admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-01 03:01:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-05-01T06:00:19.326990+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-05-01 06:03:53 +00:00
parent 181b79e316
commit 30087566e4
11 changed files with 852 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2024/CVE-2024-138xx/CVE-2024-13845.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-13845",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-01T05:15:51.583",
"lastModified": "2025-05-01T05:15:51.583",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Gravity Forms WebHooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.0 via the 'process_feed' method of the GF_Webhooks class This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://www.gravityforms.com/blog/brand-new-release-webhooks-add-on-1-7/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9311b20b-daad-408f-a1a0-d1e42573ab97?source=cve",
"source": "security@wordfence.com"
}
]
}

72
CVE-2025/CVE-2025-13xx/CVE-2025-1304.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2025-1304",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-01T04:16:43.183",
"lastModified": "2025-05-01T04:16:43.183",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2.5.5/functions.php?annotate=blame&rev=269615#file2",
"source": "security@wordfence.com"
},
{
"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L440",
"source": "security@wordfence.com"
},
{
"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L461",
"source": "security@wordfence.com"
},
{
"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L470",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/85cea6b5-d57b-495e-a504-a0c1ba691637?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2025/CVE-2025-13xx/CVE-2025-1305.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-1305",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-01T04:16:47.947",
"lastModified": "2025-05-01T04:16:47.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L440",
"source": "security@wordfence.com"
},
{
"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=269615%40newsblogger&new=269615%40newsblogger&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2cac27-4a36-490f-b2d8-3c6f32843a38?source=cve",
"source": "security@wordfence.com"
}
]
}

68
CVE-2025/CVE-2025-21xx/CVE-2025-2168.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2025-2168",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-01T04:16:53.127",
"lastModified": "2025-05-01T04:16:53.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1. This is due to missing or incorrect nonce validation on the dismiss() function. This makes it possible for unauthenticated attackers to set arbitrary user meta values to `1` which can be leveraged to lock and administrator out of their site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-store-kit/tags/2.3.6/admin/admin-notice.php#L43",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3255125/ultimate-store-kit/trunk/admin/admin-notice.php",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3283438/ultimate-store-kit/trunk/admin/admin-notice.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a48634d7-30c9-4124-87dd-93a303a969eb?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2025/CVE-2025-39xx/CVE-2025-3952.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-3952",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-01T05:15:52.020",
"lastModified": "2025-05-01T05:15:52.020",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Projectopia \u2013 WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/projectopia-core/trunk/includes/functions/admin/admin_functions.php#L838",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3284330/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de7489e8-fe18-4a80-832c-aa62424c538b?source=cve",
