admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-06-11T12:00:27.453854+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-06-11 12:04:05 +00:00
parent 17bb4d3184
commit 2f09ebccdd
6 changed files with 207 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CVE-2025/CVE-2025-41xx/CVE-2025-4128.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-4128",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2025-06-11T11:15:23.143",
"lastModified": "2025-06-11T11:15:23.143",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/{team_id}."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 3.1,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

64
CVE-2025/CVE-2025-43xx/CVE-2025-4315.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-4315",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-06-11T10:15:21.733",
"lastModified": "2025-06-11T10:15:21.733",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CubeWP \u2013 All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the plugin allowing a user to update arbitrary user meta through the update_user_meta() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/cubewp-framework/tags/1.1.23/cube/classes/class-cubewp-rest-api.php#L691",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3306925/cubewp-framework#file2",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/430b7e72-72b8-4cf8-99f4-ee1d1d4b4f24?source=cve",
"source": "security@wordfence.com"
}
]
}

56
CVE-2025/CVE-2025-45xx/CVE-2025-4573.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-4573",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2025-06-11T11:15:23.313",
"lastModified": "2025-06-11T11:15:23.313",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT /api/v4/ldap/groups/{remote_id}/link API when objectGUID is configured as the Group ID Attribute."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-90"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

16
CVE-2025/CVE-2025-58xx/CVE-2025-5889.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-5889",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-06-09T19:15:25.460",
"lastModified": "2025-06-09T19:15:25.460",
"lastModified": "2025-06-11T11:15:23.450",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in juliangruber brace-expansion up to 1.1.11. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to apply a patch to fix this issue."
"value": "A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en juliangruber brace-expansion hasta la versi\u00f3n 1.1.11. Se ha clasificado como problem\u00e1tica. Este problema afecta a la funci\u00f3n \"expand\" del archivo index.js. La manipulaci\u00f3n genera una complejidad ineficiente en las expresiones regulares. El ataque puede ejecutarse en remoto. Es un ataque de complejidad bastante alta. Parece dif\u00edcil de explotar. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se llama a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. Se recomienda aplicar un parche para solucionar este problema."
}
],
"metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -129,6 +133,10 @@
