-06-12T16:06:20.180000 CVE-2025-5996,0,0,6d836d2b7cc11df634eb3440d15936d2a06ec9995d3d02eb7a9226ed3b7059e0,2025-06-12T16:06:20.180000 CVE-2025-6001,0,0,6947a76225acd2e0352dafdcc9d8c8832898e935ce2588bd16c7b63b5eaaea42,2025-06-12T16:06:20.180000 @@ -297960,4 +297961,5 @@ CVE-2025-6070,0,0,ae440df732d231f7ffcd78cb09e2ed1b1c8a60913b6e4fb5a0be81a26a0ad6 CVE-2025-6083,0,0,5e291165aed4c74479ba71d7ab91f6f809097d9cd4c0b19093249b128e4fa523,2025-06-13T22:15:19.500000 CVE-2025-6089,0,0,1082dde39a9a857add821028ed23d128072d550fdb8ad36ad1f948e836ba053f,2025-06-15T13:15:33.353000 CVE-2025-6090,0,0,e27818139ece2411b32b2e625852fcc342cc8f5d5f99f49ddd3d8c5d380302a8,2025-06-15T15:15:19.303000 -CVE-2025-6091,1,1,581c1cfa5c591595b15c75e858563a24f75318a6fba57a73b264350d4caca8d2,2025-06-15T17:15:18.360000 +CVE-2025-6091,0,0,581c1cfa5c591595b15c75e858563a24f75318a6fba57a73b264350d4caca8d2,2025-06-15T17:15:18.360000 +CVE-2025-6092,1,1,610090ee4899c7756bc69bf8b3a79dc8f05e4845772e95595392d1ed6df1eb10,2025-06-15T18:15:19.037000