"source": "security@wordfence.com"
}
]
}

64
CVE-2025/CVE-2025-40xx/CVE-2025-4099.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-4099",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-05-01T05:15:52.167",
"lastModified": "2025-05-01T05:15:52.167",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list_children' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/list-children/trunk/list_children.php#L26",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3284430/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/538b4d4b-f8c6-44db-89d2-d345bfbfecb2?source=cve",
"source": "security@wordfence.com"
}
]
}

145
CVE-2025/CVE-2025-41xx/CVE-2025-4148.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-4148",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-05-01T04:16:58.113",
"lastModified": "2025-05-01T04:16:58.113",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/Netgear/netgear_ex6200/Buffer_overflow-sub_503FC-gui_region/README.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306680",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306680",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.560802",
"source": "cna@vuldb.com"
},
{
"url": "https://www.netgear.com/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-41xx/CVE-2025-4149.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-4149",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-05-01T04:16:58.323",
"lastModified": "2025-05-01T04:16:58.323",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/Netgear/netgear_ex6200/Buffer_overflow-sub_54014-gui_region/README.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306681",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306681",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.560803",
"source": "cna@vuldb.com"
},
{
"url": "https://www.netgear.com/",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-41xx/CVE-2025-4150.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-4150",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-05-01T05:15:52.313",
"lastModified": "2025-05-01T05:15:52.313",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/jylsec/vuldb/blob/main/Netgear/netgear_ex6200/Buffer_overflow-sub_54340-gui_region/README.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.306682",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.306682",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.560804",
"source": "cna@vuldb.com"
},
{
"url": "https://www.netgear.com/",
"source": "cna@vuldb.com"
}
]
}

20
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-05-01T04:00:19.572954+00:00
2025-05-01T06:00:19.326990+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-05-01T03:15:14.627000+00:00
2025-05-01T05:15:52.313000+00:00
```
### Last Data Feed Release
@ -33,16 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
291865
291874
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `9`
- [CVE-2025-2816](CVE-2025/CVE-2025-28xx/CVE-2025-2816.json) (`2025-05-01T03:15:14.627`)
- [CVE-2025-4146](CVE-2025/CVE-2025-41xx/CVE-2025-4146.json) (`2025-05-01T02:15:17.687`)
- [CVE-2025-4147](CVE-2025/CVE-2025-41xx/CVE-2025-4147.json) (`2025-05-01T02:15:17.947`)
- [CVE-2024-13845](CVE-2024/CVE-2024-138xx/CVE-2024-13845.json) (`2025-05-01T05:15:51.583`)
- [CVE-2025-1304](CVE-2025/CVE-2025-13xx/CVE-2025-1304.json) (`2025-05-01T04:16:43.183`)
- [CVE-2025-1305](CVE-2025/CVE-2025-13xx/CVE-2025-1305.json) (`2025-05-01T04:16:47.947`)
- [CVE-2025-2168](CVE-2025/CVE-2025-21xx/CVE-2025-2168.json) (`2025-05-01T04:16:53.127`)
- [CVE-2025-3952](CVE-2025/CVE-2025-39xx/CVE-2025-3952.json) (`2025-05-01T05:15:52.020`)