"url": "https://github.com/juliangruber/brace-expansion/pull/65/commits/a5b98a4f30d7813266b221435e1eaaf25a1b0ac5",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/juliangruber/brace-expansion/releases/tag/v4.0.1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.311660",
"source": "cna@vuldb.com"

20
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-06-11T10:00:19.120084+00:00
2025-06-11T12:00:27.453854+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-06-11T09:15:22.700000+00:00
2025-06-11T11:15:23.450000+00:00
```
### Last Data Feed Release
@ -33,25 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
297709
297712
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `3`
- [CVE-2025-26412](CVE-2025/CVE-2025-264xx/CVE-2025-26412.json) (`2025-06-11T09:15:22.067`)
- [CVE-2025-29756](CVE-2025/CVE-2025-297xx/CVE-2025-29756.json) (`2025-06-11T08:15:21.730`)
- [CVE-2025-41661](CVE-2025/CVE-2025-416xx/CVE-2025-41661.json) (`2025-06-11T09:15:22.257`)
- [CVE-2025-41662](CVE-2025/CVE-2025-416xx/CVE-2025-41662.json) (`2025-06-11T09:15:22.480`)
- [CVE-2025-41663](CVE-2025/CVE-2025-416xx/CVE-2025-41663.json) (`2025-06-11T09:15:22.700`)
- [CVE-2025-5991](CVE-2025/CVE-2025-59xx/CVE-2025-5991.json) (`2025-06-11T08:15:22.933`)
- [CVE-2025-4128](CVE-2025/CVE-2025-41xx/CVE-2025-4128.json) (`2025-06-11T11:15:23.143`)
- [CVE-2025-4315](CVE-2025/CVE-2025-43xx/CVE-2025-4315.json) (`2025-06-11T10:15:21.733`)
- [CVE-2025-4573](CVE-2025/CVE-2025-45xx/CVE-2025-4573.json) (`2025-06-11T11:15:23.313`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2025-5889](CVE-2025/CVE-2025-58xx/CVE-2025-5889.json) (`2025-06-11T11:15:23.450`)
## Download and Usage

17
_state.csv
View File

@ -288682,7 +288682,7 @@ CVE-2025-26409,0,0,cdf29866235215f5068aacbcbdb6f999e9c9f7adf8baf249758a0e54e8048
CVE-2025-2641,0,0,0c4e7f6e917c2684e1ef81919020337c8afbfd73d5a46107cea6f98fc25ffc5c,2025-04-02T14:32:40.757000
CVE-2025-26410,0,0,e0a8c1ecc38adad5db47008cfe5d8287500ec3cbba2c1f9a4a60a8e1051c525e,2025-03-18T19:15:50.450000
CVE-2025-26411,0,0,3c8f066d5451ad6ef36a27d64d17719d6f654697fa56337f49dfc83e42e73333,2025-03-14T18:15:31.947000
CVE-2025-26412,1,1,e439f02063f036d3657a0bf05afa8e0aae7f2989029f4b795f42ec34bbfc4505,2025-06-11T09:15:22.067000
CVE-2025-26412,0,0,e439f02063f036d3657a0bf05afa8e0aae7f2989029f4b795f42ec34bbfc4505,2025-06-11T09:15:22.067000
CVE-2025-26413,0,0,2158c3399ea37dae246e6333a0208fa039262ef589c11e6030057cf377da68cd,2025-05-12T16:15:23.023000
CVE-2025-2642,0,0,9fd74d08c30eb46678d329dd538a5586185726ca4d8ec1276ca17b4f6bd06bab,2025-04-02T13:48:31.510000
CVE-2025-2643,0,0,f96a1e9165c8c6b99a098f4d86d5cf57a75b6fe768e009b644ffd8b873a80653,2025-04-02T13:42:29.387000
@ -290385,7 +290385,7 @@ CVE-2025-2974,0,0,695ae768ef6524a31e333a2a15c7b6d7e58b63b62d57be8f5f977780042de4
CVE-2025-29743,0,0,81120842f22b2571ea7e3fe058ac6f5d5658e8dd31a46120b990d9a82771d185,2025-04-30T13:54:38.493000
CVE-2025-29746,0,0,b928f042c8f64c45c80662a4638972935a0ad568b5c440e11d275fd69dd05300,2025-05-08T16:15:25.443000
CVE-2025-2975,0,0,a51ab4826f882dfc9eb64143ebea4f1b786d39ebf186c00a08fe8a9302ac16b4,2025-04-01T20:26:30.593000
