admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-03-01T15:00:19.031887+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-03-01 15:03:47 +00:00
parent 388c60c56f
commit 3b46fd7caa
6 changed files with 378 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2025/CVE-2025-14xx/CVE-2025-1491.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-1491",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-03-01T13:15:10.750",
"lastModified": "2025-03-01T13:15:10.750",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WP Posts Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018auto_play_timeout\u2019 parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3248502/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/plugins/wp-posts-carousel/#developers",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7f708c72-7ce2-4eb0-869b-cec4613f6f3f?source=cve",
"source": "security@wordfence.com"
}
]
}

153
CVE-2025/CVE-2025-17xx/CVE-2025-1788.json Normal file
View File

@ -0,0 +1,153 @@
{
"id": "CVE-2025-1788",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-01T13:15:11.797",
"lastModified": "2025-03-01T13:15:11.797",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rz_utf8_encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 4.3,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/rizinorg/rizin/issues/4910",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/rizinorg/rizin/issues/4910#issuecomment-2662963253",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/rizinorg/rizin/pull/4762",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/user-attachments/files/18817099/rz-bin-poc-01.zip",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.298011",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.298011",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.502345",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2025/CVE-2025-17xx/CVE-2025-1791.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2025-1791",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-01T14:15:34.520",
"lastModified": "2025-03-01T14:15:34.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Zorlan SkyCaiji 2.9 and classified as critical. This vulnerability affects the function fileAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument save_data leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/sheratan4/cve/issues/5",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.298012",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.298012",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.502648",
"source": "cna@vuldb.com"
}
]
}

6
CVE-2025/CVE-2025-214xx/CVE-2025-21490.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-21490",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2025-01-21T21:15:13.703",
"lastModified": "2025-01-23T20:15:31.750",
"lastModified": "2025-03-01T13:15:12.020",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -55,6 +55,10 @@
{
"url": "https://www.oracle.com/security-alerts/cpujan2025.html",
"source": "secalert_us@oracle.com"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00000.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

