admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 18:21:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-05-19T04:00:19.331961+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-05-19 04:03:53 +00:00
parent 13b23a97fe
commit 3bcfac2a4d
12 changed files with 876 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
CVE-2025/CVE-2025-231xx/CVE-2025-23122.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-23122",
"sourceIdentifier": "support@hackerone.com",
"published": "2025-05-19T02:15:17.003",
"lastModified": "2025-05-19T02:15:17.003",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 3.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases",
"source": "support@hackerone.com"
}
]
}

44
CVE-2025/CVE-2025-231xx/CVE-2025-23123.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-23123",
"sourceIdentifier": "support@hackerone.com",
"published": "2025-05-19T02:15:17.147",
"lastModified": "2025-05-19T02:15:17.147",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-047-047/cef86c37-7421-44fd-b251-84e76475a5bc",
"source": "support@hackerone.com"
}
]
}

44
CVE-2025/CVE-2025-231xx/CVE-2025-23164.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-23164",
"sourceIdentifier": "support@hackerone.com",
"published": "2025-05-19T02:15:17.253",
"lastModified": "2025-05-19T02:15:17.253",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A misconfigured access token mechanism in the Unifi Protect Application (Version 5.3.41 and earlier) could permit the recipient of a \"Share Livestream\" link to maintain access to the corresponding livestream subsequent to such link becoming disabled."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-047-047/cef86c37-7421-44fd-b251-84e76475a5bc",
"source": "support@hackerone.com"
}
]
}

44
CVE-2025/CVE-2025-231xx/CVE-2025-23165.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-23165",
"sourceIdentifier": "support@hackerone.com",
"published": "2025-05-19T02:15:17.370",
"lastModified": "2025-05-19T02:15:17.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\r\n\r\nImpact:\r\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 3.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases",
"source": "support@hackerone.com"
}
]
}

44
CVE-2025/CVE-2025-231xx/CVE-2025-23166.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-23166",
"sourceIdentifier": "support@hackerone.com",
"published": "2025-05-19T02:15:17.470",
"lastModified": "2025-05-19T02:15:17.470",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases",
"source": "support@hackerone.com"
}
]
}

44
CVE-2025/CVE-2025-231xx/CVE-2025-23167.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2025-23167",
"sourceIdentifier": "support@hackerone.com",
"published": "2025-05-19T02:15:17.583",
"lastModified": "2025-05-19T02:15:17.583",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\\r\\n\\rX` instead of the required `\\r\\n\\r\\n`.\nThis inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.\n\nThe issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.\n\nImpact:\n* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases",
"source": "support@hackerone.com"
}
]
}

149
CVE-2025/CVE-2025-49xx/CVE-2025-4905.json Normal file
View File

@ -0,0 +1,149 @@
{
"id": "CVE-2025-4905",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-05-19T02:15:17.697",
"lastModified": "2025-05-19T02:15:17.697",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The code maintainer tagged the issue as closed. But there is no new commit nor release in the GitHub repository available so far."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 4.3,
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://github.com/iop-apl-uw/basestation3/issues/6",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/iop-apl-uw/basestation3/issues/6#event-17672013757",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/iop-apl-uw/basestation3/issues/6#issue-3066055868",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.309461",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.309461",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.578074",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-49xx/CVE-2025-4906.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-4906",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-05-19T03:15:20.853",
"lastModified": "2025-05-19T03:15:20.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Notice Board System 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/6BXK6/cve/issues/3",
"source": "cna@vuldb.com"
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.309462",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.309462",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.578086",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-49xx/CVE-2025-4907.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-4907",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-05-19T03:15:21.377",
"lastModified": "2025-05-19T03:15:21.377",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/f1rstb100d/myCVE/issues/22",
"source": "cna@vuldb.com"
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.309464",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.309464",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.578194",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2025/CVE-2025-49xx/CVE-2025-4908.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2025-4908",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-05-19T03:15:21.567",
"lastModified": "2025-05-19T03:15:21.567",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in PHPGurukul Daily Expense Tracker System 1.1. This affects an unknown part of the file /expense-datewise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/f1rstb100d/myCVE/issues/23",
"source": "cna@vuldb.com"
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.309465",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.309465",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.578254",
"source": "cna@vuldb.com"
}
]
}

