From 51b49ecce03fa3a425cafcf8ab17a6923f0ef475 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 6 Jun 2025 06:04:00 +0000 Subject: [PATCH] Auto-Update: 2025-06-06T06:00:20.510088+00:00 --- CVE-2011/CVE-2011-100xx/CVE-2011-10007.json | 10 +- CVE-2024/CVE-2024-469xx/CVE-2024-46941.json | 78 ++++++++++ CVE-2025/CVE-2025-365xx/CVE-2025-36513.json | 104 ++++++++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5714.json | 141 ++++++++++++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5715.json | 137 ++++++++++++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5716.json | 145 +++++++++++++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5719.json | 78 ++++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5721.json | 149 ++++++++++++++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5722.json | 145 +++++++++++++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5723.json | 145 +++++++++++++++++++ CVE-2025/CVE-2025-57xx/CVE-2025-5733.json | 64 +++++++++ README.md | 29 ++-- _state.csv | 28 ++-- 13 files changed, 1230 insertions(+), 23 deletions(-) create mode 100644 CVE-2024/CVE-2024-469xx/CVE-2024-46941.json create mode 100644 CVE-2025/CVE-2025-365xx/CVE-2025-36513.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5714.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5715.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5716.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5719.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5721.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5722.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5723.json create mode 100644 CVE-2025/CVE-2025-57xx/CVE-2025-5733.json diff --git a/CVE-2011/CVE-2011-100xx/CVE-2011-10007.json b/CVE-2011/CVE-2011-100xx/CVE-2011-10007.json index d96f878d1c6..3509f8de06a 100644 --- a/CVE-2011/CVE-2011-100xx/CVE-2011-10007.json +++ b/CVE-2011/CVE-2011-100xx/CVE-2011-10007.json @@ -2,7 +2,7 @@ "id": "CVE-2011-10007", "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "published": "2025-06-05T12:15:22.807", - "lastModified": "2025-06-05T21:15:21.663", + "lastModified": "2025-06-06T04:15:41.237", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -68,6 +68,14 @@ "url": "http://www.openwall.com/lists/oss-security/2025/06/05/4", "source": "af854a3a-2127-422b-91ae-364da2661108" }, + { + "url": "http://www.openwall.com/lists/oss-security/2025/06/06/1", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2025/06/06/3", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00006.html", "source": "af854a3a-2127-422b-91ae-364da2661108" diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46941.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46941.json new file mode 100644 index 00000000000..15a38788f13 --- /dev/null +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46941.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-46941", + "sourceIdentifier": "security@vivo.com", + "published": "2025-06-06T04:15:48.717", + "lastModified": "2025-06-06T04:15:48.717", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SystemUI has an incorrect component protection setting, which allows access to specific information." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@vivo.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "DIFFUSE", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@vivo.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] + } + ], + "references": [ + { + "url": "https://www.vivo.com/en/support/security-advisory-detail?id=17", + "source": "security@vivo.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-365xx/CVE-2025-36513.json b/CVE-2025/CVE-2025-365xx/CVE-2025-36513.json new file mode 100644 index 00000000000..963b8ed8ec1 --- /dev/null +++ b/CVE-2025/CVE-2025-365xx/CVE-2025-36513.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2025-36513", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2025-06-06T05:15:25.710", + "lastModified": "2025-06-06T05:15:25.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://i-pro.com/products_and_solutions/en/surveillance/solutions/technologies/cyber-security/psirt/security-advisories", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://jvn.jp/en/jp/JVN10964289/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5714.