CVE-2025-29756,1,1,31c46edf3dde58bd9d48d72e74cb8b05849e66e6393c7f07bb971e9323117946,2025-06-11T08:15:21.730000
CVE-2025-29756,0,0,31c46edf3dde58bd9d48d72e74cb8b05849e66e6393c7f07bb971e9323117946,2025-06-11T08:15:21.730000
CVE-2025-2976,0,0,2714beee469a94bef5bdeffcc7963fd27d32ec325e019e7704104b1aec409041,2025-04-01T20:26:30.593000
CVE-2025-29763,0,0,bf55241b67fdd310b98028858a08a97cc074676a6765a11772e4f8ce63994862,2025-05-01T20:15:36.110000
CVE-2025-29766,0,0,d0d6c01c0aacc0172ff6cf10187bd4c58c9fb5a0b02e4e65dffc9f50e759cbe7,2025-04-01T20:26:22.890000
@ -294442,6 +294442,7 @@ CVE-2025-4124,0,0,2116d33601d18584d8ff86788e21befdf79ee067b30d9afca370ae97d0f6cb
CVE-2025-4125,0,0,9ce360e53c445df2b459e99f4cc1a32fbf05cb06f761d7887ca2ad1edf5cdba7,2025-05-16T16:56:47.173000
CVE-2025-4126,0,0,c504eb8f9e35e66ea3a2e9e649e0b3ff59910e9bf49695680cf85ff18119f2ac,2025-05-16T14:43:26.160000
CVE-2025-4127,0,0,440aeef33b0470c9ce2f9d93f454f227b230a85f1c418afc74834471a41511d6,2025-06-04T22:46:00.467000
CVE-2025-4128,1,1,add058cb3c82bda3b8528b31512480936d486c01ced26234eec277e965a5f17b,2025-06-11T11:15:23.143000
CVE-2025-4131,0,0,e145db9bdcf5e54a3788ea8919212b2cfcdb96e29e639a2a6fca852d8fbe36f2,2025-05-02T13:52:51.693000
CVE-2025-4132,0,0,e4809de586f057a9e14a37c05676b7015f221bfc82c94512bf23f0611070b256,2025-05-12T09:15:16.080000
CVE-2025-4133,0,0,62707a46d404303184816916a5f626e6709dc33fc51eeac3cd7609c2da4dc930,2025-06-09T20:13:53.007000
@ -294517,9 +294518,9 @@ CVE-2025-41654,0,0,c22856a515f49ccd204a32143b656fc257abf14e343863bdec0d026ca010b
CVE-2025-41655,0,0,d4e55c0bf8ee1b4fb7f9a5a70eabfb748935a97fe6cc917be3646a99349642c3,2025-05-28T15:01:30.720000
CVE-2025-41657,0,0,fe785a8a271a8bfed9a8574477bebed4f54bcc892e6c96de3103c865106136b3,2025-06-10T11:15:53.150000
CVE-2025-4166,0,0,5bfebbee34c2356ee039434bb4ac7a8705ff7fab6fe8d313f7df39c4661cee90,2025-05-05T20:54:45.973000
CVE-2025-41661,1,1,4ee8cdbc31d7aec5bcd54c61368711631ea0d886723d4e17b3571a3eb111e85e,2025-06-11T09:15:22.257000
CVE-2025-41662,1,1,800eae9415033dac7a1738711da9fca818642a243e70a1d6cc18b56f3878828e,2025-06-11T09:15:22.480000
CVE-2025-41663,1,1,92b360c44e537e634f663c5990e588057c8b6322aca9407ebff20703a69c9010,2025-06-11T09:15:22.700000
CVE-2025-41661,0,0,4ee8cdbc31d7aec5bcd54c61368711631ea0d886723d4e17b3571a3eb111e85e,2025-06-11T09:15:22.257000
CVE-2025-41662,0,0,800eae9415033dac7a1738711da9fca818642a243e70a1d6cc18b56f3878828e,2025-06-11T09:15:22.480000
CVE-2025-41663,0,0,92b360c44e537e634f663c5990e588057c8b6322aca9407ebff20703a69c9010,2025-06-11T09:15:22.700000
CVE-2025-4168,0,0,a6468df4f7a2597ad76d3cb7aeb08566a4877cfddb2b3e40039e98441ddbce5f,2025-05-05T20:54:19.760000
CVE-2025-4169,0,0,bfc728158ddf7f1a565291bbe3bc05c4816fdb9cc64adedded01a1b86d632adf,2025-05-16T14:42:18.700000
CVE-2025-4170,0,0,133573d3aa8594d19e56ffa6beff9d425ae43d2765fc46c0e41b4c599f9a4675,2025-05-05T20:54:19.760000
@ -294680,6 +294681,7 @@ CVE-2025-4311,0,0,b86b7f03b9a3e13ebec6a81fa3374a72088c76d5ed9808b613942b1a544a85
CVE-2025-4312,0,0,b020ac5d93c94e4243097f7603b6eb31d5f3637b9a07a16410872c1ee6380b29,2025-05-14T20:56:44.840000
CVE-2025-4313,0,0,96adfe49118b3dc0ffa2d766514becfcea2a2e173aec97c2971381d69b1c7c38,2025-05-14T20:57:03.937000