22
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-05-19T02:00:19.172456+00:00
2025-05-19T04:00:19.331961+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-05-19T01:15:21.810000+00:00
2025-05-19T03:15:21.567000+00:00
```
### Last Data Feed Release
@ -33,17 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
294566
294576
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `10`
- [CVE-2025-4901](CVE-2025/CVE-2025-49xx/CVE-2025-4901.json) (`2025-05-19T00:15:17.400`)
- [CVE-2025-4902](CVE-2025/CVE-2025-49xx/CVE-2025-4902.json) (`2025-05-19T01:15:20.960`)
- [CVE-2025-4903](CVE-2025/CVE-2025-49xx/CVE-2025-4903.json) (`2025-05-19T01:15:21.630`)
- [CVE-2025-4904](CVE-2025/CVE-2025-49xx/CVE-2025-4904.json) (`2025-05-19T01:15:21.810`)
- [CVE-2025-23122](CVE-2025/CVE-2025-231xx/CVE-2025-23122.json) (`2025-05-19T02:15:17.003`)
- [CVE-2025-23123](CVE-2025/CVE-2025-231xx/CVE-2025-23123.json) (`2025-05-19T02:15:17.147`)
- [CVE-2025-23164](CVE-2025/CVE-2025-231xx/CVE-2025-23164.json) (`2025-05-19T02:15:17.253`)
- [CVE-2025-23165](CVE-2025/CVE-2025-231xx/CVE-2025-23165.json) (`2025-05-19T02:15:17.370`)
- [CVE-2025-23166](CVE-2025/CVE-2025-231xx/CVE-2025-23166.json) (`2025-05-19T02:15:17.470`)
- [CVE-2025-23167](CVE-2025/CVE-2025-231xx/CVE-2025-23167.json) (`2025-05-19T02:15:17.583`)
- [CVE-2025-4905](CVE-2025/CVE-2025-49xx/CVE-2025-4905.json) (`2025-05-19T02:15:17.697`)
- [CVE-2025-4906](CVE-2025/CVE-2025-49xx/CVE-2025-4906.json) (`2025-05-19T03:15:20.853`)
- [CVE-2025-4907](CVE-2025/CVE-2025-49xx/CVE-2025-4907.json) (`2025-05-19T03:15:21.377`)
- [CVE-2025-4908](CVE-2025/CVE-2025-49xx/CVE-2025-4908.json) (`2025-05-19T03:15:21.567`)
### CVEs modified in the last Commit

18
_state.csv
View File

@ -285804,6 +285804,8 @@ CVE-2025-23118,0,0,1b6935e1de98bd988462eba8eda54cef63b56f3eba9236fce4c76fcc1a2a8
CVE-2025-23119,0,0,03b50e07e15abdb790cc32062bbf922a7a5b86dedcc5d4ac846195c74e91324e,2025-03-04T20:15:38.060000
CVE-2025-2312,0,0,9414b11cccd912a93c7b77b8b8a4cccf6c204bd0063ade57fb6afec180d8cd63,2025-03-27T16:45:46.410000
CVE-2025-23120,0,0,fcc412fa6fb516a26fbcce2f3fd613ece130eab1dda24987978f45ecc9becda2,2025-04-02T16:01:20.857000
CVE-2025-23122,1,1,cb523ebf46880aa21f416dd19c32ac00771d68bd399f299798e099bcda409d35,2025-05-19T02:15:17.003000
CVE-2025-23123,1,1,e0b152d718c5776726f4b1e6813e2eb7c70008640a8e99b879dda82938be9906,2025-05-19T02:15:17.147000
CVE-2025-23124,0,0,4a6299a78e71ef66b973ec2da68c573755c2e809b823d245784536d2b11ad68d,2025-01-11T15:15:08.930000
CVE-2025-23125,0,0,2e6f0fce9ee8e787d649705f4cf1025930f6b72d6ac2efc70c4c1837b8d7d15b,2025-01-11T15:15:09.023000
CVE-2025-23126,0,0,aec9ca15332b86ad22382c8419cfef8190ae4b723f5c3088974b31a1f5dd4089,2025-01-11T15:15:09.100000
@ -285845,6 +285847,10 @@ CVE-2025-23160,0,0,445818d85ed378df2d839818e72c143acd9ffcddc7bb8e284fce608ed0da5
CVE-2025-23161,0,0,eb8855e69ead553d6f4b184aaeb881118593d7ded5b44b7c5259d60e141d5a39,2025-05-02T13:53:20.943000
CVE-2025-23162,0,0,3afd59d53f0bc18f887209a1522d3a03c5f905cef22f8a62ca00a6066bc6ba51,2025-05-02T13:53:20.943000