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5714.json new file mode 100644 index 00000000000..6fe4b3d71ba --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5714.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-5714", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T04:15:54.847", + "lastModified": "2025-06-06T04:15:54.847", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Solu\u00e7\u00f5esCoop iSolu\u00e7\u00f5esWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/lfparizzi/CVE-SolucoesCoop", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/lfparizzi/CVE-SolucoesCoop?tab=readme-ov-file#path-traversal-and-forced-navigation-abuse", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311235", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311235", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.579509", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5715.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5715.json new file mode 100644 index 00000000000..c0b4b41ac1b --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5715.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-5715", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T04:15:55.747", + "lastModified": "2025-06-06T04:15:55.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 1.0, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 3.8, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.4, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P", + "baseScore": 3.5, + "accessVector": "LOCAL", + "accessComplexity": "HIGH", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 1.5, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-304" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1tI0bC8X8546ActlzGlmSU-AhCdD950y4/view?usp=drivesdk", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311236", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311236", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.585069", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5716.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5716.json new file mode 100644 index 00000000000..f4831044c57 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5716.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5716", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T04:15:57.157", + "lastModified": "2025-06-06T04:15:57.157", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mysq13/CVE/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311238", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311238", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.590566", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5719.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5719.json new file mode 100644 index 00000000000..58f46205d79 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5719.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2025-5719", + "sourceIdentifier": "security@vivo.com", + "published": "2025-06-06T04:15:59.310", + "lastModified": "2025-06-06T04:15:59.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The wallet has an authentication bypass vulnerability that allows access to specific pages." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@vivo.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@vivo.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://www.vivo.com/en/support/security-advisory-detail?id=18", + "source": "security@vivo.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5721.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5721.json new file mode 100644 index 00000000000..a1371c1a76a --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5721.json @@ -0,0 +1,149 @@ +{ + "id": "CVE-2025-5721", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T04:16:00.297", + "lastModified": "2025-06-06T04:16:00.297", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-1-email-field-in-profile-setting", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311241", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311241", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.590569", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5722.