admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-15T20:00:19.924711+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-15 20:03:56 +00:00
parent 9f3184e96b
commit 2c7d1e3ac0
5 changed files with 271 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2023/CVE-2023-70xx/CVE-2023-7035.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-7035",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T15:15:13.967",
"lastModified": "2024-11-21T08:45:05.527",
"lastModified": "2025-06-15T19:15:18.793",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\\standard\\templates\\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
"value": "A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\\standard\\templates\\post.php of the component Setting Handler. The manipulation of the argument sitename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
@ -16,6 +16,50 @@
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
@ -92,6 +136,10 @@
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
@ -139,6 +187,18 @@
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.249813",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.249814",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.597122",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Stored%20Cross%20Site%20Scripting%20(XSS)",
"source": "af854a3a-2127-422b-91ae-364da2661108",

56
CVE-2025/CVE-2025-59xx/CVE-2025-5990.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-5990",
"sourceIdentifier": "cve@gitlab.com",
"published": "2025-06-15T18:15:18.267",
"lastModified": "2025-06-15T18:15:18.267",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/crafty-controller/crafty-4/-/issues/567",
"source": "cve@gitlab.com"
}
]
}

141
CVE-2025/CVE-2025-60xx/CVE-2025-6092.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-6092",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-15T18:15:19.037",
"lastModified": "2025-06-15T18:15:19.037",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in comfyanonymous comfyui up to 0.3.39. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /upload/image of the component Incomplete Fix CVE-2024-10099. The manipulation of the argument image leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "PROOF_OF_CONCEPT",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/superboy-zjc/96f0d56da584d840ba18355cbea96ac4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.312559",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.312559",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.588224",
"source": "cna@vuldb.com"
}
]
}

12
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-06-15T18:00:13.656856+00:00
2025-06-15T20:00:19.924711+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-06-15T17:15:18.360000+00:00
2025-06-15T19:15:18.793000+00:00
```
### Last Data Feed Release
@ -33,22 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
297962
297964
```
### CVEs added in the last Commit
Recently added CVEs: `2`
- [CVE-2024-25573](CVE-2024/CVE-2024-255xx/CVE-2024-25573.json) (`2025-06-15T16:15:18.683`)
- [CVE-2025-6091](CVE-2025/CVE-2025-60xx/CVE-2025-6091.json) (`2025-06-15T17:15:18.360`)
- [CVE-2025-5990](CVE-2025/CVE-2025-59xx/CVE-2025-5990.json) (`2025-06-15T18:15:18.267`)
- [CVE-2025-6092](CVE-2025/CVE-2025-60xx/CVE-2025-6092.json) (`2025-06-15T18:15:19.037`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
- [CVE-2025-28380](CVE-2025/CVE-2025-283xx/CVE-2025-28380.json) (`2025-06-15T17:15:18.007`)
- [CVE-2023-7035](CVE-2023/CVE-2023-70xx/CVE-2023-7035.json) (`2025-06-15T19:15:18.793`)
## Download and Usage

