From 3dd99cd98bd329a21f050fd581e71145f947299c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 18 Jun 2025 10:04:01 +0000 Subject: [PATCH] Auto-Update: 2025-06-18T10:00:22.564295+00:00 --- CVE-2022/CVE-2022-14xx/CVE-2022-1471.json | 10 ++- CVE-2025/CVE-2025-15xx/CVE-2025-1562.json | 76 +++++++++++++++++++++ CVE-2025/CVE-2025-59xx/CVE-2025-5981.json | 82 +++++++++++++++++++++++ README.md | 14 ++-- _state.csv | 6 +- 5 files changed, 179 insertions(+), 9 deletions(-) create mode 100644 CVE-2025/CVE-2025-15xx/CVE-2025-1562.json create mode 100644 CVE-2025/CVE-2025-59xx/CVE-2025-5981.json diff --git a/CVE-2022/CVE-2022-14xx/CVE-2022-1471.json b/CVE-2022/CVE-2022-14xx/CVE-2022-1471.json index cb860df606e..9d5a4f98de6 100644 --- a/CVE-2022/CVE-2022-14xx/CVE-2022-1471.json +++ b/CVE-2022/CVE-2022-14xx/CVE-2022-1471.json @@ -2,7 +2,7 @@ "id": "CVE-2022-1471", "sourceIdentifier": "cve-coordination@google.com", "published": "2022-12-01T11:15:10.553", - "lastModified": "2025-02-13T17:15:35.627", + "lastModified": "2025-06-18T09:15:47.243", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -116,6 +116,10 @@ "Third Party Advisory" ] }, + { + "url": "https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html", + "source": "cve-coordination@google.com" + }, { "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "source": "cve-coordination@google.com", @@ -136,6 +140,10 @@ "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc", "source": "cve-coordination@google.com" }, + { + "url": "https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c", + "source": "cve-coordination@google.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230818-0015/", "source": "cve-coordination@google.com" diff --git a/CVE-2025/CVE-2025-15xx/CVE-2025-1562.json b/CVE-2025/CVE-2025-15xx/CVE-2025-1562.json new file mode 100644 index 00000000000..70faab86fee --- /dev/null +++ b/CVE-2025/CVE-2025-15xx/CVE-2025-1562.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2025-1562", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-18T08:15:28.987", + "lastModified": "2025-06-18T08:15:28.987", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_plugins() function and a weak nonce hash in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to install arbitrary plugins on the site that can be leveraged to further infect a vulnerable site." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/2.5.0/includes/api/plugin_status/class-bwfan-api-install-and-activate-plugin.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-marketing-automations/tags/2.5.0/includes/class-bwfan-db.php#L153", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3305437/wp-marketing-automations/trunk/admin/class-bwfan-admin.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3305437/wp-marketing-automations/trunk/includes/abstracts/class-bwfan-api-base.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3305437/wp-marketing-automations/trunk/includes/class-bwfan-api-loader.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/094972e6-7e02-4060-b069-e39c8cde9331?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-59xx/CVE-2025-5981.json b/CVE-2025/CVE-2025-59xx/CVE-2025-5981.json new file mode 100644 index 00000000000..cf76baca254 --- /dev/null +++ b/CVE-2025/CVE-2025-59xx/CVE-2025-5981.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2025-5981", + "sourceIdentifier": "cve-coordination@google.com", + "published": "2025-06-18T09:15:47.660", + "lastModified": "2025-06-18T09:15:47.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack()\u00a0function for container images. Particularly, when using the CLI flag --remote-image\u00a0on untrusted container images." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "LOW", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59", + "source": "cve-coordination@google.com" + }, + { + "url": "https://github.com/google/osv-scalibr/releases/tag/v0.1.8", + "source": "cve-coordination@google.