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5722.json new file mode 100644 index 00000000000..922105a5bc0 --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5722.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5722", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T05:15:25.970", + "lastModified": "2025-06-06T05:15:25.970", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /script/academic/terms of the component Add Academic Term. The manipulation of the argument Academic Term leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-2-academic-term-field-in-academic-terms-page", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311242", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311242", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5723.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5723.json new file mode 100644 index 00000000000..67b78a407ca --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5723.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-5723", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-06-06T05:15:26.180", + "lastModified": "2025-06-06T05:15:26.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "NONE", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "PROOF_OF_CONCEPT", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/0xEricTee/CVE/blob/main/Research/Stored_XSS.md#field-3-class-name-field-in-classes-page", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.311243", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.311243", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-57xx/CVE-2025-5733.json b/CVE-2025/CVE-2025-57xx/CVE-2025-5733.json new file mode 100644 index 00000000000..f5909383f1a --- /dev/null +++ b/CVE-2025/CVE-2025-57xx/CVE-2025-5733.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2025-5733", + "sourceIdentifier": "security@wordfence.com", + "published": "2025-06-06T04:16:01.840", + "lastModified": "2025-06-06T04:16:01.840", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-201" + } + ] + } + ], + "references": [ + { + "url": "https://webnus.net/dox/modern-events-calendar/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/modern-events-calendar-lite/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e545b53e-7054-41dc-b69b-7552ef6c3240?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a70e8100df6..bc7d4eea265 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-06-06T04:00:19.319559+00:00 +2025-06-06T06:00:20.510088+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-06-06T03:15:26.820000+00:00 +2025-06-06T05:15:26.180000+00:00 ``` ### Last Data Feed Release @@ -33,27 +33,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -296627 +296637 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `10` -- [CVE-2024-22330](CVE-2024/CVE-2024-223xx/CVE-2024-22330.json) (`2025-06-06T02:15:21.310`) -- [CVE-2024-56342](CVE-2024/CVE-2024-563xx/CVE-2024-56342.json) (`2025-06-06T02:15:21.790`) -- [CVE-2024-56343](CVE-2024/CVE-2024-563xx/CVE-2024-56343.json) (`2025-06-06T02:15:21.943`) -- [CVE-2025-5709](CVE-2025/CVE-2025-57xx/CVE-2025-5709.json) (`2025-06-06T02:15:22.100`) -- [CVE-2025-5710](CVE-2025/CVE-2025-57xx/CVE-2025-5710.json) (`2025-06-06T02:15:22.283`) -- [CVE-2025-5711](CVE-2025/CVE-2025-57xx/CVE-2025-5711.json) (`2025-06-06T03:15:25.353`) -- [CVE-2025-5712](CVE-2025/CVE-2025-57xx/CVE-2025-5712.json) (`2025-06-06T03:15:26.607`) -- [CVE-2025-5713](CVE-2025/CVE-2025-57xx/CVE-2025-5713.json) (`2025-06-06T03:15:26.820`) +- [CVE-2024-46941](CVE-2024/CVE-2024-469xx/CVE-2024-46941.json) (`2025-06-06T04:15:48.717`) +- [CVE-2025-36513](CVE-2025/CVE-2025-365xx/CVE-2025-36513.json) (`2025-06-06T05:15:25.710`) +- [CVE-2025-5714](CVE-2025/CVE-2025-57xx/CVE-2025-5714.json) (`2025-06-06T04:15:54.847`) +- [CVE-2025-5715](CVE-2025/CVE-2025-57xx/CVE-2025-5715.json) (`2025-06-06T04:15:55.747`) +- [CVE-2025-5716](CVE-2025/CVE-2025-57xx/CVE-2025-5716.json) (`2025-06-06T04:15:57.157`) +- [CVE-2025-5719](CVE-2025/CVE-2025-57xx/CVE-2025-5719.json) (`2025-06-06T04:15:59.310`) +- [CVE-2025-5721](CVE-2025/CVE-2025-57xx/CVE-2025-5721.json) (`2025-06-06T04:16:00.297`) +- [CVE-2025-5722](CVE-2025/CVE-2025-57xx/CVE-2025-5722.json) (`2025-06-06T05:15:25.970`) +- [CVE-2025-5723](CVE-2025/CVE-2025-57xx/CVE-2025-5723.json) (`2025-06-06T05:15:26.180`) +- [CVE-2025-5733](CVE-2025/CVE-2025-57xx/CVE-2025-5733.json) (`2025-06-06T04:16:01.840`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2011-10007](CVE-2011/CVE-2011-100xx/CVE-2011-10007.json) (`2025-06-06T04:15:41.237`) ## Download