CVE-2025-23163,0,0,9f5ac2a1ff3c2ea3602541806272f40cec361b93c2ccd66d68eb99691f3ee9a5,2025-05-02T13:53:20.943000
CVE-2025-23164,1,1,7fa3eebea7dbafcbb6cfc9ec08ff9bb482010d12e367a4564d1127986a798439,2025-05-19T02:15:17.253000
CVE-2025-23165,1,1,f358698ac79c332db70923d42efb4e50852e8ab0cedffb945d5fd13f0900eef6,2025-05-19T02:15:17.370000
CVE-2025-23166,1,1,b6feaba22ec2233531f8893a7db552f9ee65f4ddfcf927d4c9051302ab49cd3a,2025-05-19T02:15:17.470000
CVE-2025-23167,1,1,6e64c4ff318445ccef99e0fa1f73ba38b7bb94f56ba597cbf2ddf3e27e48369a,2025-05-19T02:15:17.583000
CVE-2025-2317,0,0,9ea9ba34615d5bc5ee8806158627db355af143699ea415828af46066a4160dd0,2025-04-07T14:18:15.560000
CVE-2025-23174,0,0,50322119595bff087a12ed6f94f87f583ba40060fccb96eb5cf9c3f3476fa552,2025-04-23T14:08:13.383000
CVE-2025-23175,0,0,d32116b600ac178b1ee720078d8acfc21dc4298d12982e92ae53dd00f4271286,2025-04-23T14:08:13.383000
@ -294557,10 +294563,14 @@ CVE-2025-4897,0,0,faa33c59e05b9255171467f61574dc7be7a2f4c1b2ea89931cc72c31fa3106
CVE-2025-4898,0,0,0947f43ff2951880c69384ad0377897b842a5b457ee5d3fc4ebf0869227289f4,2025-05-18T22:15:18.617000
CVE-2025-4899,0,0,e1c9b9e60f14be90e0540681edeeb18106ea56532a07a03b18dbb9bf60124788,2025-05-18T23:15:17.690000
CVE-2025-4900,0,0,365d8c1b1645f19fc29b5e55c4d20af1d5415b376d3d438a2adbc9225a6301c0,2025-05-18T23:15:18.400000
CVE-2025-4901,1,1,7b8e79731c68316579c19cfcb23092d9793bf44c78990069d874abc39e4f5d58,2025-05-19T00:15:17.400000
CVE-2025-4902,1,1,b3762d2c7ad862771375af7d08be7fb723a35a7067d246da32d496753f1235c4,2025-05-19T01:15:20.960000
CVE-2025-4903,1,1,3db553944dea90c51e9c748a132a9022d146c9f1a7b1268caa92dac5d0a75bd3,2025-05-19T01:15:21.630000
CVE-2025-4904,1,1,f4ea3b20521f87866fc7b4053c9d2c41ce424e3224566aa3c55a682e4ea44dde,2025-05-19T01:15:21.810000
CVE-2025-4901,0,0,7b8e79731c68316579c19cfcb23092d9793bf44c78990069d874abc39e4f5d58,2025-05-19T00:15:17.400000
CVE-2025-4902,0,0,b3762d2c7ad862771375af7d08be7fb723a35a7067d246da32d496753f1235c4,2025-05-19T01:15:20.960000
CVE-2025-4903,0,0,3db553944dea90c51e9c748a132a9022d146c9f1a7b1268caa92dac5d0a75bd3,2025-05-19T01:15:21.630000
CVE-2025-4904,0,0,f4ea3b20521f87866fc7b4053c9d2c41ce424e3224566aa3c55a682e4ea44dde,2025-05-19T01:15:21.810000
CVE-2025-4905,1,1,e33f14f3ea647335fe946251421b3003edf997fb295ca2e77ce2e6e934d175aa,2025-05-19T02:15:17.697000
CVE-2025-4906,1,1,998aed1421a78b034db51580a0d30b32319e3e0389ec3542ee4085b9395c8d6d,2025-05-19T03:15:20.853000
CVE-2025-4907,1,1,b2dd1fe12d432cf475b9d97670563354635a0469cafbfa90e1f40e3baef38ad9,2025-05-19T03:15:21.377000
CVE-2025-4908,1,1,29032c2c2dbc6c8121adce4f33c3d8abc5389653f42fe082a8c96a2d679143e4,2025-05-19T03:15:21.567000
CVE-2025-4918,0,0,aed9091230905d5e23b7429fa901fde9cec3dc55e33ebc3f16d4831a984c7654,2025-05-18T20:15:18.997000
CVE-2025-4919,0,0,fe1492d76d2474da61ddffcc8df04fb2c66b93823ab67a78e6d777fd3dc8b8da,2025-05-18T20:15:19.097000
CVE-2025-4920,0,0,3f754dcd1f915b78f78753940c39593d2b8252e0b2ac1b3316d99c54b7913aab,2025-05-18T20:15:19.190000

Can't render this file because it is too large.