Auto-Update: 2025-06-11T08:00:19.859810+00:00

2025-06-19 17:31:42 +00:00 · 2025-06-11 08:03:56 +00:00 · 2025-06-11 08:03:56 +00:00 · 4eec4f6f15
commit 4eec4f6f15
parent 3a9b037524
4 changed files with 171 additions and 10 deletions
--- a/CVE-2024/CVE-2024-352xx/CVE-2024-35295.json
+++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35295.json
@ -0,0 +1,100 @@
+{
+  "id": "CVE-2024-35295",
+  "sourceIdentifier": "productcert@siemens.com",
+  "published": "2025-06-11T07:15:24.273",
+  "lastModified": "2025-06-11T07:15:24.273",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025). The maintenance connection of affected devices fails to protect access to the device's control unit configuration. This could allow an attacker with physical access to the maintenance connection's door port to perform arbitrary configuration changes."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.2,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "NONE",
+          "vulnIntegrityImpact": "HIGH",
+          "vulnAvailabilityImpact": "HIGH",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "productcert@siemens.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "productcert@siemens.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-306"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-771113.html",
+      "source": "productcert@siemens.com"
+    }
+  ]
+}
--- a/CVE-2025/CVE-2025-53xx/CVE-2025-5395.json
+++ b/CVE-2025/CVE-2025-53xx/CVE-2025-5395.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2025-5395",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2025-06-11T07:15:24.800",
+  "lastModified": "2025-06-11T07:15:24.800",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://codecanyon.net/item/wordpress-automatic-plugin/1904470#item-description__changelog",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57be67fd-8485-495f-b5e9-6eb52af945b7?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-06-11T06:00:19.642510+00:00
+2025-06-11T08:00:19.859810+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-06-11T04:15:59.223000+00:00
+2025-06-11T07:15:24.800000+00:00
 ```

 ### Last Data Feed Release
@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-297701
+297703
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `2`

- [CVE-2025-4666](CVE-2025/CVE-2025-46xx/CVE-2025-4666.json) (`2025-06-11T04:15:53.280`)
- [CVE-2025-4798](CVE-2025/CVE-2025-47xx/CVE-2025-4798.json) (`2025-06-11T04:15:58.497`)
- [CVE-2025-4799](CVE-2025/CVE-2025-47xx/CVE-2025-4799.json) (`2025-06-11T04:15:59.223`)
+- [CVE-2024-35295](CVE-2024/CVE-2024-352xx/CVE-2024-35295.json) (`2025-06-11T07:15:24.273`)
+- [CVE-2025-5395](CVE-2025/CVE-2025-53xx/CVE-2025-5395.json) (`2025-06-11T07:15:24.800`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -261612,6 +261612,7 @@ CVE-2024-35291,0,0,68f25d86268f0841afdd1d14b56353ce2ee5e6517f604738d19dca536b9e9
 CVE-2024-35292,0,0,6e5c4c8222f0d63eb4c4c2f99f4d66e32d119335c8846bea5247c5b2542fe5f0,2024-11-21T09:20:05.477000
 CVE-2024-35293,0,0,55ecab019b9bc05e17fb9740f75542540a9b2311e66fb192268f9d57609b2845,2024-10-04T13:50:43.727000
 CVE-2024-35294,0,0,1c6f1605fc3c9904bc421a18ad31d4464fc1e4554d4917d8dd1c25b7a0d024c6,2024-10-04T13:50:43.727000
+CVE-2024-35295,1,1,4e6a4972a9791fa6fb6efbb867221cf3eecca27a6ccec8ecd30f5c7dd99cfccc,2025-06-11T07:15:24.273000