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index dbcf3738109..7ca74cdedf6 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-18T08:00:19.429631+00:00 +2025-06-18T10:00:22.564295+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-18T06:15:28.397000+00:00 +2025-06-18T09:15:47.660000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -298258 +298260 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2025-4955](CVE-2025/CVE-2025-49xx/CVE-2025-4955.json) (`2025-06-18T06:15:28.397`) +- [CVE-2025-1562](CVE-2025/CVE-2025-15xx/CVE-2025-1562.json) (`2025-06-18T08:15:28.987`) +- [CVE-2025-5981](CVE-2025/CVE-2025-59xx/CVE-2025-5981.json) (`2025-06-18T09:15:47.660`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2022-1471](CVE-2022/CVE-2022-14xx/CVE-2022-1471.json) (`2025-06-18T09:15:47.243`) ## Download and Usage diff --git a/_state.csv b/_state.csv index d507e6a74af..8d6984eb5d6 100644 --- a/_state.csv +++ b/_state.csv @@ -189355,7 +189355,7 @@ CVE-2022-1467,0,0,4244fa85c07ce188281e2e68274dd3b1bddab19e609dae2da2a3f3e391a8c6 CVE-2022-1468,0,0,bc78f55881e01a6f023eb4f4498c5c9bb9f5e7012eb94752fc063ff4f1a2c8ec,2024-11-21T06:40:46.943000 CVE-2022-1469,0,0,7ffd0498f3a2f922b0a02ebb6229d13a6432911e6e35206695c7945f0a722e6f,2024-11-21T06:40:47.090000 CVE-2022-1470,0,0,5642de4bd55e594f5d5abdf5e790ace17eef364ea96e290fe8852a1dc073b82b,2024-11-21T06:40:47.200000 -CVE-2022-1471,0,0,4b4d510bf4f68ae2ddf057d32e8bb808db4e78574a4a26fa59d0294cff7a9a25,2025-02-13T17:15:35.627000 +CVE-2022-1471,0,1,07739a2dcf41438b07c0afd9039ff02073b4078d37371735ea774aea38fda7e4,2025-06-18T09:15:47.243000 CVE-2022-1472,0,0,edb7e07a336c37fb964f0f209addd02630616647aaef0a97f2f250f838db2840,2024-11-21T06:40:47.477000 CVE-2022-1473,0,0,651f93b93ece2974f85deec109efd4323f7342c6df9846e3248acb59b12b31d0,2025-05-05T17:17:34.867000 CVE-2022-1474,0,0,b5586935a38e326f7385281cad87b285bdb53d4974e14a2e5d208fb1689388fa,2024-11-21T06:40:47.740000 @@ -283670,6 +283670,7 @@ CVE-2025-1558,0,0,c78589d5810333dd5b267c981b16d0ba3ae44b98790279ca9bbe06e61569b3 CVE-2025-1559,0,0,709a243835f3c6ce0779a28711cc25be41f0a8c4f301b124730fe9903567f95d,2025-03-13T02:15:12.917000 CVE-2025-1560,0,0,5806fdd5d9f8e8a09704d33fd8caadc121e4fbb048f372fad8d43065a1e4a103,2025-03-06T16:15:42.753000 CVE-2025-1561,0,0,33a657fb8a4122eef68e03cf0206d7dfa8ce683bdf001162cf57406315521345,2025-05-26T02:14:52.170000 +CVE-2025-1562,1,1,2f1a546af7a9e680b6e9e17b545c2838e9905defeb3d99dd716116f7fa0d1e2e,2025-06-18T08:15:28.987000 CVE-2025-1564,0,0,9d62e5431da133f133499b29bcb96aa13e41c1b673396891299a0b15aab9c828,2025-03-01T08:15:34.007000 CVE-2025-1565,0,0,35456b68df2d2d86ef4d0fb4554495a75d56271b6d28363288295dec6a61577e,2025-04-29T13:52:28.490000 CVE-2025-1566,0,0,b62614d5a9b64c7c70aa72ecefcdd1eced14936f4f2bd9f2f3dab198c8a80ced,2025-05-06T01:15:50.030000 @@ -297315,7 +297316,7 @@ CVE-2025-4951,0,0,8d2965f90ffa46a261e1b06cd533aeb358abbd5115dc1f57a5b34acf12ab58 CVE-2025-49510,0,0,3bb8122e36ad249db39449b81c1d9bb5005e0826a2addc079025211cebc0dc64,2025-06-12T16:06:39.330000 CVE-2025-49511,0,0,5857ce4f5934ac8d4eab419d1a69fa9027dcf280ff9a1fb08e4e3e1a5703ab2f,2025-06-12T16:06:39.330000 CVE-2025-4954,0,0,1ec01516c4567931b4ffc24e86d8b1eee9006bb52ce75acce1cd554027fb1f48,2025-06-12T16:06:39.330000 -CVE-2025-4955,1,1,962cee29f822d69a2f21c0606639ab24445601b1ed0ade1b93280fab766be82f,2025-06-18T06:15:28.397000 +CVE-2025-4955,0,0,962cee29f822d69a2f21c0606639ab24445601b1ed0ade1b93280fab766be82f,2025-06-18T06:15:28.397000 CVE-2025-49575,0,0,5239212f6088f8e9f5d72981748315013281ee63030d12ad53f604f56fb5ce0a,2025-06-16T12:32:18.840000 CVE-2025-49576,0,0,d91dc4671dcd271f2349061a8890351137f780e1115b96e716a0a31c8aba01ac,2025-06-16T12:32:18.840000 CVE-2025-49577,0,0,28aa0b942534a5a538c80dbb8b7460e9323fd7179a5e937d1ba2f1eb56bd16ad,2025-06-16T12:32:18.840000 @@ -298134,6 +298135,7 @@ CVE-2025-5977,0,0,f1be6f85f13503775c495ea6cc25e73f56acbe00f921f8b9bd047e78e8e954 CVE-2025-5978,0,0,0dead1a357778d240f3ef63e07a94108270bf41eaba57dcb5df97505742c3c80,2025-06-12T16:06:29.520000 CVE-2025-5979,0,0,62f87aab912999e1a8c01e4f2d3083fff610fe2dfce4896415cd0de1f9a17fa5,2025-06-16T15:00:09.443000 CVE-2025-5980,0,0,8af030447f54b16e451333aa706668a1da67e0c666b6c363521b0e8683bf238c,2025-06-16T14:52:30.557000 +CVE-2025-5981,1,1,e4c58eb43ea09829bebd1a1cdae851d0a5fba24a5d716fd4703c47abbdf8bb60,2025-06-18T09:15:47.660000 CVE-2025-5982,0,0,d9487128b71b64381d82a652f7a1122df97e22510aec0c066c9d874bcd0cf999,2025-06-16T12:32:18.840000 CVE-2025-5984,0,0,9c065cc4f1bf71f29d217205fa1a3017b01589309492c87e21e29320e0443497,2025-06-17T20:34:36.177000 CVE-2025-5985,0,0,6bc7c20833bbb87d89e08ff2c433a1431f6002ad9972fe39c1f3aa9dac9d18ca,2025-06-17T20:34:19.473000