16
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-03-01T13:00:19.239201+00:00
2025-03-01T15:00:19.031887+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-03-01T12:15:34.310000+00:00
2025-03-01T14:15:34.520000+00:00
```
### Last Data Feed Release
@ -33,21 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
283589
283592
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `3`
- [CVE-2024-13833](CVE-2024/CVE-2024-138xx/CVE-2024-13833.json) (`2025-03-01T12:15:33.230`)
- [CVE-2025-1404](CVE-2025/CVE-2025-14xx/CVE-2025-1404.json) (`2025-03-01T12:15:34.310`)
- [CVE-2025-1491](CVE-2025/CVE-2025-14xx/CVE-2025-1491.json) (`2025-03-01T13:15:10.750`)
- [CVE-2025-1788](CVE-2025/CVE-2025-17xx/CVE-2025-1788.json) (`2025-03-01T13:15:11.797`)
- [CVE-2025-1791](CVE-2025/CVE-2025-17xx/CVE-2025-1791.json) (`2025-03-01T14:15:34.520`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2025-21490](CVE-2025/CVE-2025-214xx/CVE-2025-21490.json) (`2025-03-01T13:15:12.020`)
## Download and Usage

9
_state.csv
View File

@ -247691,7 +247691,7 @@ CVE-2024-1383,0,0,aa117bb4caae4c90c9ef562f3b17aec83c186c85e2ed83fcc25ce7b11090cf
CVE-2024-13830,0,0,c6d7b41600cf06f096c92eda44ad4947ed0129124f061312ef644e59d67aa0f4,2025-02-13T17:09:11.660000
CVE-2024-13831,0,0,dc606325056ecb3af1d0abdf4906087df581d7aaf8a47f4b06428d6e01b13004,2025-02-28T09:15:10.400000
CVE-2024-13832,0,0,ec5b2acd93db5978e9a901bf338782a10b26bfa5fce10324f0a5b3fac0b88ab1,2025-02-28T09:15:10.570000
CVE-2024-13833,1,1,25224aa5db16e2fcf2ffae150064444414666930ac899e8863e3333ed3af74b5,2025-03-01T12:15:33.230000
CVE-2024-13833,0,0,25224aa5db16e2fcf2ffae150064444414666930ac899e8863e3333ed3af74b5,2025-03-01T12:15:33.230000
CVE-2024-13834,0,0,43e5ae6cc904537a30eeccc37c7b9a07fd2bfb264b9574278bc2a72960c00c36,2025-02-24T12:37:18.957000
CVE-2024-13837,0,0,b186071e4ea62233d731f5821d490b3ab777186a5f4da25e22f6fedfafcbdd0c,2025-02-17T19:15:09.463000
CVE-2024-1384,0,0,f50cb0336a3fe51b62fe599c783d20749a5fb92b8e797d5c0ac36d466c13f7ad,2024-09-19T22:13:04.370000
@ -280660,7 +280660,7 @@ CVE-2025-1391,0,0,6fee9eda29ef94ebb6c29d27c38776c5f8bb1fbd11f215f0e687819427cb50
CVE-2025-1392,0,0,8e4405371022efbf780ff58db6d926727305203f058fec61ae92b5e8fa805a81,2025-02-17T16:15:16.120000
CVE-2025-1402,0,0,c23c451cfa1d570fb16b3d38ae224aa085b42cdb084d4b1dbd67b0732fd42aba,2025-02-25T04:04:59.860000
CVE-2025-1403,0,0,cdf9a8de03213e0ac7f7767452341bf79edc3d976615c3099248fc0b29544461,2025-02-21T18:15:20.550000
CVE-2025-1404,1,1,206798e10794776f5070bd90971934cac6d858de29398b0cd87fe60644cffca8,2025-03-01T12:15:34.310000
CVE-2025-1404,0,0,206798e10794776f5070bd90971934cac6d858de29398b0cd87fe60644cffca8,2025-03-01T12:15:34.310000
CVE-2025-1405,0,0,f79a249eed6f1df2e72b69769faa924709e9a914f91232fbbc17335baa300615,2025-02-28T07:15:34.063000
CVE-2025-1406,0,0,6fbc92715581c083383884df65716e311e7920e9986e87816bf21c4af15408ec,2025-02-25T03:38:24.303000
CVE-2025-1407,0,0,81ebc501504f4e0e97111e960151a7a649f1ecbd9d904ea14ecfe9745b475037,2025-02-25T03:37:32.347000
@ -280683,6 +280683,7 @@ CVE-2025-1471,0,0,5f2308ef243e2997d93c627b7cee213af79efe1fdd8602f268a3ff3acb063c
CVE-2025-1483,0,0,eed3d83cb2da5908d92aa9dd620a120571071c04f49e7599dc48ec4179593bf0,2025-02-25T18:59:39.860000
CVE-2025-1488,0,0,43cfa98a915bcf0660c9d6b45b3151f7578e9794c9b93f44777c487cb0fa081f,2025-02-24T11:15:10.193000
CVE-2025-1489,0,0,3008549e3d2861f78796256b763f59eec371226dd4b84353f864c64443cf0ecb,2025-02-24T19:45:21.653000
CVE-2025-1491,1,1,40186b708c4228824b2aec7aee2f2d8fd38e21f8b843bfbf932f90bc1889000b,2025-03-01T13:15:10.750000
CVE-2025-1492,0,0,a12c05d7276816932001573681340e79b217d21be6e278e421f34f68972737e1,2025-02-20T02:15:38.553000
CVE-2025-1502,0,0,0a039472763f0268c96bf0cb63d948faf52e8b650cac893f2842ccae51bdaafc,2025-03-01T07:15:11.183000
CVE-2025-1505,0,0,f07d028c0b1afb5f694ef937c5c5c28e5a39031e094947035ed6a198be466653,2025-02-28T05:15:33.923000
@ -280798,6 +280799,8 @@ CVE-2025-1757,0,0,2561a8f5c53734c028e83a6bda94ef29e169c9eb7376cb65d67bea6c6b2880
CVE-2025-1776,0,0,1a12423b233b2ef4ba69976c3f13498310a33efb7f09102cfb934a1191ac53f0,2025-02-28T14:15:35.943000
CVE-2025-1780,0,0,226a30a5273cda636f0411ff11753517352eef60dfa6b2b998a1836a6dc818bf,2025-03-01T04:15:09.713000
CVE-2025-1786,0,0,70145b3ad4c1d238a1d8855a15a77d52293373869862966474d8235c014b88b0,2025-03-01T10:15:11.683000
CVE-2025-1788,1,1,dc9426cea6e825feaf5cae707f07c928b26b8e2baca0aa20ccec4c0a8b2fce50,2025-03-01T13:15:11.797000
CVE-2025-1791,1,1,34ee8cd2f104eaa7419273fe9af644f5f1d57bbad701730a9dfc317b74b5d810,2025-03-01T14:15:34.520000
CVE-2025-1795,0,0,70fd77cb540d3bda179678e58a7ef81c271cc3e16d5d4d855b724aa1245ec66f,2025-02-28T21:15:27.570000
CVE-2025-1803,0,0,61b8ea959516cf458cfa0ea204219ee983e8adc2cba473f893652a1e07a05d40,2025-03-01T01:15:28.077000
CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000
@ -281166,7 +281169,7 @@ CVE-2025-21418,0,0,286c461de95fba525ffd95fe19188a97b0613df56bf1afe14ca9be4aa494d
CVE-2025-21419,0,0,acdb4d37a32faa1cb0f65f0fbb7358475e2deb811438263e59eb8f6bcbeca8e1,2025-02-14T17:32:53.087000
CVE-2025-21420,0,0,32a7e46f27d290c0e9a5b92e079c0424752a30e3cfa9e5d424062d7af6a66d41,2025-02-14T17:36:09.683000
CVE-2025-21489,0,0,5d30c3b0acc3ddba1057df1a4f29e61d74be0ae611271efb1a2a3c05a60a8cda,2025-01-23T20:15:31.630000
CVE-2025-21490,0,0,98aae49df09722e484f2181974271fc107b3101ab3dbd9cc9dd1ca3416b2ddf5,2025-01-23T20:15:31.750000
CVE-2025-21490,0,1,7a3c0e9682e0e86e8a6979b8cc982eeb2dbfde70e212f3862711014520efbfca,2025-03-01T13:15:12.020000
CVE-2025-21491,0,0,6076cb457888ed12bac407cf717ae74e21970b3745c710f624ec3aea8e6322c5,2025-01-23T20:15:32.030000
CVE-2025-21492,0,0,175b05e4b6021ea2e9dabd82cb14ca0549d088227dfc44490c43cf779c0afb04,2025-01-24T20:15:34.390000
CVE-2025-21493,0,0,764caa554437fbca5b7d52e7918de33e7b17e17cee871cca7b0bad377e1783b2,2025-01-23T17:15:22.473000

Can't render this file because it is too large.