 CVE-2024-35296,0,0,8eeaaf70f1e278aae70095c59c0f6e6d8374adc16444eb79c302ddf5c2754a61,2025-03-27T16:15:23.977000
 CVE-2024-35297,0,0,23e69c7fa8758d2839ba0f21232e1c70c9a4debd79526bb77618b215f0e86ca8,2024-11-21T09:20:05.907000
 CVE-2024-35298,0,0,fa7788bf317a71a84bf8146795eafa26bcb4ed57f180f49f693caedd58415924,2024-11-21T09:20:06.100000
@ -295531,7 +295532,7 @@ CVE-2025-46654,0,0,3e5c0a3c4a79c9d9b8076fac65c707d8d6930d0e6d7283094866d4509cce8
 CVE-2025-46655,0,0,34630625faf28d1a43b5cdb5fca99ebd8a91139b3a9b9f2e1d3fba1d80e58054,2025-04-29T16:15:37.440000
 CVE-2025-46656,0,0,88d2e959cac4cda5103c704a18b5a278dfdfbb63d41e023dbd311e14a8416d7e,2025-04-29T16:15:37.573000
 CVE-2025-46657,0,0,4b6d658b20503b01465fb89f1f4e404ee10732b42838e3f3a51606289348610b,2025-05-12T19:07:34.390000
-CVE-2025-4666,1,1,f9c3388db76630d24cab2b134dbf052b409644df9733b560b3464a16768bf5f8,2025-06-11T04:15:53.280000
+CVE-2025-4666,0,0,f9c3388db76630d24cab2b134dbf052b409644df9733b560b3464a16768bf5f8,2025-06-11T04:15:53.280000
 CVE-2025-46661,0,0,7cead739e8fdbba0910b220a6a991cddda4fef2ad210bf90609b23607a61811c,2025-05-12T19:30:05.340000
 CVE-2025-46672,0,0,709afab665ee0752391e30a79a351f5c75745da06d0812adb7adf96e8ee837e0,2025-05-29T15:48:16.540000
 CVE-2025-46673,0,0,d9f236b7d4dcd48ec96327716bded636b95944fd7cc42e606d5697ba15c5f0c8,2025-05-29T14:02:33.393000
@ -296392,8 +296393,8 @@ CVE-2025-47968,0,0,4314a68d409dc7562d60e3a5f0de73add7fb3e3239cd4b56a3ee7ee04abfc
 CVE-2025-47969,0,0,adaea1d826647359288575593192861c3dcfa58fd1235fb0f2afb4f9bbb45c64,2025-06-10T17:24:15.183000
 CVE-2025-4797,0,0,7955c65d02ae59cf8e91f669d1ef33f935d7dc4278caacac2c860c6a07f32d1d,2025-06-04T14:54:33.783000
 CVE-2025-47977,0,0,4f0da15be23d5e751f020adff860f3c3600eefecc4f18b0fdaccee2aa66bd710,2025-06-10T17:24:17.200000
-CVE-2025-4798,1,1,de332ded68d0c49843d7d5c7915ee47a19e60bc1ff9f02b8938c5dc3f68e0a2c,2025-06-11T04:15:58.497000
-CVE-2025-4799,1,1,83f9d876acafb5caef0fc86233e5240c7c290c3c114cfa1627c1c4b18ac56d69,2025-06-11T04:15:59.223000
+CVE-2025-4798,0,0,de332ded68d0c49843d7d5c7915ee47a19e60bc1ff9f02b8938c5dc3f68e0a2c,2025-06-11T04:15:58.497000
+CVE-2025-4799,0,0,83f9d876acafb5caef0fc86233e5240c7c290c3c114cfa1627c1c4b18ac56d69,2025-06-11T04:15:59.223000
 CVE-2025-4800,0,0,9318c6df70d36b773d7fc889153c4ccced0bd2fc6ace455b4d54f9e1c185a4a9,2025-05-28T15:01:30.720000
 CVE-2025-48009,0,0,9bbf54dd866dd4de365cacd3cc58cc80c0cc2d2ba8fbdc821eac253715a62cf9,2025-06-10T15:29:32.900000
 CVE-2025-4801,0,0,fc6ec83b7f99dbba6d1228da70489464cc23b7a30d8f01ad6791644a180c4530,2025-06-10T16:15:42.923000
@ -297303,6 +297304,7 @@ CVE-2025-5387,0,0,65ec5c965e0aa55c8047ca231400a6ecd9307463295059e1349de0bd80976c
 CVE-2025-5388,0,0,a0253f0c3333e57e30f53ca748c2f786064d252af030391460f61763742994dc,2025-06-02T17:32:17.397000
 CVE-2025-5389,0,0,260909efcc6b6b292bffdc65b5b0e9633781d0b5c8c5ea87a3dce1c6319b67ab,2025-06-02T17:32:17.397000
 CVE-2025-5390,0,0,039345fdea46e1731d2841f7a4397db225f36b8f7cd62f23d1ae898d97067564,2025-06-02T17:32:17.397000
+CVE-2025-5395,1,1,7bfcea634fa6688a6312a7ef9f4a96a773ade20859bf5e7d0e416741c2413713,2025-06-11T07:15:24.800000
 CVE-2025-5399,0,0,0ecebfde69eb11c2808a3eee614685de2e5fb1417c4788dd2b728d39b531d7cf,2025-06-09T14:15:23.470000
 CVE-2025-5400,0,0,7cd289b1f8796f433468abfa83e965b2ae8c6d02300bfc34aeb9a97484dcc2f7,2025-06-02T17:32:17.397000
 CVE-2025-5401,0,0,7191cee0bc77ec5bd67bfc250972477b89f2f18db54f39596b26be9c1bb1595c,2025-06-02T17:32:17.397000