- [CVE-2025-4099](CVE-2025/CVE-2025-40xx/CVE-2025-4099.json) (`2025-05-01T05:15:52.167`)
- [CVE-2025-4148](CVE-2025/CVE-2025-41xx/CVE-2025-4148.json) (`2025-05-01T04:16:58.113`)
- [CVE-2025-4149](CVE-2025/CVE-2025-41xx/CVE-2025-4149.json) (`2025-05-01T04:16:58.323`)
- [CVE-2025-4150](CVE-2025/CVE-2025-41xx/CVE-2025-4150.json) (`2025-05-01T05:15:52.313`)
### CVEs modified in the last Commit

15
_state.csv
View File

@ -248392,6 +248392,7 @@ CVE-2024-13841,0,0,42857531268142aae6c02637b3b6e7d79dd71736d6804136946d48ddaede1
CVE-2024-13842,0,0,e27bb87d0390ea96b584ec0f6fbe747157fb2de816ea15a1791b354e66567fcd,2025-02-20T15:55:29.770000
CVE-2024-13843,0,0,7b075d61798f8069984290c52e4033a7424dc56423296944d32554dce61a6d7f,2025-02-20T15:55:03.547000
CVE-2024-13844,0,0,df23a30d386c8f5781c2dae0c047c9a36c6ad162f944596bb205e62e61aafc42,2025-03-13T13:10:31.303000
CVE-2024-13845,1,1,a76381e26596450a16534d6232bf5b64c3530a97f69b914653967a4fbfb8f35b,2025-05-01T05:15:51.583000
CVE-2024-13846,0,0,bc15bbce097a905951a0b88c5b6aded5de0269f145c99c529b730210812bf05d,2025-02-25T03:27:13.767000
CVE-2024-13847,0,0,611991cbb6545cf01c98e15e64e008face030f5770ae7d4f24558e0b02ba1735,2025-03-28T12:50:32.090000
CVE-2024-13848,0,0,5623c6bf6e4d11fedf071f2d8a6a41f683ea08f022ec414f86d8eab78ceadbd1,2025-02-21T15:51:59.213000
@ -282327,6 +282328,8 @@ CVE-2025-1296,0,0,d95bfd9a7f0753e22aec4081e35e5f3d5b17ed2789c524a1845821d0907a79
CVE-2025-1298,0,0,46bbd0640b99e3a8c29a7cfa1112effb80548c1779a987abd8d49502f38fdf00,2025-02-18T15:15:18.007000
CVE-2025-1300,0,0,77db9cd7a18e3de4a8b6c836390a2247e6295125845190568cfff46e60843c32,2025-02-28T13:15:27.043000
CVE-2025-1302,0,0,4c600c674f22378513ee28ce145975f04e5b0e89605ff80d937b77394d750b70,2025-02-15T05:15:11.683000
CVE-2025-1304,1,1,5da32ab49a7a59473b8041fa6f9303f1c2f162705280415d2da4909d986513eb,2025-05-01T04:16:43.183000
CVE-2025-1305,1,1,2db6ef06f27992f40dc7e7134c929c0b90bdf8413df598f9c7549b1bdea51d15,2025-05-01T04:16:47.947000
CVE-2025-1306,0,0,de526cacf8bf273c9432977eceb9f985b41588e9255fe87d024d0d9921890929,2025-03-05T18:45:32.943000
CVE-2025-1307,0,0,f5a65a0d70e64918e5c1a7d1d02a502ae3db9a76fffe081c38f2a5d059c1eb26,2025-03-05T13:55:29.927000
CVE-2025-1309,0,0,5d2b17215fed7de1b66f6e9e5fd86a1c64bff76093266d0c2270f4eeb2161dcf,2025-03-07T08:15:42.017000
@ -283679,6 +283682,7 @@ CVE-2025-21676,0,0,c9a88e8d4f002858e2b77db9f4c0fcaff9fe5c4337ce1ebb294fcd25435e4
CVE-2025-21677,0,0,aee79bcda6ce5184f23bc0dd5a0019eff6afcdacb0d17d6f4e33d3cff1406c26,2025-01-31T12:15:28.877000
CVE-2025-21678,0,0,9cb21e99665adcd569ac2adfbdf98ef6f92d8c1c4c0a5b5709324da1e0646d05,2025-02-02T11:15:16.117000
CVE-2025-21679,0,0,009d8fd88ff602d149cf09ea780bd027b79138cc9787bf079d7e8b5eae764ff3,2025-01-31T12:15:29.070000
CVE-2025-2168,1,1,beb1fdcddb139d7690eba6475c376e7961c4c5a4184ce2a5f11ab750d6fa9ae9,2025-05-01T04:16:53.127000
CVE-2025-21680,0,0,ab176bb9040b4730f514a36acb954e8ef4736becce0eddc54061e7998d46f0ed,2025-02-04T15:28:08.510000
CVE-2025-21681,0,0,8393a1e343743a2babeb70a3eb9de6b474277c6ffc77e16b2f335b553e34479a,2025-02-21T16:54:12.800000
CVE-2025-21682,0,0,462d4deac5e2e59ee2d3e31f4dfc91555e87d58a1e47d6fecad84acad53c8a69,2025-02-04T15:25:48.707000
@ -288233,7 +288237,7 @@ CVE-2025-28144,0,0,b01054bef61580df1800025a329328236a7c7bef93722d95b841f7e2ce165
CVE-2025-28145,0,0,0daed363b23cce7319cf9c94c3ac6082c5d1e19dc580aaa18a4a26082dec414a,2025-04-15T21:15:56.457000
CVE-2025-28146,0,0,32c9b208c84d9df041320792b106820cf214078a35a3cb79372374645d1870eb,2025-04-15T15:16:08.660000
CVE-2025-2815,0,0,242155fff6e988a29170d3e8e0a0ff904f29004fb7975cc06cbc247a50a0c090,2025-03-28T18:11:40.180000
CVE-2025-2816,1,1,1399b3b681d60b507fd48b2954af92c299bd3f407cad33940323313c08624f7d,2025-05-01T03:15:14.627000