10
_state.csv
View File

@ -243892,7 +243892,7 @@ CVE-2023-7030,0,0,3c0e7e678cd5c617b5ce9677e1be89fed25cef8cbc989aad9df6d54a4663d5
CVE-2023-7031,0,0,d56d1f243e4bd6c87e3002c4501e9fe5a78b6fc19e814625316adbaf20b3903f,2024-11-21T08:45:04.987000
CVE-2023-7032,0,0,90028d31b608d7a4d2fc3aaf47e6ddce9fe1fee5eae81e1705864bc5b8e20e15,2024-11-21T08:45:05.137000
CVE-2023-7033,0,0,3740bc13eb2fe0e0616085b4a70bef4c5f396920119b20e38bd7301edafc37d2,2025-01-16T05:15:09.720000
CVE-2023-7035,0,0,9a580e747a6f691e954c5cf866c67d6926e0732ca03645e320728e14627545d3,2024-11-21T08:45:05.527000
CVE-2023-7035,0,1,325a07b42a5d13919ffe081e81d3eff67d168a9958bd33fa61975db7c83e6d19,2025-06-15T19:15:18.793000
CVE-2023-7036,0,0,e8a0ecd56cc1901f1ceaafdfee06a05cea7e8ad945252611e87d6c4ac4ef2ec2,2024-11-21T08:45:05.700000
CVE-2023-7037,0,0,43c6fec2f65f06abfabe29dda4ceaabe11aa4fb5a5ee0860d8c7a05dfe2b8e1a,2024-11-21T08:45:05.857000
CVE-2023-7038,0,0,bd5ce6d7cbc577c782047ab2ec9f96028fdffed14ff8d4c1b0642fb5c9ec44e6,2024-11-21T08:45:06.013000
@ -254080,7 +254080,7 @@ CVE-2024-25569,0,0,b037d1dac321d0fad4f682820302460ba3789c0955cd0c11614e35160f41f
CVE-2024-2557,0,0,1401ca997ffd5c020e7fbea47e5541f7ac467d517340858576f69f2e489eab1e,2025-05-07T16:30:33.517000
CVE-2024-25571,0,0,8a68e54b2e23ebcb2672041b2be0c0d79b94a807b69a2bcde573f17191362239,2025-02-12T22:15:31.667000
CVE-2024-25572,0,0,cbed3561a996d8fc0913552e9f85910773571a0e0f73b275ef35dc4399b8665b,2025-04-08T15:17:15.773000
CVE-2024-25573,1,1,da0a97ca9953301e68007eb7f7395e51118eb44ee18edcd5036ff6bbb141ed0f,2025-06-15T16:15:18.683000
CVE-2024-25573,0,0,da0a97ca9953301e68007eb7f7395e51118eb44ee18edcd5036ff6bbb141ed0f,2025-06-15T16:15:18.683000
CVE-2024-25574,0,0,3a6d003e6549d6e7e9bf748f59f234891c4a95854309550ae4079efeefd3444d,2025-02-27T15:03:31.583000
CVE-2024-25575,0,0,1018bd05e409a13236c5dcb2237c77906e7f23238c36cbe4ff25ea1f8323e117,2024-11-21T09:01:00.773000
CVE-2024-25576,0,0,8c96953d02c3ecec70b0880ceff32ab69ff1846b5ba0dbd1e89bf62fd8ac88d6,2024-09-06T20:17:14.003000
@ -290004,7 +290004,7 @@ CVE-2025-28367,0,0,4a07d437818fe7720795b8f309552d71415612c2033b36795a35ab5455779
CVE-2025-2837,0,0,b89aeb2a53f8a50fdc7d1cb971618f78d6548d3dfb914df0b41cb0d9a2a5f82a,2025-03-27T16:45:27.850000
CVE-2025-28371,0,0,9134c0b29ad829ee44935d8e974e7c73f0d8c01267cd2682d218b45eeaf0a178,2025-06-12T16:26:26.253000
CVE-2025-2838,0,0,ad5519332c14610c417f2ebe0957fac238c08deca06808872c71584919e4dfa3,2025-03-27T16:45:27.850000
CVE-2025-28380,0,1,36bedb167d7833934d7536384701227f764cb62b7a0dbd404b1ba222663bec45,2025-06-15T17:15:18.007000
CVE-2025-28380,0,0,36bedb167d7833934d7536384701227f764cb62b7a0dbd404b1ba222663bec45,2025-06-15T17:15:18.007000
CVE-2025-28381,0,0,39b7cc899f9c111fc1c462db749276045ab89748c7ae3428b15001fa97ee1759,2025-06-13T16:15:25.227000
CVE-2025-28382,0,0,4472d28087ea6d98e4980583cd33e37dfe9c5525edfbc1010418c6c4049e8a0f,2025-06-13T18:15:20.677000
CVE-2025-28384,0,0,ba795bd2e5eabc22fedd790aa0a529c7ee0985ace1561a3ab6045d696221e28a,2025-06-13T18:15:21.510000
@ -297931,6 +297931,7 @@ CVE-2025-5982,0,0,0c7dea74cc8efc70e60ba20222cf4cd8ed64924645dcf72550beef2f337a91
CVE-2025-5984,0,0,7cfaf20c4da70667d156850823eee53a39a37c9deae6d419cb0c5d32dacf8676,2025-06-12T16:06:20.180000
CVE-2025-5985,0,0,ebcdda4dcd61ee165daceb4c1cf64a9b8507d5f9de3a48b2f52bb73592cb298b,2025-06-12T16:06:20.180000
CVE-2025-5986,0,0,dd95f639f37e975a11d2593698d4d1fa27a00a42ab756d34661be25296fae63b,2025-06-12T16:06:20.180000
CVE-2025-5990,1,1,961673ab9954b97229be3fc18a50e664a0bc9fa9400cb93454dd37859378dd5b,2025-06-15T18:15:18.267000
CVE-2025-5991,0,0,2d56ef31c39d49ebda5cce54941d2d07bc366906f8f2e10ec12b1264a4709a15,2025-06-12T16:06:20.180000
CVE-2025-5996,0,0,6d836d2b7cc11df634eb3440d15936d2a06ec9995d3d02eb7a9226ed3b7059e0,2025-06-12T16:06:20.180000
CVE-2025-6001,0,0,6947a76225acd2e0352dafdcc9d8c8832898e935ce2588bd16c7b63b5eaaea42,2025-06-12T16:06:20.180000
@ -297960,4 +297961,5 @@ CVE-2025-6070,0,0,ae440df732d231f7ffcd78cb09e2ed1b1c8a60913b6e4fb5a0be81a26a0ad6
CVE-2025-6083,0,0,5e291165aed4c74479ba71d7ab91f6f809097d9cd4c0b19093249b128e4fa523,2025-06-13T22:15:19.500000
CVE-2025-6089,0,0,1082dde39a9a857add821028ed23d128072d550fdb8ad36ad1f948e836ba053f,2025-06-15T13:15:33.353000
CVE-2025-6090,0,0,e27818139ece2411b32b2e625852fcc342cc8f5d5f99f49ddd3d8c5d380302a8,2025-06-15T15:15:19.303000
CVE-2025-6091,1,1,581c1cfa5c591595b15c75e858563a24f75318a6fba57a73b264350d4caca8d2,2025-06-15T17:15:18.360000
CVE-2025-6091,0,0,581c1cfa5c591595b15c75e858563a24f75318a6fba57a73b264350d4caca8d2,2025-06-15T17:15:18.360000
CVE-2025-6092,1,1,610090ee4899c7756bc69bf8b3a79dc8f05e4845772e95595392d1ed6df1eb10,2025-06-15T18:15:19.037000

Can't render this file because it is too large.