Auto-Update: 2025-03-23T00:55:20.307464+00:00

2025-05-07 19:16:29 +00:00 · 2025-03-23 00:58:51 +00:00 · 2025-03-23 00:58:51 +00:00 · 4799f7e847
commit 4799f7e847
parent e811eeac3a
3 changed files with 150 additions and 10 deletions
--- a/CVE-2025/CVE-2025-26xx/CVE-2025-2637.json
+++ b/CVE-2025/CVE-2025-26xx/CVE-2025-2637.json
@ -0,0 +1,141 @@
+{
+  "id": "CVE-2025-2637",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-03-23T00:15:26.223",
+  "lastModified": "2025-03-23T00:15:26.223",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as problematic, has been found in JIZHICMS up to 1.7.0. Affected by this issue is some unknown functionality of the file /user/userinfo.html of the component Account Profile Page. The manipulation of the argument jifen leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "NONE",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "NONE",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+          "baseScore": 4.0,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE"
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-266"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-285"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/H3rmesk1t/vulnerability-paper/blob/main/jizhiCMS-1.7.0-Incorrect%20Access%20Control.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.300638",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.300638",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.519632",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-03-22T23:00:19.493693+00:00
+2025-03-23T00:55:20.307464+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-03-22T22:15:12.160000+00:00
+2025-03-23T00:15:26.223000+00:00
 ```

 ### Last Data Feed Release
@ -33,16 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-286227
+286228
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `1`

- [CVE-2025-2626](CVE-2025/CVE-2025-26xx/CVE-2025-2626.json) (`2025-03-22T21:15:36.817`)
- [CVE-2025-2627](CVE-2025/CVE-2025-26xx/CVE-2025-2627.json) (`2025-03-22T21:15:36.997`)
- [CVE-2025-2628](CVE-2025/CVE-2025-26xx/CVE-2025-2628.json) (`2025-03-22T22:15:12.160`)
+- [CVE-2025-2637](CVE-2025/CVE-2025-26xx/CVE-2025-2637.json) (`2025-03-23T00:15:26.223`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -285362,12 +285362,12 @@ CVE-2025-2622,0,0,91ac5bc22af896f8580271a5c082c15d7c55661c47f4bf5397d39b48166a2d
 CVE-2025-2623,0,0,ea0c57bd044f13afbd3c8183e71a50223508ddf4470ee6c0234a42a5935cf3ba,2025-03-22T18:15:12.497000
 CVE-2025-2624,0,0,b5d01a34ccbff70259859813976d70c3ae1ba93ef3a4beac5f6d58fa05b64ab5,2025-03-22T19:15:34.450000
 CVE-2025-2625,0,0,acd8f4429f11a8c768070301e144a83ff45e9d43d154e3cfc9e4c033b219ab5b,2025-03-22T20:15:12.470000
-CVE-2025-2626,1,1,bd809ef9f1569d1ef58fb15a2071738d0364bc2938e1d4622c2a2f38768ec711,2025-03-22T21:15:36.817000
+CVE-2025-2626,0,0,bd809ef9f1569d1ef58fb15a2071738d0364bc2938e1d4622c2a2f38768ec711,2025-03-22T21:15:36.817000
 CVE-2025-26260,0,0,d87498df9911f6ec3fcf716c1acf728dc302a17a13c2bad4d77a68a80619f6a0,2025-03-19T19:15:46.987000
 CVE-2025-26263,0,0,87852969ca209a829a551b3d11cffebf3ca020061fd4d362c34f3d6a1719258e,2025-03-19T14:15:39.293000
 CVE-2025-26264,0,0,7eeeb1b8e87d7e06484f4d071bc6d32b977cfa79c395c4fbca1cefbdfdd35c84,2025-03-19T14:15:39.440000
-CVE-2025-2627,1,1,4daf5960dd225ccfb1575a0d3cd91b0950dbd7a3d541f2e3404563a63660f454,2025-03-22T21:15:36.997000
-CVE-2025-2628,1,1,a0ac1366c5190a01fca0374fb7accfd9612444330c98a0038e866f4efdfa533e,2025-03-22T22:15:12.160000
+CVE-2025-2627,0,0,4daf5960dd225ccfb1575a0d3cd91b0950dbd7a3d541f2e3404563a63660f454,2025-03-22T21:15:36.997000
+CVE-2025-2628,0,0,a0ac1366c5190a01fca0374fb7accfd9612444330c98a0038e866f4efdfa533e,2025-03-22T22:15:12.160000
 CVE-2025-26304,0,0,70c8f37d4db2054dfe1099a4a2c4b06129c826d4de254465b9316b6b41e402d7,2025-02-21T21:15:24.653000
 CVE-2025-26305,0,0,1a1d603a79ab0dad9b04f449d78f3a3bb9f5de25113a59f9bb3a8e492946e3de,2025-02-21T21:15:24.803000
 CVE-2025-26306,0,0,f6318b29dc3c8fcf62d8d059c582dc4ed277312d31ede047e5262baa26bd01da,2025-02-24T18:15:21.357000
@ -285415,6 +285415,7 @@ CVE-2025-26366,0,0,791459512be83b7fc0ade0a1c646586bc122ab878822f19fa4a4996b21043
 CVE-2025-26367,0,0,192446302caaccc3a8935e030b7cf39ec46e9d6744921fa9ae9a4afbae377639,2025-03-03T22:10:39.357000
 CVE-2025-26368,0,0,49c1a4ea04d256772db98bc336eb92f454713116ba6a6617ece21dd6f9957c85,2025-03-03T22:11:28.123000
 CVE-2025-26369,0,0,409cccb6d85f0d0e89130b7b1bb9fadf3b9dcae0a6ed481d428a29d672802669,2025-03-03T22:11:42.140000
+CVE-2025-2637,1,1,85f3e286eb9d7fa56c622ff7c46a5cf8a669c6b8fe70861fe7bfc78d6561d6ff,2025-03-23T00:15:26.223000
 CVE-2025-26370,0,0,bbb2d9fb4c0649126ad0d0a3c98d217a6344733d746a48a9e3d9d92e5e0ecd29,2025-02-12T14:15:37.940000
 CVE-2025-26371,0,0,0dee0bce21e1da68ea270b9b5f43862dc11484119f532f0cd0ddc57c5f426487,2025-03-03T22:11:52.920000
 CVE-2025-26372,0,0,de2a693b58e4aceb43078b6b71ca42b9ef9fc3b5d2d8c334ca012461b3455e72,2025-03-03T22:12:13.660000