CVE-2025-2816,0,0,1399b3b681d60b507fd48b2954af92c299bd3f407cad33940323313c08624f7d,2025-05-01T03:15:14.627000
CVE-2025-28169,0,0,daded7404590ead49179714046cf4550734ad214e781473e5f10c5129c2c88e7,2025-04-29T13:52:47.470000
CVE-2025-2817,0,0,e73ea513cfe53cb276dfdae1a1bcb475dc755c7c8012932dfbda64557b92c766,2025-04-29T15:15:54.240000
CVE-2025-2819,0,0,38e9c36ae873a346ecdd7625eb6881a65dff946dea1e4d5fe1469a7230964dac,2025-03-27T16:45:27.850000
@ -291314,6 +291318,7 @@ CVE-2025-39516,0,0,7672161a112ba6dc80e606efaa88954e91b0da5cc8eb61e75577002b7ba48
CVE-2025-39517,0,0,bbb26593804315f8297209c74b8cc6fa46f57e917a07fcd2c9c037c39f0627d3,2025-04-16T13:25:37.340000
CVE-2025-39518,0,0,fa26f4d0a345d19ace2aa5573af0ca8699914b102e57579781b19a18b670bd1e,2025-04-16T13:25:37.340000
CVE-2025-39519,0,0,787390ddc18f2ac8705bf3b621af58b6bd3ee09ea8b12b9abae7c689aa74610c,2025-04-17T20:21:05.203000
CVE-2025-3952,1,1,ac5dfa53c0ed9a57f862c4fa069c62d84ad4cfab57ece815a5eee6b4371cb318,2025-05-01T05:15:52.020000
CVE-2025-39520,0,0,a0eaebe618373ed7cb046126e578c976e628f8abf52294b801dd68b56bef7a74,2025-04-16T13:25:37.340000
CVE-2025-39521,0,0,52c5265197d1ac34523bd0c00e5fa2478a27b1a07c4f4f3f48e4eb7708489c0b,2025-04-17T20:21:05.203000
CVE-2025-39522,0,0,93e0ef005fc9bc2336bba672470467a6e7653f4446193c9d15f5e052cb22373f,2025-04-16T13:25:37.340000
@ -291525,6 +291530,7 @@ CVE-2025-4091,0,0,be76f80720d6507adedb56244fc15d9bfa10d0652d1ed50301d66beeacf973
CVE-2025-4092,0,0,200d711ebe2e15156ad0230ced68f0f5a246d532b5d02cde90c654c8fdd064ec,2025-04-29T16:15:39.707000
CVE-2025-4093,0,0,d891b279ce00073f17d8f58a8ebf719e451cb06357235d1b137c7bf6521fbbb1,2025-04-29T16:15:39.850000
CVE-2025-4095,0,0,f2539477bf5eaf9485d044b6cf6e79bb8583734ab1b2d0e4b42ac3598cab5848,2025-04-29T18:15:46.180000
CVE-2025-4099,1,1,0261d12e68d04b5ebd58cc0c1ded918a311ea2b10a0d26895a2f43c4f1ca7848,2025-05-01T05:15:52.167000
CVE-2025-4108,0,0,9bfd6d1ad4fcc03f836aae2b64adaf887b9300aa371e576f132f375b19a71239,2025-04-30T10:15:18.407000
CVE-2025-4109,0,0,dc55813f8b4d8971c2db3d8e03f9b60d13669f4e540622a7a0de82c2044c0fb3,2025-04-30T10:15:18.813000
CVE-2025-4110,0,0,196e64505e5460ba2420017a2a68042ee5b550e797cc65f00f251cf067b66bb8,2025-04-30T11:15:49.983000
@ -291553,8 +291559,11 @@ CVE-2025-41423,0,0,3ae1e637900a2dfc5b6bacaa494e26a0b5d8e1e48accef6073153be61f7a9
CVE-2025-4143,0,0,e57c30b28afea4df58b8cfac5cb28f81ab842227fb838a9b11cbc326fb75fff5,2025-05-01T01:15:54.127000
CVE-2025-4144,0,0,c7866a59057eef0cf7b5ce8d1b20b449ec4cdbff2490d7bf2217afcec946b14f,2025-05-01T01:15:54.267000
CVE-2025-4145,0,0,170e76c38278688c00f20122bbc0cf61ccd74bab014ad650c17fe92f596a5112,2025-05-01T01:15:54.393000
CVE-2025-4146,1,1,c293320850e5ef509e469523d5ce4c79cbb38fd1d86c6ccec1acc1d4fe00c37e,2025-05-01T02:15:17.687000
CVE-2025-4147,1,1,bccdc241dcf8e92b3a59ce40defc8dc204bccb1d69587c387db1f2292a109fd0,2025-05-01T02:15:17.947000
CVE-2025-4146,0,0,c293320850e5ef509e469523d5ce4c79cbb38fd1d86c6ccec1acc1d4fe00c37e,2025-05-01T02:15:17.687000
CVE-2025-4147,0,0,bccdc241dcf8e92b3a59ce40defc8dc204bccb1d69587c387db1f2292a109fd0,2025-05-01T02:15:17.947000
CVE-2025-4148,1,1,90951babae149aeb844d8ad2926433d36fd91f9e4efa06377070aa525490e14a,2025-05-01T04:16:58.113000
CVE-2025-4149,1,1,3e71fa427c3eb0cb8199332f44438fd14cee92cecda349d91d6c3832b250044a,2025-05-01T04:16:58.323000
CVE-2025-4150,1,1,698863cfbe813308709b44955fa3e9c8f2f350fa85159d9e5c49cda7c771144b,2025-05-01T05:15:52.313000
CVE-2025-42598,0,0,4c400d87dc34a2b74819c41bbdd48bd1c3da0af3c35841d82c2177d30b1cb5f5,2025-04-29T13:52:10.697000
CVE-2025-42599,0,0,d39e065342929b05f2b0a2b6fd7615d0e3f6e7c2f605fdbeb3b3bb9e83f12d93,2025-04-29T19:46:44.310000
CVE-2025-42600,0,0,a98a7820b508b5a8b0c7d0f0dd6cbaa5b07d1e37b05a983a49eb79024a0cd435,2025-04-23T14:08:13.383000

Can't render this file because it is too large.