and Usage diff --git a/_state.csv b/_state.csv index bdcaa338ba6..e5ad95aa67f 100644 --- a/_state.csv +++ b/_state.csv @@ -47847,7 +47847,7 @@ CVE-2011-10003,0,0,6412423cbcc1d2918013fc1df3cebbbcb3b7584426cce9ea1b9953240234b CVE-2011-10004,0,0,ec3da51d090457791c200e7f71e78a08f52c2aec5e3aab2bdb5915aa68bee988,2024-11-21T01:25:17.503000 CVE-2011-10005,0,0,627c8d48b59c9d04a5be3ca9721abb26f33a91af30259ed758e346cc8b2645eb,2024-11-21T01:25:17.667000 CVE-2011-10006,0,0,dd734ea71adfdfffdfb5628f909ca34f56f35c648e0de9eca7d4ff5e5f1df3de,2025-04-11T12:51:20.457000 -CVE-2011-10007,0,0,1112253be8356fd6ba190b7311992576a3a93493d224bb73d3d8cf8a177a4a00,2025-06-05T21:15:21.663000 +CVE-2011-10007,0,1,6962a55b1aab80e87d1c7a0c82160ab4ec4f8c96c7727325a3ab834ddb151ac6,2025-06-06T04:15:41.237000 CVE-2011-1001,0,0,11839c7b8e84067f9cb7b0fb6341ae801683b41bcddc1fb61a0d4d9d0b6749f0,2025-04-11T00:51:21.963000 CVE-2011-1002,0,0,d33347c721e3b89d36f002b1fe6013c7e41d667ea328068299497443349dd1dd,2025-04-11T00:51:21.963000 CVE-2011-1003,0,0,d7e1f3fe9a186593ca7a3a72b1b932ddf10706cfcc913dbcaa45bff48d214fa4,2025-04-11T00:51:21.963000 @@ -251814,7 +251814,7 @@ CVE-2024-22326,0,0,03ab7e593952b876b9cb339b704b2b46f23342f74868815306698c7dec3a4 CVE-2024-22328,0,0,98146e86883d2cf1f24ca1525304767c224ce80b2935a2d0c79d4752d146005b,2025-01-14T20:56:44.643000 CVE-2024-22329,0,0,7cc48c4964dc239d2c6bba4c47d6cf2b037f8a718ce338a4a15dd2fed9127379,2025-03-06T19:22:23.563000 CVE-2024-2233,0,0,2fea642ce3d14914965eae0cece785e4cceb2050ac4db1eacec76f3cdc7ea0d1,2024-11-21T09:09:18.773000 -CVE-2024-22330,1,1,b74005a55319f6ae8dea1b0406920f92ba072e3f1780b367ab7feb1ec2d67c01,2025-06-06T02:15:21.310000 +CVE-2024-22330,0,0,b74005a55319f6ae8dea1b0406920f92ba072e3f1780b367ab7feb1ec2d67c01,2025-06-06T02:15:21.310000 CVE-2024-22331,0,0,3835b96eb02af640aaa046eca31cb00be6e17050c69d5a96646d09b17e9a00b4,2024-11-21T08:56:04.093000 CVE-2024-22332,0,0,f9dfd1d3a871989aa0391494a54720c73e254d144bd83668196cb6405e1f7887,2024-11-21T08:56:04.243000 CVE-2024-22333,0,0,b3da8d04c5153e3fdba25de6efb92ef0161da6e1b68c8c638a08b61489e62910,2024-11-21T08:56:04.383000 @@ -270536,6 +270536,7 @@ CVE-2024-46936,0,0,8b90383cd17b05972139dd51260528d7de429165343a27e0f637b90d1d54a CVE-2024-46937,0,0,d5f32b3cddab159921daee092a94e4abd7655b1fb9295966ce6c0abdbf2c4704,2024-10-24T17:35:09.287000 CVE-2024-46938,0,0,8b4b4affa32c0cbd87e13612fba65244fd60ee500ac511fb6da9f8420258ca02,2024-09-20T18:15:10.590000 CVE-2024-46939,0,0,b38fd104d15bb555e6fe4b520952eb24d5dd854a2748488f8470e93ef0ec4eb4,2024-11-28T04:15:03.987000 +CVE-2024-46941,1,1,7ac1295cb5a356628044085f34ad5ba09f7b7f0cf7873698b5abf43b11a8dcc9,2025-06-06T04:15:48.717000 CVE-2024-46942,0,0,40d44cce7ab46d5125a0047deedf2c1db1ce7b2bb78e48d8ea29206d2f37f23d,2025-03-14T19:15:47.533000 CVE-2024-46943,0,0,9e33ddcf657c60af51e9f608ff73a5fa960b1aca6307108982621af4ff97025e,2025-03-14T19:15:47.707000 CVE-2024-46946,0,0,a4e07dc5ad75fbae4520cef9e33c0e117d786edf5f3362d441ee46603ff6340e,2024-09-20T12:30:17.483000 @@ -277220,8 +277221,8 @@ CVE-2024-56338,0,0,4dc84d85d1d4c34745a0186b7368986a5e4779a39c54f58e3297e7741d876 CVE-2024-5634,0,0,a3b1c7a96781d36c1038c26ab5a2d267e349913830cb93adfed7285bdb2a684b,2024-11-21T09:48:03.610000 CVE-2024-56340,0,0,9b453f173d43e3f7b37887ea91bdbb36629dfe55ccdad720659cf38188277eaa,2025-02-28T03:15:10.363000 CVE-2024-56341,0,0,c8da1f15ba5d7868dd70dc6a1bbb0bb76f16fdf3368030fab34e5ce4733a4946,2025-04-07T14:18:49.830000 -CVE-2024-56342,1,1,96ce87bfb47cfce074f16cbec78fb1f6e1b70395c4aea9fee8d85bdadce954b9,2025-06-06T02:15:21.790000 -CVE-2024-56343,1,1,7c3d3a978386dcf22f6c859122554192c8b8d0bd9e8afba8481e21237526c72a,2025-06-06T02:15:21.943000 +CVE-2024-56342,0,0,96ce87bfb47cfce074f16cbec78fb1f6e1b70395c4aea9fee8d85bdadce954b9,2025-06-06T02:15:21.790000 +CVE-2024-56343,0,0,7c3d3a978386dcf22f6c859122554192c8b8d0bd9e8afba8481e21237526c72a,2025-06-06T02:15:21.943000 CVE-2024-56346,0,0,fd1df2e02fb2746764d74d8e4f208253efc23632d23d644f29c3211d870b9254,2025-03-18T17:15:44.173000 CVE-2024-56347,0,0,452693105314a427797e537553e535a62415f6b1b1070e835942056a8c55ff52,2025-03-18T17:15:44.470000 CVE-2024-56348,0,0,8aaa2ba55d8fe9db8a92a2d0ab499d623c381253cc0adc64426705df2faaf22a,2025-01-02T18:51:41.037000 @@ -293085,6 +293086,7 @@ CVE-2025-3647,0,0,d085366814e191fa929649b449c3c94db9fdfb290fac2614b251f62d5616ef CVE-2025-3649,0,0,df5be861cb9901de2ff346df6053edd181ced31f9d06ef10ebd9788e09b37197,2025-06-05T14:27:28.437000 CVE-2025-36504,0,0,30afeffa7b8ef5e478f29856811f9be90f1ece9e22dbe373c856a36c842492cb,2025-05-08T14:39:09.683000 CVE-2025-3651,0,0,30e087cb1671b81c1bf0c1d2a4d51e77f706a32948b7aa67dbe7688506dce698,2025-04-17T20:21:48.243000 +CVE-2025-36513,1,1,8a512964bb90d307762b1231a66d6057fd723922e20492e123c6128a1f375770,2025-06-06T05:15:25.710000 CVE-2025-36521,0,0,76dbe5c9e005eebc45d03f4e270884a68d88e62c1e707e433be80dfc20224dd6,2025-05-02T13:52:51.693000 CVE-2025-36525,0,0,304058dc6057ec0d8f22d43f92f7c943e71e5e18bc158b199ea34013a3ed45ac,2025-05-08T14:39:09.683000 CVE-2025-36527,0,0,020ac4647f700215df1a929fd367ca00f7a928aa1186e2cc968570239b95437f,2025-05-23T15:54:42.643000 @@ -296620,9 +296622,17 @@ CVE-2025-5705,0,0,0ff358d25cdbb96d1c496b09520f013c9f6b28418dd17b468ae2205989a211 CVE-2025-5706,0,0,69c700685b786445db1c34156db2d8aaab66cbb1389db417b2eef29b7620471b,2025-06-06T01:15:25.233000 CVE-2025-5707,0,0,f4593f842da197a203ef3a1f4001e4a533245929a189587ec24de709f5bef4fc,2025-06-06T01:15:25.440000 CVE-2025-5708,0,0,bd1bb4b05969bea723151eac155c7e23970334229192788accb8a41f85a57d9a,2025-06-06T01:15:25.630000 -CVE-2025-5709,1,1,78c8376c46174c753a08caad1aee97c9100e8540cd75c14c823fafc54b09e3a2,2025-06-06T02:15:22.100000 -CVE-2025-5710,1,1,a4986961ebccf1c24aaef38468ee4c037385b5ea06c111b45687d9f4d4895291,2025-06-06T02:15:22.283000 -CVE-2025-5711,1,1,1cbcff38819e4b0de061a1e070f8ba26efe4081b1dd87e928b9890c4ea932a8a,2025-06-06T03:15:25.353000 -CVE-2025-5712,1,1,ee9e7789cb5702291be6cc02ae0ee2cf59d33cf8f17551fc654883c0c0fa095a,2025-06-06T03:15:26.607000 -CVE-2025-5713,1,1,d5230e66b12296377504b357aeb57df100cb8735f6970717192be22c1778c708,2025-06-06T03:15:26.820000 +CVE-2025-5709,0,0,78c8376c46174c753a08caad1aee97c9100e8540cd75c14c823fafc54b09e3a2,2025-06-06T02:15:22.100000 +CVE-2025-5710,0,0,a4986961ebccf1c24aaef38468ee4c037385b5ea06c111b45687d9f4d4895291,2025-06-06T02:15:22.283000 +CVE-2025-5711,0,0,1cbcff38819e4b0de061a1e070f8ba26efe4081b1dd87e928b9890c4ea932a8a,2025-06-06T03:15:25.353000 +CVE-2025-5712,0,0,ee9e7789cb5702291be6cc02ae0ee2cf59d33cf8f17551fc654883c0c0fa095a,2025-06-06T03:15:26.607000 +CVE-2025-5713,0,0,d5230e66b12296377504b357aeb57df100cb8735f6970717192be22c1778c708,2025-06-06T03:15:26.820000 +CVE-2025-5714,1,1,f325293e0bdf11a2d38c8fe0b7d300abfe06a4c48eb29d4e6740ddedc26323da,2025-06-06T04:15:54.847000 +CVE-2025-5715,1,1,c549dedf8f18a31a17db5b0d12ac2c0f1758259cc84d6914876e1b910f2f066e,2025-06-06T04:15:55.747000 +CVE-2025-5716,1,1,05ff8b0d50f12fc788cd1a5b5ea78ab1cb92e4f2bf9d52de36a876188c5bb048,2025-06-06T04:15:57.157000 +CVE-2025-5719,1,1,3365d07b7e5244b36ebf3c7bbd556f60e4dbcd5f59cc57d85eb20811268f6c41,2025-06-06T04:15:59.310000 +CVE-2025-5721,1,1,acdc1323104c8cc68eca290c87ee12b78e828ea873146b345ae84261c9b36539,2025-06-06T04:16:00.297000 +CVE-2025-5722,1,1,65a4a236210b7d71e031a5f5f15f548284ef2ad5496ba10919780942893e7304,2025-06-06T05:15:25.970000 +CVE-2025-5723,1,1,0907f9f8fe7d9c18c43315b01a0ef8041cb166ff8c26b47419c61da0483b148c,2025-06-06T05:15:26.180000 +CVE-2025-5733,1,1,c5f5665f9dab87dd0d97339541a9cd2f4bf8981198cfcb514e8a85cacbcd9a75,2025-06-06T04:16:01.840000 CVE-2025-5745,0,0,a48c97f3295325ba0b67cceb39fcc754c3ef6872892d5057110c8e62080215c2,2025-06-05T21:15:23.023000