CVE-2025-4314,0,0,89cfceef9bbe0699f164e05975fe9dcf3155dc1437b8d0bc5f6540ae67e31e0a,2025-05-14T20:57:14.900000
CVE-2025-4315,1,1,e5d7fb1431e38b2f10126259e4ebe8eb19601904fe230cc0d953564d096d24fb,2025-06-11T10:15:21.733000
CVE-2025-4316,0,0,a3cffae4e2b5f53f1a661b0b9d82da9e0409120ddd80fb5f02808f802009be7c,2025-05-14T13:15:48.907000
CVE-2025-4317,0,0,f983c055783da6de4e51f0e6cd7b6401724e0ab142e6ae06607742ab65cbbc38,2025-05-13T19:35:18.080000
CVE-2025-4318,0,0,5887b3ce06385074832e5ab93ef36220685a1c2570be13ee561ec8804f3cb15a,2025-06-10T01:15:23.483000
@ -295155,6 +295157,7 @@ CVE-2025-4562,0,0,d2657f9e359abe15e16bbecb49ae9ba4428138285e1222df0d7e8c7358260e
CVE-2025-4564,0,0,8d3f9720d908e446b737db8b900434db81b180dd53397ac7362129a7e91e5314,2025-05-16T14:43:26.160000
CVE-2025-4567,0,0,a5c879fa190e64c457804cb929009e4d3ed79771da2179c3388d5be1060c5622,2025-06-05T14:09:17.020000
CVE-2025-4568,0,0,a7dc4015dc0dc8a1d051ca0a0c8659f2aa00a001767db9893b5b3f88ebbd1af5,2025-06-05T20:12:23.777000
CVE-2025-4573,1,1,b3373ae029c84eab61791e1c228ff91a08fffff18ea5882aa16e746ccb44e6a2,2025-06-11T11:15:23.313000
CVE-2025-4574,0,0,a936e70ea81d08570f1b370d85f904e33ed32b85014f55e350943da2afdfcfb5,2025-05-16T14:43:56.797000
CVE-2025-45746,0,0,4f739c19260013516117a27de71915ddd8b481653d1fe15c253a574b15da0223,2025-05-21T14:15:31.553000
CVE-2025-4575,0,0,0624d6300232d42a9f90f1e62069c560ca8ea8d361bea47508069c55d62ec0b1,2025-05-23T15:55:02.040000
@ -297655,7 +297658,7 @@ CVE-2025-5885,0,0,bca2d2871b63dd6eccf4504f84b7c81750e56a52a9d6586fb746c58736eec6
CVE-2025-5886,0,0,57f3fe000a27ba71a3c9ab8b5a9188dfe28750cdcdddec173aef81c271bb4a71,2025-06-10T14:15:31.160000
CVE-2025-5887,0,0,5136919542c2b0d6efd89daa4797cf9dc684ce484d0bee313edcf2d161ac9cfb,2025-06-09T20:15:25.013000
CVE-2025-5888,0,0,8ae86dc91bfbb19db8069a50148c81b6ef6ab94e58e8b25cf50a4393802ed91e,2025-06-09T18:15:27.873000
CVE-2025-5889,0,0,12866cc0cd082a7151f1e5bf29dd88d934d59269df384abc8b0144c010419bd3,2025-06-09T19:15:25.460000
CVE-2025-5889,0,1,79d0f0c5b3b726a47581058a31b8e711ba8cb30df8b90eb32d56990eb48db20f,2025-06-11T11:15:23.450000
CVE-2025-5890,0,0,9b58b02992b94753d85c9e33614b8f5e4a7c9dafd386882d79ee3548ab14456d,2025-06-09T19:15:25.677000
CVE-2025-5891,0,0,d1b139b281160bbb253ff7821b55cbfd2c048c282b2fd4ee6f3798db59ba4610,2025-06-09T20:15:25.213000
CVE-2025-5892,0,0,ef651ac9f964b6d5d0e2d2ef95a783ff216013027d6f33862f90d2f4c4f6bc6f,2025-06-09T20:15:25.377000
@ -297707,4 +297710,4 @@ CVE-2025-5979,0,0,d27c61690a89a70834e1ac7ec79b55e9c00b548ee2fa9335cb0305161ad452
CVE-2025-5980,0,0,e040dd481b18254b8331cc7db878c5d64b7a6be5a4fa7521d9ea11a576b92997,2025-06-10T21:15:23.150000
CVE-2025-5984,0,0,23b7a2e2427c55d6b8b71bdfb3210e81fbbb4de6329b5126e67b10ed13442fce,2025-06-10T23:15:58.583000
CVE-2025-5985,0,0,6446d10df39548f8cc9543e4c4495bd4e0a246e2b8805b29cf25763ee00bb5ed,2025-06-10T23:15:58.770000
CVE-2025-5991,1,1,63a683acbdc0ee08246e1a037b74c64c0c9a5c11210d84e35e546c14a58c12d4,2025-06-11T08:15:22.933000
CVE-2025-5991,0,0,63a683acbdc0ee08246e1a037b74c64c0c9a5c11210d84e35e546c14a58c12d4,2025-06-11T08:15:22.933000

Can't render this file because it is too large.